5 Deadly Information Security Mistakes to Avoid

by Sarah Harvey / July 28th, 2017

Learning to swim ahead of the latest threats in information security is important for avoiding a devastating run-in with a malicious attacker. So, we’ve compiled some exclusive advice from our expert security professionals that dispels common misconceptions about information security by outlining some of the deadliest information security mistakes your organization must avoid. Protect your sensitive assets and prevent a data breach from happening at your organization by avoiding these five mistakes:

1. Thinking Compliant Means Secure

Looking at recent data breaches, there’s one thing that most of the compromised companies had in common – they were compliant with one regulation or another. A common misconception is thinking that because we’re compliant, we’re automatically secure. Focusing on security at your organization is the best approach to ensure a proper defense against a malicious attack. Once you’re secure, compliance will fall into place.

2. Insufficient Network Segmentation

A common issue we see when reviewing an organization’s security posture is a lack of network segmentation. Flat networks fail to use the network architecture as part of a risk reduction strategy, inadvertently widening your scope and leaving you more susceptible to an attack. Properly segmenting your network limits access to any sensitive sub-networks and internal networks by least privilege.

3. Thinking of Information Security Audit as a Cost Center

No one likes hearing the word “audit”, especially from a top client. However, one of the biggest mistakes that organizations make is viewing a third-party information security audit as a cost center. Thinking of an audit as an investment can help your organization avoid costly fines associated with data breaches and/or non-compliance and give you a competitive advantage by already having your security controls validated. Information security should be seen as a holistic approach and not a one-time achievement.

4. Insufficient Defense in Depth

System hardening is a dangerous thing to overlook. When securing your network, it’s important to implement several types of controls to create a layered defense, or defense in depth. That way, if one mechanism fails, there will be another one in place to defend against a malicious attack. Some examples of controls that can be used in combination to harden your systems and networks include a strong perimeter firewall, IDS to monitor network traffic for a potential attack, anti-virus software, and physical access controls.

5. Weak Patch Management

We’ve seen this numerous times this year – organizations failing to update critical patches are slammed with some form of malware. Patch management is a requirement under most regulations and important as attackers will target known vulnerabilities.

Don’t let your organization be an easy target for an attack and be sure you’re avoiding these 5 deadly information security mistakes. For help assessing your organization’s current security posture, contact us today!

More Resources

10 Ways to Conduct Patch Management

Hardening and System Patching

Creating Effective Network Diagrams and Data Flow Diagrams