Boring’s Not So Boring
Top security mistakes and how to avoid them
In the movies, hackers are easy to identify. The screen’s green glow reflects on their grizzled faces as they type furiously at their keyboards in the murky shadows. Of course, real-life hackers aren’t nearly so easy to spot. And they’re also likely not the biggest source of risk for your business.
The truth is that most security breaches—over 80 percent—are crimes of opportunity . The largest security threat many businesses face comes not from criminal masterminds, but their own employees. To help you keep your data and networks safe, we’ve compiled five common IT security mistakes, and what you can do to avoid them.
Mistake 1: Not performing updates
Solution: Installing regular upgrades and software patches is one of the most important things you can do to keep your network and data secure, but 40 percent of users don’t always upgrade software when prompted to. In fact, about a quarter admit they need to be prompted at least twice before upgrading . Don’t wait to make your network secure. Upgrade as soon as patches are available and conduct audits regularly.
Mistake 2: Not disposing of data correctly
Solution: Donating old equipment can be a great idea, as long as you’re making sure you’re not donating your company’s sensitive data as well. Merely deleting files doesn’t necessarily get rid of the information. To be sure it’s permanently deleted, the data needs to be actively overwritten with programs like Eraser. And HP Disk Sanitizer and File Sanitizer, available on select business PCs and notebooks, can help you erase hard drives and securely remove files, history, and data from a computer, and bleach the blank file space [3, 4].
Mistake 3: Not using encryption
Solution: Encryption isn’t just for databases stored securely in your network. Over half of all data harvesting by hackers was done not on stored data, but on data in transit  between systems, through a network, or to employees working remotely. Consistently employing secure, encrypted connections for employees accessing information outside the office is a key step in keeping your data protected.
Mistake 4: Not using secure services
Solution: When employees need to work late on a big project or access a file on the road, all too often what they end up doing is emailing the file to themselves, or putting it on an unsecured public website or notebook. If your employees are circumventing your security because they need more flexibility, one great alternative can be a service like HP Helion public cloud that can provide remote access while maintaining leading security practices.
Mistake 5: Not educating employees
Solution: Having secure systems does little good if your employees give up sensitive information and credentials voluntarily. Cybercriminals are increasingly targeting employees in phishing attacks to get past firewalls and other security measures. These attacks use emails, fake websites, Trojan downloads, and social media to solicit the information they need to infiltrate your network. To avoid becoming victims, employees need to be educated on how to recognize—and avoid—suspicious websites, friend requests, and other risky clicks.
The average cyber-attack can cost a business nearly $9,000—not including the impact of lost sales due to a damaged reputation . And if you think your business data isn’t a target, you should think again. In 2013, more than half of all of the small businesses surveyed had experienced a security breach at some point . But by taking a few simple steps, you can go a long way towards minimizing your risk.
 Verizon, Data Breach Investigation Report, 2011
 Skype, International Technology Upgrade Week, 2012
 HP Disk Sanitizer is for the use cases outlined in the DOD 5220.22-M Supplement. Does not support Solid State Drives (SSDs). Requires Disk Sanitizer, External Edition for Business Desktops from hp.com. Requires Windows on business desktops and notebooks.
 HP File Sanitizer is for the use cases outlined in the DOD 5220.22-M Supplement. Does not support Solid State Drives (SSDs). Initial setup required. Web history deleted only in Internet Explorer and Firefox browsers and must be user enabled. With Windows 8.1, user must turn off Enhanced Protection Mode in IE11 for shred on browser close feature.
 Trustwave, Global Security Report, 2013
 NSBA, Small Business Technology Survey, 2013
 Ponemon Institute, Poll for HSB, 2013