In-depth network security essentially relies on multiple layers of defence technology, security policies and practise. While the technology involved is undoubtedly critical, more often than not, network security breaches are often the result of the same recurring sins, or mistakes made by companies on a far more fundamental level. Here are some of the most unforgivable sins made regularly by companies around the world.

Failure to measure network security risks is one of the top sins cited by experts. Without adequately assessing potential risks, it is all too easy to be lulled into a false sense of security by the presence of a simple fire wall and some anti-virus software.

In essence, these experts stress the necessity to have network topology diagrams/ discovery software identifying exactly what is on a network, where it is and what it does there. Only by understanding exactly what is there and why it is there can security measures be layered efficiently and effectively without workers finding 'work-arounds' circumventing seemingly rigid and 'over-the-top' security measures.

Another major mistake made by many companies is the belief that the fact that they are in compliance with specific rules and regulations automatically means their network is secure. While compliance is undoubtedly a step towards achieving security, it is far from enough on its own within the constantly changing landscape of risk and security.

One of the biggest dangers that is all too often completely overlooked is the human factor. Individuals using technology without really understanding it pose a security risk without even meaning to cause harm, and it is all too easy for con-artists and hackers to exploit employees who are blissfully unaware of commonly used social engineering tricks.

Having a suitable security policy alone is not enough, it is vital to train people adequately to fully understand the necessity of security measures, procedures and responses in case of potential security breaches.

In a similar manner, it must be clearly stated who has access to what. It appears that in some cases, a single member of a work force was provided with sufficient authority to access and effectively lock the rest of the company out of the entire network - a situation that should for obvious reasons not be allowed to arise at any point.

Other major sins include poor monitoring of activity/ log-in reports; poor patching procedures in case of potential breaches and making security layers too complex to work effectively.