10 Common IT Mistakes That You Need to Avoid

Discounting internal security threats

IT managers who focus on external threats can easily fool themselves into feeling a false sense of security. According to Gartner, 70 percent of security incidents that cause real harm are actually internal operations, which put the most vulnerable at risk for the business.

Of course, not all internal threats are created with malicious intent. In September 2004, HFC Bank, one of the UK’s largest banks, sent an email to 2,600 customers — with all email addresses visible to others on the list.  When users scrambled to unsubscribe, all 2600 users were inundated with hundreds of emails.  The problem escalated when messages from out-of-office users – including home and mobile phone numbers – responded to this email.

Even the vicious cyber threats are done with very little technology. In a joint survey released this year by CERT and the U.S. Secret Service, the majority of security breaches came from internal sources, such as former employees who still have access to sensitive corporate data. Organizations need to be careful and take effective measures to protect themselves. Managing IDs and permissions can help.

Ignoring security for handheld devices

Although inexperienced IT managers see the need for network resources and username/password authentication on desktop and laptop computers, many IT stores use the “wild west” when it comes to mobile devices.

Here is a scenario: The company’s wireless company Chief Technical Officer tells us about a businessman who lost his iPhone on a business trip while closing a very secret deal. The business iPhone was not password protected, so anyone who found the lost iPhone could read any received emails.  The company’s IT department could do nothing in this case, and it leaked sensitive company data.

In this case, the small inconvenience of using login credentials had significant consequences.  Neglecting the safety of sensitive devices can be destructive.

Mishandling change management

A former CTO of a computer equipment manufacturer has described a situation where a capable, but perhaps overly ambitious, program manager made the seemingly simple changes to a set of sensitive servers during day-to-day maintenance. 

When this person made the changes they had all already agreed to, he took it upon himself to take additional steps without consulting the team.  He decided to upgrade BIND (Berkeley Internet Name Domain), open-source DNS software used to enable multi-site accessories.

Within hours, the entire business was brought to a halt, as all DNS operations failed. It took hours for a minor change, which resulted in the loss of millions of dollars of revenue. The lesson is that even skilled workers can cause a significant problem if they do not follow proper management practices.

Remember that change management is a tradition. It all starts with this central idea that when IT managers cut corners, the IT staff does the same.

Mismanaging software development

Fred Brooks writes in his book, “The Mythical Man-Month,” that because of the unique nature of software development, planning for software development projects based on each of the “human” units does not work.

Although software architecture can easily be broken up into manageable, time-consuming components, the big production gap between the best and average code editors means that IT managers are less likely to work, but are more skilled, than programmers.  This means that, when they do work, they can be more productive.

Since its publication 30 years ago, The Mythical Man-Month has been a mainstay of software finance. However, many IT executives are still planning and executing projects based on this prohibited parable — implementing this approach can help an IT manager for a project staff that can have the right number of people for a certain amount of work.

Developing Web apps for IE only

Unless the leading apps continue their march in the web browser, and Windows dominates the compact desktop, web developers should avoid the temptation to build IE applications. IT outlets that insist on using IE for web applications should be prepared to deal with malicious code attacks like JavaScript.

Relying on a single network performance

When it comes to network performance, no one can judge the health of the network in terms of a single metric.  Douglas Smith, vice president of network analytics for network vendors, points out that it’s wrong to assume that network usage can be classified in a simple way. 

Successful network analysis means taking a step back and looking at the details of your business operations. Some features of the network, such as port usage, link usage, and user activity, can be tracked and measured, to determine whether your business operations are on the right track. 

Throwing bandwidth at a network problem

One common complaint facing IT is simple: The network is running slower than usual. A knee-jerk reaction is to add more energy. In some cases, this is the correct solution, but can also be the wrong plan of action. Without proper analysis, development potential can be a costly and unwise decision. Network Tools’ Smith describes this approach as, “I’m in the basement, so I need a new home.”

Permitting weak passwords

On the Internet, new threats are constantly emerging which are at the forefront of IT professionals’ minds. Still, a fundamental and archaic flaw in IT remains the use of poor credentials, such as weak passwords.  User accounts with well-known passwords or physical display; administrative accounts with weak or well-known passwords; and a weak or well-known password hashing algorithm can be either well-protected or visible to anyone. Avoiding weak authentication errors translates into simpler IT restriction and handling by restricting access to only those trusted members who have access credentials. A clear, detailed, and always-effective password policy that works to address authentication vulnerabilities, as detailed in the SNS report, is an effective strategy to promote the greatest internet security.

Ruining your outsourcing strategy

Outsourcing issues can quickly fill our Top 20 list alone. There are two distinct flavors of this type of problem. The first is the sin of the commission: outsourcing important IT tasks to avoid the difficult task of understanding them. It can be challenging to stop or change outsourced tasks, and they can cost companies a lot if things go wrong.

Dismissing open-source — or bowing before it

For better or worse, most IT stores are based on evangelization or avoidance of specific technologies or platforms.  This is no truer than in the open-source world.

On the other hand, most conservative IT stores reject open source solutions as a matter of policy. This is a big mistake, as it eliminates low-level, stable, and inexpensive solutions like Linux, Apache, My SQL, and PHP. On the other hand, emphasizing the open-source features of your IT operations can delay development, as developers are forced to consolidate open or unapproved source solutions in the presence of commercially viable software solutions.


6 PHP Frameworks You Need in Your IT Arsenal


Symfony is usually at the top of the PHP framework list, and for good reason. Since its first release in 2005, the framework has proven its value as an effective platform for building robust systems in the business environment. Focusing on the Model-Controller-View-Controller (MVC) system, Symfony allows almost everything in the development process to be customized, which is a significant drawback for developers. Available under the open-source MIT License, Symfony has become a leading and independent party in the business world.


One of the most popular PHP frameworks on the market is Laravel. It is known for its robustness and simplicity. Laravel caters to a variety of planning needs and is suitable for various types of projects – from basic writing to large business applications. Laravel is built on some of the components that ensure a reliable framework for thoroughly testing and generating reliable code.


CodeIgniter is known as a PHP platform that provides easy and beautiful tools for building fully integrated web applications. CodeIgniter uses the popular MVC control method and is known to be faster than other frameworks. The software development company EllisLab developed the code, but since EllisLab closed in 2017, CodeIgniter is now a project of the British Columbia Institute of Technology.


CakePHP, founded in 2005, is another open-source web framework and is widely used in PHP web development. CakePHP provides a clean and easy way to start projects without the hassle of using a PHP MVC assembly. The framework provides flexible structures for the development, processing, and distribution of applications. 


Phalcon is a source of open-source PHP web resources written in C language. There is no need to learn the C language, as the framework is described as PHP classes to use. The benefit of using C is that the framework offers high performance and platform stability, which means it is spreading to Microsoft Windows, GNU / Linux, and Mac OS X. Phalcon is an open license available under the new BSD license. While less than two years in the making, Phalcon provides documentation, community, and development resources in other adult frameworks.

Zend Framework

The Zend Framework is an open-source framework for developing web applications and services using PHP 5.3+, and is part of the Zend Technologies initiative. The Zend Framework is based on the MVC approach to web development. It is also part of the broader ecosystem of ZH PHP tools and technologies, including Zend Server and Zen Studio (a paid IDE that includes features that can be integrated with the Zend framework). In January, Zend Framework’s most recent version, framework 3, was announced in 2016; it provides the next generation of PHP development implemented in PHP 7.