1. Lack Security Awareness – Lack of security awareness and operational aspect among the employees in organization.

2. Poor Password policy – User accounts with no passwords or weak passwords and password sharing among the users can lead to unauthorized security breach.

3. IT Security Audits – Absence of periodic IT infrastructure and operations audits.

4. Irrelevant security products – threats, risks and impacts to the assets should be not analyzed prior to selection of security design and technology adds on to the financial costs and doesn’t justify the Return on Security Investment (ROSI).

5. Server mis-configuration – Default options in operating systems and applications are susceptible to hacking attempt.

6. Email attachments – opening unsolicited email attachments without verifying the source and checking the content prior to verification can potentially lead to spread of virus and/or worms.

7. Improper security updates – failure to install security patches for application, browser(s) can allow the hackers to exploit the vulnerabilities.

8. Improper virus definition updates – failure to install periodic virus definition updates on all the network computers can allow the systems to become the gateway for virus/worm propagation.

9. Open ports – failure to block unwanted TCP and Data ports on the servers and desktop/laptops opens door for data theft.

10.Modem mishap – allowing use of modem on a computer connected to the internal network opens gateway for the hackers.

Top