Consciously or not our busy make us become sloopy. The effect is we can make many mistakes, especially in security mistakes. Acctually, these mistakes are basic error but can give a great impact for our job. These some things that should be avoided when we become sloopy:

1. Send important data via un-encryption email

Do not send password, PIN, and data account anymore via email without ecryption. Many people are lazy and do not know using encryption. Although we want to give important information via email, it doesnt mean that you can provide a secure communication at the time you send the data.

2. Use the security questions that are easy to guess

Social security number, mother’s name, name of pet, and date of birth is not in a secure way to verify the identity. If to get the password user required answer that question, then basically the passoword can be prevent from hijakking. With little effort the password will be reset back.

3. Using the restriction password that is too rigid

Some online system that allows you to manage financial such as internet banking use a password resterction. In some case password restriction make the system less secure. We can not use a password more than 6 digits, no symbols or special characters. Can be understood why the company do so. Maybe a programmer dont know how to handle password more than 6 digits more symbols and special characters. Even so, we can’t approve that. Password with more digits, symbols, and special characters is more powerfull more than less combination.

4. Submit security problems to vendors

Many IT professionals and managers who have the rights to purchase goods, definitely choose one brand. And if they have a good experince with that vendors, in the futures they will also have a good experience. This is a natural, but in this case we are not dealing with people, but company. So if there is a change in the leadership structure of the company, it will give an impact to quality of the company, can be better or worst. The important thing is do not let the vendors dictate what is important for you.

5. Undermine security expertise

People who act as decision-makers often do not understand how important security expertise. Even IT managers also do not understand. Such as WEP standart, WEP has many intelligent technology, not only cryptographer.

6. Underestimate the importance of review\

An expert need other expert to correct their work. In the security community review is activities which must be done to ensure the security system is reliable. No one can be considered safe without going through the testing of security personnel outside the environment of the system.

7. Excessive in response to the importance of confidential

Many security software developers who make a mistake with undermine review and too excessive in response to the importance of confidentiality. They refused to review their system because they need to protect their policy. According to the Kerckoffs one of the most fundamental research in security is security system that depend on design and always keep the design, not a high security system.

8. Identity that is easily falsified

We all had to send ID card through a scanner or fax. Acctually, the copy of an ID-card or signature that can use for verification is must have a good quality. Otherwise we must use the original to create the copy of ID Card or signature. Of course ID Card or signature with bad quality can easily be falsified.