What’s the biggest IT security worry for your business and how are you addressing it?

Today dear readers, we’ve got a quick question to ask you: What’s the biggest IT security worry for your business and how are you addressing it? As far as I’m concerned, my biggest security worry is probably related to managing how users access the Internet at the office, limiting what they can and cannot do depending on their role in the company.

But what about you? We’d love to hear all about it, so be sure to let us know by leaving a comment in the comments section below. This post is part of an experiment we’re doing with a few blogs and the Six Apart community, so we’d really appreciate your participation. Thanks!





6 Responses to What’s the biggest IT security worry for your business and how are you addressing it?

  1. Honestly, the biggest IT security concern is currently, and will always be, the users.

    We still have users who tape their passwords to the bottom of their keyboard, on their cubicle wall, etc even though IT has reminded users that it is against department policy to do so.

    We tear them down when we see them and regularly check when working at their cubicles, but we also make sure to let users know that IT has the ability to reset passwords within seconds if forgotten.

  2. Where I work, one of the biggest threats is data loss… So we've disabled via AD policy all the USB ports and CD/DVD Drives… When I say "we" I mean the IT department, because us developers are also affected by this…

  3. i work at a retailer and manage our infrastructure as well as our IT SOX and PCI compliance. I just did our annual security risk assessment and some of the main findings included:

    data leakage – whether it's credit card, PII, or confidential info. we try to identify all the locations of confidential data, who has access, and threats to those repositories of data. we try to mitigate those threats with a combination of process and technology and we do annual security awareness training for all employees.

    zero day vulnerabilities – even though we have a very regular patch cycle for windows patches and third party (adobe reader and flash, java), we still routinely have those fake antivirus infections. Best we can do is keep patches up to date, don't give user's admin rights (in general only give least privilege required).

    franchisees – they are smaller organizations with less developed IT, but there are a lot more of them than company-owned locations. We define standards where we can and try to bring them along with compliance. But a breach at one of their locations would still reflect poorly on our brand.

  4. I'd agree w/ the answer users, but at my previous job where I was a Help Desk tech w/ a subfocus on all things telecom, our networked phone systems cost the company a lot money when stores had their routers hacked and subsequently used to make international calls over and over. It created tons of LD phone charges. The telecom industry is a very messy world sometimes, and the users too often enable it. Networking has big enough security issues as is without putting phones into the mix. The mix can be a very powerful and potentially even money saving tool, but proper implementation and planning are critical, of course.