Catch 22 – IT Dept. has access to Confidential info

So here is the story – you have a company that relies heavily on their IT infrastructure. The company keeps all their info in some electronic form. The company uses Email to communicate and also browse the web.

Now in order to keep all this technology running, the company employs a hotshot IT administrator. The IT dude automates processes, builds intranets, backup data and keep the internet data flowing.

Sounds like all is well.

Maybe YES and maybe NO.

What the company doesn’t realise is that they have just handed the keys of the entire company to this IT hotshot. At a touch of a button he can shut them down, he can destroy records, access confidential information and expose company process.

IOL technology have an interesting article  – titled: “IT professionals have keys to your personal details” which shows that

“One in three information technology professionals abuses administrative passwords to access confidential data such as colleagues’ salary details, personal emails or board-meeting minutes, according to a survey. ”

We have here a catch 22 situation – one the one hand the IT administrator needs to have access to everything if he is to keep things running. On the other hand, the company needs to protect itself.

What do you do ?
There are some basic tips that need to be implemented in order to strike a balance:

1. Make sure you do your homework before employing the hotshot IT administrator – phone the references, ensure there have been no “incidents” and run all the checks you can.

2. Have an external company conduct an Audit – this keep the local IT in check and makes sure that all is as it should be

3. Get an independent consultant to advise on how to secure sensitive information but still allow the local IT guys to operate and support the network.

4. Ensure that all employees including the IT guys sign your company’s IT policy which specifically prohibits information theft, accessing of info not part of the job  etc. This way you have a legal recourse.

When you have an external company such as Swift Consulting come in to “have a look” at your company’s IT you get the benefit of validating that what you are spending your money on is right, you have the benefit of best-industry-practice available to you, you have the benefit of an unemotional honest review of how your IT department is operating – along with recommendations on how to improve.

Finally, when engaging with an external consulting firm, it validates the work that the local IT guys are doing and keeps everyone honest.

 

add to del.icio.us : Add to Blinkslist : add to furl : Digg it : add to ma.gnolia : Stumble It! : add to simpy : seed the vine : : : TailRank : post to facebook:add to Muti

 

Add your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.