It's not easy to allow others to seamlessly navigate your playpen, and it only takes one misstep to make a mess and ruin everything. I am continually amazed that there are small and mid-sized businesses that don't pay attention to glaring weaknesses. For example, you trust that your SSL certificates and the like are kosher because you rely on their authority to be reputable. However, just weeks ago, a Dutch CA was quickly forced into bankruptcy because of lax practices that exposed about 300,000 Iranians to hackers. How bad was it? Check out this quote from the article by Steve Ragan on TheTechHerald.com:
“The network has been severely breached. All CA servers were members of one Windows domain, which made it possible to access them all using one obtained user/password combination. The password was not very strong (Pr0d@dm1n) and could easily be brute-forced. The software installed on the public web servers was outdated and not patched. No antivirus protection was present on the investigated servers.”
Threats are not limited to outside agents. Have you performed security checks on the people who clean your offices? Do you trust that the building owner has vetted them already if you're a tenant? You see, there are more than a few areas of concern that are out of your control. Having a good technology partner who can help illuminate those vulnerabilities is a great thing, but it is on you, the business decision maker, to ask the questions. Continue to be diligent and your potential cracks will be minimized!