Top 5 Worst Security Practices

Top 5 Worst Security Practices

Top 5 Worst Security Practices

Top 5 Worst Security Practices
When it comes to security the basic and most common security practices work far better than any security product advertises and this is the reality that seasoned security professionals live in. This isn’t going to change for security anytime soon and you can expect the status quo for security of purchasing and deploying products that will never live up to their claim of protection to continue. We hope to be a voice of reason for security by shedding some light on the issue with the top 10 widespread security practices and products that aren’t providing the level of protection you would assume.


1. Antivirus scanners will not uncover actual attackers
Hackers put out millions  of new malware programs each month, far too many for any single antivirus program to reliably detect. This persists despite claims from nearly every antivirus vendor that they reliably detect 100 percent of the common malware submitted to them. They can show you their multiple awards attesting to their incredible accuracy, but this is just simply not pragmatic.

2. Firewalls are not effective
Businesses often put a unrealistic sense of criticality on firewalls but they are actually becoming less relevant than antivirus software. The vast majority of compromises and breaches don’t start at the firewall but originate from deceiving end-users into running a forbidden program or circumventing a security practice on their systems, thus invalidating firewall protection. Moreover, most malware reaches back to their command and control servers using using port 80 or 443, which is always open outbound on the firewall.

3. Patch management isn’t happening
Today the top security advice you could give anyone is to patch their systems and applications. All software has multiple vulnerabilities and must be patched. Despite the existence of more than a dozen patch management systems that promise perfect updates, for whatever reason, it appears it can’t be done. Don’t get me wrong patch management isn’t easy and it is especially hard for large enterprises but that doesn’t discard its importance. The time and money invested in developing a robust patch management solution and process is a magnitude cheaper compared to a breach.

4. The bulk of end-user security awareness sucks
If security awareness training was working then the growing demand for security professionals wouldn’t be nearly as high. Social engineering, which trick end-users into running malicious programs, are the biggest threat by far. Most end-users readily give up all privacy to any application or social media portal, and they do it without any thought of the fallout, which includes greatly increasing their likelihood of becoming a target and succumbing to social engineering. We have a lot of room for improvement in the area of security awareness.

5. Password strength isn’t enough
Create a strong password, one that is long, complex, and frequently changed. Wrong and taxing. Users should be educated to create a passphrase as they are much stronger and proven to be far easier to remember (e.g. The password “Youstilloweme$15forthatDolphin” is just the phrase “You still owe me $15 for that Dolphin”). The traditional motto for strong passwords is often ignored by users and the bigger problem now is that most hackers don’t care now either. They trick an end-user into running a malicious program, get admin access, harvest the password hashes, then reuse them. A password hash is a password hash, and one from a strong password looks and feels no different than one from a weak password.

The basics work. Good security doesn’t stop with just an anti-virus client and a perimeter firewall. It must encompass a solid knowledge of your environment, your users and the threats arrayed against them. By using a layered approach, organizations are able to better manage security threats.

Looking for more information?

Fill out the form below to contact us.

5 + 10 =

Share This

Share this post with your friends!

Remember Me