culled from Verizon Business analysis of 90 major security breaches

1. Not changing default password on all network devices
2. Sharing a password across multiple network devices (and departments)
3. Failing to find SQL coding errors 
4. Misconfiguring your access control lists
5. Allowing non-secure remote access and management software
6. Failing to test non-critical applications for basic vulnerabilities
7. Not adequately protecting servers from malware
8. Failing to configure your routers to prohibit unwanted outbound traffic
9. Not knowing where credit card or other critical customer data is stored
10. Not following the Payment Card Industry (PCI) Data Security standards