I love those "security mistakes" papers (I've written a few myself) and here is a fun one specifically on Unix. "The four most common Unix security mistakes" by Paul Murphy covers "four worst security strategies affecting Unix deployment in business and government."
Here they are:
#1: Using Windows to administer Unix
#2: Abandoning minimalism for convenience
#3: Failing to practice preventative management
#4: Focusing where the risk isn't
In the discussion following the article some folks criticize the #1 for being "platform zealotry" and I tend to think that even though Windows workstations and laptops used for Windows can be secured, they rarely are and it makes the mistake valid in the real world.