Poor understanding of the seriousness of IT security issues by company management is by far the number one issue we face. An unfortunate side effect of this prevailing attitude is the regular IT staff person throwing in the towel and letting potential security problems slide into real ones. We see this all the time. And often the IT management role has been relegated to individuals who are otherwise not even remotely qualified, from receptionists to accountants. The worst security offenders are management themselves and, indeed, they are the preferred targets by hackers for that reason. Company executives are notorious for ignoring or otherwise getting around their own company's computer security policies. Company executives are also the easiest targets as many publish both their names and their e-mail addresses on the web, and have the least computer skills. Hackers know this full well and act accordingly. One of our recent clients had a very sneaky socially engineered password stealing Trojan e-mailed to their CEO, who promptly forwarded it to the CFO and their senior engineer. We caught and blocked it before the damage was done. Another one brought in an infected personal laptop that was spewing out spam. We detected and blocked that too.

Otherwise, the most severe issues we see are weak or non-existent passwords, operating system and application patches not up-to-date, computers being run in full administrative mode, old firewall technology that doesn't block inbound and outbound malware, rogue laptops that bring malware into the office network, unsecured wireless devices, and un-enforced computer usage policies - if any at all.

We build secure networking environments, and write the policies, that deal with these issues and more.