eWeek had a great article/annoying slide show about the top 10 security risks that your users pose to your organization. One interesting thing I noted was with all of the increases in security (firewalls, IPS/IDS, NAC, password hardening, etc) in today’s organization, most of these are not even looked at.

Think about the easy of someone to walk out with their laptop and have it lost on the train (with not encryption)… Or someone with P2P software on their machine (that is sharing out their entire C drive)… Or worse yet, wifi (without separating it from the rest of the network) that isn’t secured with WPA2… Oh the horror!

1. USB Flash Drives
2. Laptops
3. P2P
4. Web Mail
5. Wi-Fi
6. Smart Phones
7. Collaboration Tools
8. Social Networks
9. Unauthorized Software Updates
10. Virtual Worlds

What are some of the other security risks you can think of that companies face?

I came across a great post over at Vitalsecurity.org the other day (part of the awesome Security Bloggers Network) about when security goes too far. RapidShare is a great solution for sharing large amounts of data. It’s ad and premium-user supported and allows for an unlimited amount of bandwidth (free users have 100MB file limit while paid users get 2GB file limit).

There are a few limitations or annoyances if you’re not a paid user. You need to wait a certain amount of time before downloading (usually less than 2 minutes), you can’t download more than one file at a time and the zinger is that you need to fill out a CAPTCHA in order to download files.

CAPTCHAs are not usually a bad thing except when you can’t read it! RapidShare requires you to choose the graphics that contain a cat but they are both difficult to read and worse off, not everyone knows what a cat looks like. It usually takes me two or three tries to download. I understand that they want to make it so that people need to make sure they’re human before they can download but their CAPTCHA requires a user to be super-human. That’s not a good way to draw in more people.

Security is important but this type of security is ridiculous.