We have all been preached to incessantly about the top security issues. Make sure your systems are up to date with patches, your AV is updated, use long passwords, and on and on…
But what are some other top issues facing the IT security world that may not be as obvious?
A few are:
- The Economy
- Company Cutbacks
- Staffing Issues
These three directly affect computer security. Let me explain why:
For several years now, companies – large and small, have been cutting back on staff. The changes are necessary, to keep competitive and to keep profit levels acceptable to those running the company. With the current recession though, these cutbacks have escalated to a deeper level.
Computer personal with numerous years of service with companies are no longer seen as an asset, but expensive overhead. Companies are downsizing and consolidating IT departments, so fewer people are required to support larger client bases. Inexperienced people, sometimes just out of college are being used to replace veteran workers. And in some cases, temp agencies are being used to fill positions with workers of unverified backgrounds or even questionable foreign sources.
I was recently told by an IT director of a top US university that the current acceptable rate of IT support is 1 person per 300 users. He was very concerned about this. What happens when several critical system go down in separate departments at the same time? What is that going to do to the stress levels of the support person? Will he be able to keep up on maintenance and security checks along with supporting the client base? Or will he be relegated to fighting fires and juggling priority downed systems?
Veteran computer personal are being removed from companies – “due to cutbacks”, only to be replaced shortly thereafter by inexperienced or even temporary workers. Modern networks are a confusing compilation of mixed operating systems, a multitude of connectivity devices and in some cases, a multi-lingual/multi-national support base.
How quickly and efficiently can inexperienced support personal gain the level needed to properly support this technical environment? How dedicated will a temporary employee be when he knows that he will just be out the door in a few months anyways? Was the temporary worker fully checked out by the hiring agency (especially for a secure environment and one could have foreign interests), or were they pushed through because they had a position that needed to be filled by the hiring company?
Unfortunately, there seems to be a disconnect between upper management and IT. Sometimes upper management doesn’t fully understand what the IT department is doing. When I was an executive at an engineering company a portion of my time was spent as a translator between the CEO and the Director of IT.
Today, most American companies are facing difficult decisions. For the health and protection of the business, IT support and staffing must be taken into consideration during these times.