Generally speaking, your organization’s information technology department stands at the helm of its cybersecurity initiatives. From promoting an internal culture of security to driving the adoption of innovative new technologies, IT has a foundational role in protecting your systems, applications, and data. And it’s because of that role that IT professionals can potentially represent one of the greatest security risks of all.
These are the men and women who know exactly how your backend functions. They have a direct line to the lifeblood of your IT infrastructure. If one of them gets it into their head to be malicious, they can do a great deal of damage.
It isn’t just malice you need to be concerned with, either. As noted by Adam Robinson, founder of The Princeton Review, smart people have the tendency to make stupid mistakes, even more than those of average or below-average intelligence. Since your IT professionals are presumably some of the smartest people in your organization, I’m sure you see where I’m going with this.
Maybe your system admin thinks they can use an unauthorized, third-party network monitoring tool because they know more than the IT director. Maybe one of your developers gets careless and misses a few lines of code. Regardless of the reason, when IT makes a mistake, the results are felt across the business.
What Can You do to Mitigate These Security Risks?
First, you need strict access controls on all critical assets. No one, not even your administrators, should have direct access to an asset they don’t specifically need to do their job. Further, you need a means of removing privileges when an individual leaves your organization, particularly if they do so under less-than-ideal circumstances. Disgruntled employees can be huge security risks so you must do everything you can to mitigate the situation.
Second, it’s imperative you work with your IT department to ensure they’re up to speed on the latest threats, techniques, and technologies in your industry. In particular, IT professionals should be familiar with the Internet of Things, the cloud, enterprise mobility, and data analytics. The more work you do to improve their knowledge-base, the likelier it is that they’ll avoid mistakes which could put your data at risk.
Last but certainly not least, aside from thoroughly-vetting all new IT professionals, you should take every necessary step to promote a positive work environment. Employees should never feel like they’re unappreciated, and everyone should have the opportunity to make their voices heard. This won’t completely eliminate the chances of someone sabotaging your systems from within, but it will significantly mitigate these security risks.
In many ways, your IT department is a double-edged sword. On the one hand, it can prove instrumental in protecting your critical assets. On the other, without proper training and oversight, it can actually be the greatest risk to those assets that you’ll ever face.
It’s up to you which one it becomes.
The original version of this article was first published on Converge.