Wednesday, December 9, 2015

Worst at security: IT personnel and executives

It's not always external attacks that can hinder network performance and put data at risk. 
hero
Sometimes the problem exists with your users--especially the ones who should know better.

Managing the corporate network means two things: Keeping the users safe and keeping the corporate data even safer. This is a heavy task for IT managers to shoulder, and often the users themselves are a significant threat to the corporate network. Sadly, executives and IT staff are the absolute worst when it comes to keeping the network healthy. The worst!

What makes executives and IT staff the worst users?

IT department members and executives are difficult for two reasons: They're too smart for their own good and they wield a lot of power.

"I am in IT. Therefore I know it all."

Tech-savvy users generally have a high aptitude. They've spent countless hours, possibly years, honing their skills. Be it a developer who's set to build the best HR database or a CIO who's climbed up through the ranks, these users tend to believe that their brainpower trumps all computing scenarios in front of them. Even common sense computing scenarios.

"Our corporate antivirus isn't as good as the one I purchased for home. I should install it on my work laptop for better security," Mr. Telephony Administrator says.

No, you shouldn't. Why would you remove corporate-approved software that's been vetted by the company's information security and software administration teams? You know that rootkits and keyloggers are true threats, so you assume the so-called "top-rated" antivirus package you found on GeekProtect.com will make you less vulnerable. Mr. Telephone Admin, you may know the intricacies of mapping VOIP, but malware prevention isn't on your corporate task list. Allow the network and software admins to manage these assets.

"I am in the C-suite. I do what I want."

Corporate management may be your toughest challenge when it comes to protecting the network. In between conference calls and a calendar full of meetings, you'll find an executive who's begging for time to relieve stress at the office. A walk around the corporate park, a coffee break, or just jamming out with some iTunes. But even though iTunes itself doesn't pose a risk, problems could arise if it's used inappropriately.

"Hmmm, the corporate NAS has plenty of space available. I could dump my personal library onto the corporate network," Ms. CFO says.

Any network administrator will tell you that this is a big no-no. There should not be a mix of personal data and corporate data on workstations, laptops, or even the network storage. This includes games, photos, and other multimedia files. It's not only the concern of capacity and network performance, but also the issue of security and compliance. Unfortunately, C-level executives may feel this is something they can do because of general entitlement.
A little tact
Your users may not like what you're telling them when you address these problems, but most will eventually realize that it's better for the network and the company if they adhere to policy. Here are a few suggestions to make such conversations less painful and more effective:

Put on your people-skills hat. These users tend to have sensitive egos. They may even become combative, as they will almost always feel there's no real problem. Try to keep your cool. It won't help your cause if you lose your temper or argue with them.

  • Make sure users understand why their practices are problematic. In the case of installing nonstandard software, for instance, explain the potential for incompatibilities and the complications involved in supporting and managing applications that aren't company-approved.
  • Have a copy of the corporate standard operating procedures (SOP) on hand. It will be vital since it proves that the practices have been approved and documented to be part of company guidelines. Be ready to explain the rationale behind the rules.
  • Listen. Sometimes users need to vent for a while before they're ready to hear what you have to say. Patience on your part is likely to pay off in the long run.



No comments:

Post a Comment