TECH TALK: Let your staff help you get the most out of your IT networks
I was just reading an article called Turn Workers Into Security Partners. The article is all about the benefits of moving away from a perspective that treats employees as sheep to be protected or malicious children from whom you need to protect your network. It suggests that companies treat their staff as partners in IT security instead.
In a former life, I worked for an organization that took the “malicious children” perspective. We came to work one morning to find that instant messaging had been completely blocked on the company network. No one consulted us or asked what impact this move might have.
They just did it.
Because we needed it to do our jobs, and partly because quite a few noses were out of joint, we set about finding a way around it. It took from start-of-business at 8:30 am until 11 a.m. to completely circumvent the control and go back to exactly what we had before. Now that I know enough to understand the technological reasons for blocking IM, I know that we re-created the exact vulnerability that IT was trying to plug.
I would suggest that managers or business owners seriously consider this perspective and consider expanding it beyond just security. Staff offer two big advantages as IT partners. First, they are the front line users of whatever computer equipment, software, networks, etc. They often have input or ideas on what is working well or poorly and how it can be optimized. They can offer you leverage in the form of specific examples that you can take back to your vendors when you’re having trouble or asking for changes.
Second, they multiply the number of eyes and ears you have available. Your staff watch the news, get email from family, watch their Facebook accounts, etc. They will often get warning of threats before you see them. Just this morning, I had a colleague warn me about Twitter’s site offering pop-ups through a JavaScript injection attack. Every morning I run through about a dozen sites for news and information. If I were a Twitterer (is that a word?) I could easily see myself checking that account before I had a chance to read about the dangers.
On the other hand, there are a LOT of rumours, hoaxes and misinformation floating around. So how do you take advantage of the benefits of employees as partners without falling victim to every hoax that comes along? I would say that your first step is to talk about it. Discuss the issue with your staff and talk about how they can contribute safely.
Next, set up a procedure for implementing ideas. Do you have an IT person or department who can check out warnings? Try www.snopes.com for great information on the legitimacy of different claims.
Once you’ve confirmed that something is legitimate, you need to know if it will have any impact on your network. Securing a wireless router, for instance, is good advice. If, however, your wireless scanners don’t support WPA, then you will cut all of them off from your network.
Another great example is marketing through social networking. There are some great opportunities there, but there is also some impressive exposure to malware and privacy issues. Care must be taken and plans must be made to make good use of it.
The best place to check this is in-house IT. Second-best is a good IT consultant. A good consultant can serve as your in-house IT without costing you what you would have to pay dedicated IT staff. In a future column, I’ll take a look at choosing a good consultant.
Most companies can get a lot of benefit out of involving their staff in IT management, as long as the coordination is in place to ensure that the solutions work for you.