3 security mistakes your management is making now

One of the joys of being a traveling consultant is I get to see what does and doesn't work across a wide range of products and companies. Guess what? The same issues pop up again and again.

Here are the three most common big mistakes I see senior management make regarding computer security. Some are errors of omission, others of commission. All of them tend to have severe consequences.

Almost every computer security product promises the world: Zero false positives! 100 percent accuracy! Hackers banished forever! Those of us in the field know such claims can't be met -- at least not in any practical way. The cost would be impossibly high. For antimalware software to reliably detect 100 percent of all malicious apps, for example, it would take the product 10 times longer to scan, it would slow down your system even more than it already does, and you'd have to put up with an incredible number of false positives.