For law firms, I would guess that 1-2 are the most likely mistakes being made. What would you say?
As for dumb mistakes to avoid, consider the following:
1. Do not keep unnecessary client data “just in case you need it someday.”
2. Do not forget to encrypt data.
3. Do not leave access paths unsecured.
4. Do not delay in patching weaknesses and vulnerabilities as soon as they are discovered.
5. Do not neglect reconfiguring badly configured servers and databases.
Anything you’d add to this list? Check out the whole article and share it with your lawyer friends.