The very nature of IT jobs is that they come with a regular set of goofs and boo boos. Most mistakes are benign or are easy to recover from, and few are grounds for firing. Otherwise, there would be lots of empty desks at companies and tons of experienced, trained, and knowledgeable tech workers in unemployment lines. But a few cyber security mistakes will definitely land you in hot water. Here are a few you should avoid like the plague.
1. Acting Like Every Vulnerability is THE END
Finding a security vulnerability does not mean the end of life as we know it. Most of the time, IT finds it before an attacker does, and everything is fixed before any damage is done.
While a smart IT pro will be able to recognize and secure actual threats to systems and the network, only a newbie would (theoretically) cry wolf at every vulnerability identified. Most are found by IT far before an intruder stumbles upon it, and can be closed without a problem. Don’t put everyone on high alert when there really isn’t a problem.
2. Keeping the Same Admin Password For-ev-er
A real problem is using the same admin password month after month, year after year. Along the same lines, allowing someone (anyone) to use an admin password is completely unacceptable. Even jotting it down on a scrap of paper opens up possibilities you don’t want to consider. Keep your admin password to yourself, and create a new one about once per month. Don’t even whisper it in your sleep.
3. Leaving the Firewall Floodgates Open After Troubleshooting a Problem
Security professionals who go help companies after a data breach tell horror stories of IT workers who put the firewall settings on “Any” “Any” for troubleshooting purposes, and then forgot to reset it when everything was fixed. Firewalls typically come with the highest security settings by default, so it’s blatantly obvious when those have been changed. This is a pink slip waiting to happen.
4. Using Your Business Passwords for Other Websites
All of the security in your department is only as good as how well you develop, change, and protect your passwords.
Do you double up on passwords so you’ll have fewer to remember? Maybe using the same one for LinkedIn, Twitter, Facebook, your online gaming community, and, oh, say the corporate network? Don’t. Social networks and other websites get hacked more often than you’d like to think (and they would like to admit). Hackers then use those same passwords to check other systems you have access to, and bingo! With your profile and password, you’ve led them directly to your front door and unlocked it for them.
5. Using Actual Data in Test Situations
Test systems are by nature insecure. These systems are not protected the same way, accessed with the same caution, or treated with the reverence that real data is, and should be. Testers often share passwords, transmit test data over insecure systems, and other things that would horrify your security officer. Be sure your test data is as fake as the eyelashes on a department store mannequin so that if (when) it gets compromised, there are no real consequences. In many cases, it may be a violation of company, industry, or government policy to use real data in test systems, anyway.
6. Invading the Privacy of Others (Especially the Top Brass)
If you aren’t supposed to read it, don’t read it, even if you could. IT folks who poke around into confidential reports or the personal privacy of other workers are not to be trusted — and companies have no qualms about dropping the ax on these snoops.
7. Completely Ignoring an Unfolding Security Breach
Carefully read the news next time there is a significant data breach at a company. You will almost always notice that the intruders had access to the system for weeks, if not months, before the attack was recognized and thwarted (or the hackers got what they wanted and just left). While suffering a data breach won’t necessarily cost you a job, ignoring or failing to recognize one in progress for an extended period of time will.
8. Blocking the Big Honcho’s Access to Any System
It doesn’t really matter if the CEO has exactly zero work to do in a particular system. (S)he better have access, or else.
If the CEO tries to get into a system — no matter how far removed it is from his/her job — and can’t, there will be heck to pay for the poor IT person who blocked access. Make sure the head honchos can get into any system, every system, any time, anywhere, period. Your job very well could depend on it.
9. Causing a Failure to Any Mission-Critical System
A lot of IT mistakes are understandable and forgivable, so long as critical systems are kept up and running all the time, no matter what. Even in the midst of a massive data breach or a devastating natural disaster, all the top brass will want to know is if those critical business systems are operational. Make sure you don’t kill one of those in your daily bumblings, and you’ll probably be alright with an occasional goof or blunder.
One thing you can do to protect your job, your systems, and your IT career is to back up systems regularly and thoroughly, and to have a solid disaster recovery plan in place “just in case”. Backbox is your solid solution. Learn more about Backbox and how it can improve your IT operations today.