The Ten most horrible Security Mistakes by IT Professionals
1. by means of unencrypted protocols for organization systems, firewalls, routers, and PKI.
2. Giving users passwords over the phone or exchanging them when the requester is not legitimate.
3. Failing to preserve and test backups.
4. Running avoidable services.
5. Implementing firewalls with regulations that do not prevent unsafe incoming or Outgoing traffic.
6. Connecting systems to the Internet before hardening them
7. Connecting test systems to the Internet with default accounts/passwords
8. Failing to update systems when security holes are establish
9. Failing to implement or update virus detection software
10. Failing to instruct users on what to do when they see a possible security problem