_________________________________________________________

Common IT Mistakes Made to Meet Security Compliance

Posted by Peter Heinicke on Wed, Apr 07, 2010 @ 10:47 AM

Companies often make mistakes when rushing to meet regulatory compliance deadlines. You should be careful to ensure you don't weaken your company's security in the process. Below are 5 of the most common ways companies make these security missteps:

  1. Botched Multi-factor Authentication - Many companies acknowledge that the old "Username/Password" log in isn't secure, however a good amount of them don't implement multi-factor authentication properly. In an attempt to hurry through this or implement override exceptions they can end up spending huge amounts of money on being even less secure than they previously had been.
  2. Lack of Research - Implementing any "do-able" software in order to become compliant can end up costing you on the back end. Do your research ahead of time to make sure the technology is up to par with what your organization needs and expects.
  3. Retrofit Fail - Implementing a new security tool that isn't compatible with your current system is a common error and can end up causing big headaches later. Whenever you implement a new software solution you should simultaneously implement security from the beginning, and when implementing it later be sure to verify compatibility.
  4. Extremism for Compliance - Don't let fear lead to extreme "blanket" measures that make the situation worse - or have no benefit to your staff.
  5. Poor Data Gathering Processes - Gathering data and not using it properly or gathering the wrong data and failing to establish business intelligence will result in a waste of time and money.

The best way to avoid these errors is to slow down and take careful stock of where your company's greatest risks are. From there do your research of the security tools available to purchase.

In addition to avoiding a "rushed" implementation of security tools, don't forget to protect your company's privacy from computer forensics. A couple of great options include:

  • CCleaner - This freeware is downloadable from the internet and can help you clean out many areas of your computer including: temporary files, Internet history, download history, your recycle bin, recent documents, windows log files and more. Learn more about this product at www.ccleaner.com.
  • Derik's Boot and Nuke - If you're looking to recycle or donate old computers to charity and want to ensure all data is erased this can be a good option. However, DO NOT USE THIS PROGRAM UNLESS YOU ARE KNOWLEDGEABLE ABOUT COMPUTERS - IT CAN TURN YOUR COMPUTER INTO A ROCK. This program quickly and completely erases all hard drives. Learn more at www.dban.org.

For more information about Security Missteps click here.

Tags: ERP systems, PCI Compliance, Credit Card Processing, Accounting systems