Tuesday, December 25, 2012

Five career-changing mistakes


The state of today's business world is fast-paced, constantly evolving and undeniably competitive. Having a successful career, regardless of what position you are in, is highly dependent upon several factors, including knowledge, confidence and finesse. Many people decide to change careers midstream for a variety of reasons, including wanting to try a new line of business, learning new skills or to make their resumes appear more marketable to hiring managers. Changing work paths can revitalize your career, increase your earning potential and help you secure the dream job you've been chasing. If not done carefully, however, a drastic job change can sabotage your career. While the jury is still out on the perfect way to change careers, there are plenty of career-changing don'ts and career changes that you simply do not want to make. Here is a look at five career-changing mistakes that professionals should avoid at all costs.

Unclear or indecisive career planning
One mistake that can significantly limit your career potential is not having a long-term goal. If you are switching career tracks frequently, or have no real direction in your career, you are not likely to get very far in your profession. Build upon the experience and education you already have, and opt for a career move in which you can apply your previous knowledge. Career goals, whether long- or short-term, act as a road map. Without clearly-defined goals, your career does not have much definition or depth. There are plenty of skills that are diverse and can easily be applied to a plethora of different careers. Make sure you have at least a general goal in mind before making any major changes. There are many organizations that can help if you don't have any idea what career path you want to take.
Changing paths without doing your homework
Another mistake that can cost you big in the long run is changing career paths without doing any homework or research. While the position may sound interesting and lucrative, it is vastly important to fully research where it can take you and what training or experience you need to succeed in this field. Prior to changing career paths, make sure this is the route you truly want to take and that any assumptions you may have about the new career path are actually true. By fully researching the limitations and potential of different career paths you will also be helping to ensure that your career is not negatively impacted by a rash or ill-conceived decision.
Making a career change out of desperation
Take a poll and ask your friends and colleagues if they are truly happy with their current positions and the state of their careers. Chances are that you are going to receive some feedback about just how unhappy they are in their professions. While it may seem desirable to escape a dead-end job that you are miserable in, it is not advisable to escape your profession completely based on that fact. Career changes tend to work best when you are at the top of your game in one profession and want to make a change to further your earning potential or knowledge base. Changing careers just to escape an employer you do not enjoy working for is probably not a good idea, because the chances are you will make a rash decision out of desperation.
Following the money
A major reason for anyone to have a career is to earn money to support his or her lifestyle and loved ones. Although money is the main reason most people work, it should not always be the deciding factor when changing careers. While the salary may exceed your expectations, it is important to research whether or not this career will take you to where you want to be. Changing careers based upon money alone may be a decision you later regret if you do not do the necessary research to justify the career switch. Make sure your new career path is something you're passionate about. Many successful people found success by following their passions, and they did this by aligning their work with their preferences. You will want to ensure that the type of work you will be doing and the amount of work you will have to put in will be worth the pay increase.
Taking an entry-level job in a new field
You've spent years bulking up your resume and gaining important skills and knowledge to perform your job well. When making a career change, you want to make sure you can apply past skills and knowledge in your new job. While you may be desperate to make a change in your career, it is vital that you do not sell yourself short. Never opt for anything less than a lateral move. A lateral career move will allow you to maintain your salary and expertise level, while learning a new trade.
The bottom line
While there is no surefire recipe for success in the business world, there are plenty of pitfalls that professionals can fall into when changing careers. It is vital to consider each career move with care. Not only will your experience go on your resume at some point, but your work history is the backbone which your entire career is based off of. Smart business moves that build on your strengths, knowledge base, experience and personality make for a strong career, while poorly thought out career moves can sabotage all that you have worked so hard to achieve.

Tuesday, December 18, 2012

security mistakes that are easy to avoid


Takeaway: What’s worse than getting hit with a security breach? Getting hit with an easily preventable one.
No matter how much we try, users — and sometimes even IT departments — overlook some security mistakes that are relatively easy to correct. In this article, I’ll discuss 10 avoidable security mistakes and describe what you can do to correct the oversight.

1: Using poorly chosen passwords

There was a day when people thought that using the password “password” would be a surefire way to fool hackers and other miscreants. After all, who would use such an obvious password? Although most people now realize just how poor a password that is, so many still use equally obvious choices for passwords, particularly in this day of high social engagement. Take this for example: You cleverly use your anniversary year in your password along with the middle name of your oldest child. Both are easily retrieved on Facebook and through other means. Even organizations that have strong password policies can suffer from poorly chosen passwords when users attempt to work around the requirements.
Fix it: Don’t use obvious patterns in your password. Mix things up. Substitute exclamation points for the number 1, ampersand signs for the number eight, and the like. The more variety you place in a password, the more difficult it is to crack. If you’re creating a password policy for your organization, require the use of characters from multiple character sets.

2: Never changing passwords

I’ve seen this in action too many times. People who keep the same password forever and use the same password on multiple sites are more likely to suffer a breach. Even in organizations that require password changes, some people try to find ways around having to change passwords on a periodic basis. For example, I once had an employee with domain admin rights who decided to exempt himself from the organization’s password policy. He was reprimanded (although, in hindsight, I should have fired him for abusing his access rights) and made to comply with policy. Of course, these kinds of situations should be the exception, but how many people use the same or very similar passwords across multiple sites and change only one character in their password when it comes to expiration time?
Fix it: Educate your users about the importance of good passwords and why changing them every so often is critical. As a part of your policy, consider using a third-party tool to disallow similar passwords at reset time and to create stronger passwords.

