Managing a corporate IT infrastructure involves protecting both the users and the organization’s data. This is a challenging task and in many cases, the IT professionals in charge of a company’s network are the greatest risk to its security. They pose significant risks precisely because they are tech-savvy and have a lot of power. Below is a look at the problems posed by poor security habits and the ways in which they can be resolved.
Because they are knowledgeable about IT, IT professionals tend think that their knowledge is sufficient to handle all risks. The result is that they often ignore even the most obvious threats to the security of their IT infrastructure. For example, they might install their own antivirus software against the advice of their company’s software administration and information security experts.
The problem of failing to update passwords
According to a 2014 survey by Lieberman Software that was reported in Informationweek Dark Reading site, IT security professionals also often fail to update their organization’s service and process account passwords or only update them on an annual basis. Half of the survey’s respondents who failed to update passwords stated that they feared outages and downtime.
According to Lieberman, the fact that they prioritize the prevention of downtime and outages over the prevention of security breaches shows that they lack awareness with regard to the destructive potential of a cyber attack.
Another survey by Intermedia provided more evidence that IT professionals are among the worst offenders with regard to poor security habits. In their 2015 survey they found that many IT workers accessed their previous employers’ systems after leaving the company, shared logins among multiple users and were fine with installing applications without first consulting with their own IT department.
Combating the greatest threat
Based on the above surveys, it is clear that much of the danger to a company’s data security comes from within. This means that along with user education and data management, constant vigilance is necessary to secure IT infrastructure. IT professionals must therefore carefully analyze their network, monitoring everything from applications to devices on the network in order to identify activity that is unauthorized or insecure. They will use tools that allow them to monitor messaging, streaming media and a range of other traffic types. There are also security and network monitoring products that have regulatory compliance policies built into them that can be tweaked according an organization’s needs. Other measures include using firewalls that an IT security professional can tweak to filter messages for sensitive information. Monitoring a network has the following benefits:
- It helps with spotting computer and network abuse
- It provides audit trails so that employees can be confronted with evidence of their insecure or otherwise suspicious activities.
- It allows for suspicious traffic to be traced back to specific computers and users.
While some users may resent having their habits called into question, most will eventually come around when it is explained to them why it is better for the company that they follow policy. An IT department can use the following advice to make the process of explaining the problems easier:
Users with large egos may strongly object and claim that the security risks are insignificant. They should be allowed to explain their actions as this may make them more willing to listen.
They must be made to understand why a practice like installing unapproved software poses problems such as incompatibility. They should also be educated on the issues that might arise when attempting to support software that is not approved by the company.
A copy should be kept on hand as problems are being explained to workers with bad habits. This is so that they can be shown the practices that have been approved and documented.
No organization can afford to take internal threats lightly, especially when those threats are the result of poor habits from the very people in charge of the IT infrastructure. In order to remain competitive and profitable in the modern marketplace, a business will have to take network analysis and security seriously and invest in employee training as well as the right security products.