Security has always been a priority concern of IT professionals, especially the Chief Information Officers (CIOs) who hold ultimate responsibility for their company’s computer and Internet security. In the years since the Internet first came on the scene, the security scenario has undergone rapid changes and developments as threat and counter-threats have been developed and deployed.

Recent surveys tend to confirm this perception. While IT security threats continue, the form and nature of these threats may not be what most people expect – or even suspect. The following are the top Information Technology security threats right now.

Lost Laptops and Careless Employees

Of major concern to many IT security experts are the increasing portability of laptops and storage devices. This increases the chances of these portable computing and storage devices being stolen not only for their resale value, but for the information contained within. This problem is apparently compounded by the seeming lack of security awareness by many employees – a reality that many CIOs are beginning to focus on and attempt to correct through lectures, training and even sanctions.

The concern over security extends to employees and their internet-based social networks. Some experts point out that prior to the explosion of internet-based social networks, most employees operated within a small and tight circle of friends – usually within the same company or industry. However, with the ease of communication and interaction within a social network, the chances of compromise from outsiders have increased.

Weak Information Protection Policies

IT security experts have also expressed increasing concern over identity thefts, especially with regard to companies who routinely require employee social security numbers as part of their hiring and recordkeeping policies.

While most companies limit physical access to employee records (especially social security numbers), many companies still have vulnerabilities in terms of systems and procedures in handling these.

For example, a survey indicated that many companies do not purge data when the company’s computers are reassigned or disposed of; others do not even install passwords on employee computers; still more do not encrypt personal information when these are transmitted over the Internet or the company networks.

Prevalent Use of Windows OS

The preponderance of Windows-based systems worldwide makes it a large, fat target that will constantly attract the attention of hackers and other cyber-criminals – and that vulnerability discovered in one computer means similar vulnerabilities in millions of other Windows-based systems.

Overconfidence

Recent surveys show that many large- and medium-company CIOs feel that their company’s security is more than adequate to meet existing and potential threats. Anti-virus, anti-spyware, anti-spam software and improved techniques have all contributed to the complacency of companies.

Many CIOs, however, see this as something to be wary of. Security, to the professionals’ minds is 24/7, check, double check and countercheck, random reviews and tests. It is a never-ending activity and, while automation may have relieved the pressures a bit, there is no room for error or overconfidence – especially as many threats are coming from unexpected sources.