3: Not installing antivirus/anti-malware

This one is a given. If you’re not running antivirus software of some kind in your environment, you’re wrong. Even with the best firewalls, the concept of layered security still holds true. Anything that the firewall fails to catch can be handled by your antivirus software.
Fix it: Install anti-malware software… now.

4: Not using a firewall or being too lax with a firewall

Whether you’re at home or running IT for a business, a firewall should be considered required equipment. Although Windows and other operating systems include built-in firewalls, I have always preferred a hardware firewall of some kind, especially when used in conjunction with the aforementioned software firewall. Moreover, any firewall that is deployed should be deployed well.
Fix it: Wherever possible, deploy a hardware firewall both at home and in the office. Make sure that firewall rules aren’t allowing unnecessary traffic to make its way to the internal network.

5: Never patching machines

Operating system and application vendors release software patches for a reason. While many updates add new functionality, many also correct security flaws in products. I’ve seen plenty of home machines on which the user has disabled software updates. In the enterprise, patches can sometimes be avoided with the reasoning that the firewall at the edge of the network protects the organization. This isn’t a good strategy, as valid traffic can still exploit vulnerabilities.
Fix it: Patch machines! Turn on automatic updates and implement robust patch management policies and procedures in your organization.

6: Insecurely storing data

How many of you have stored sensitive data — personal information or for work — on a USB thumb drive? Do you ever take that thumb drive with you out in public? I’ve seen a lot of USB storage attached, for example, to key rings and carried around. Further, that storage simply sits on people’s desks and such.
Now, how many of you back up your organization’s data to tape? Do those tapes go offsite and, if so, are they always under your control?
Unprotected data is a big deal. A single lost USB drive, laptop, iPad, or tape with the wrong information can land an organization in a mess financially, legally, and from a public relations perspective.
Fix it: Make heavy use of encryption for anything that is portable. Most backup software can be configured to encrypt data on tapes and you can use tools such as BitLocker and BitLocker To Go to protect laptops and portable storage devices. For other mobile devices, such as iPads, consider deploying mobile management security software that separately encrypts and protects particularly sensitive information.

7: Being too generous with permissions

In the enterprise, permissions drive what people can and can’t do. The easiest way to enable employees is to grant them carte blanche admin access to everything, but that would quickly devolve into chaos. So most organizations have a policy and structure under which they grant specific permissions based on work-related needs. Over time, unfortunately, “scope creep” comes into play. People change positions within the organization and old permissions are never removed or a temporary permissions increase is never removed, and so forth.
Fix it: Make sure that there are clear permissions policies in your company. Your policies and procedures should include a periodic permissions review that matches current needs with existing permissions; permissions that are no longer necessary should be removed.

8: Choosing poor (or no) Wi-Fi security

Even with all the known risks regarding open Wi-Fi networks, there are still tons of them out there that are completely open and insecure. Some have taken the step of implementing Wired Equivalent Privacy (WEP) as a protection mechanism since it’s widely supported, but WEP encryption can be cracked in as little as four seconds. That said, it’s still better than no encryption at all, which carries its own risks.
Fix it: Implement WPA at the bare minimum, or better yet, go with WPA2. WPA2 is a modern wireless security standard that is supported by most modern operating systems. When you implement WPA2, choose a good wireless password, too. It shouldn’t be too easy to guess or your wireless protection will be for naught. WPA2 can still be cracked, but cracking WPA2 is far more difficult than cracking WEP or WPA.

9: Avoiding basic mobile device security

Mobile devices will become a hacker’s paradise in the coming years. Most people walk around with devices that have unencrypted personal information of some kind and these devices are accessible at a moment’s notice. They can also be lost or stolen. I mentioned previously that you should consider what kind of information is on a mobile device and remove anything too sensitive or you should consider software that can compartmentalize sensitive information. But you should also keep the casual snooper from being able to easily access information.
Fix it: It’s basic, but at the very least, impose some kind of passcode requirement for mobile device users who access company information. While this will not keep determined adversaries from getting information they want, it will thwart the causal snooper who might pick up the device.

10: Never testing backups

Let’s suppose that all of your other security mechanisms fail and your environment is so severely compromised, the systems and data are no longer trusted. At that point, it might be time to consider restoring the environment from backup. However, horror stores abound about companies that have attempted to recover from backups only to discover that:
·                                 The backed up files were corrupted.
·                                 The backup tapes were bad.
·                                 No files were actually being backed up even though the tapes were being swapped each night.
None of the above is good and can place an organization in a terrible state.
Fix it: Immediately implement policies and procedures that require regular testing of backups. In addition, consider implementing a tiered backup system that backs up data from disk to another disk-based system and from there, to tape or to another offsite, off-network service that can’t be compromised in the event of an attack.
Thanks :- http://www.techrepublic.com/blog/10things/10-security-mistakes-that-are-easy-to-avoid/2968

LinkWithin

Related Posts with Thumbnails