|© jamdesign - Fotolia.com|
How about the application expert who can fix user issues at the blink of an eye, but never shares any of his knowledge with his colleagues, or documents it in the knowledge base...what happens if he throws his toys out of the cot one day, walks out and leaves, taking all his acquired knowledge with him?
And what about the person doing data entry on your accounting system who leaves the username and password for the application on a post-it not on the edge of the computer monitor...and the technician whose job it is to check that your UPS backup is ready to go in the event of power failure, what if he assumes that they are all OK without physically checking them as scheduled?
These are the threats that can derail your business in a heartbeat, and they are easier to counteract than the potential risk of earthquake or flood...when I originally typed that last sentence, I said that they were FAR easier to counteract, I took that out because anything that involves getting people to change is NEVER easy, but it can be done!
|I had fun finding this pic...brought back great memories!|
Make sure that your team understands the aspirations and culture of the business outside of IT, ensure that the IT department feels that it is part of the business, getting rid of the old 'them and us' ethos that has plagued IT and the business for so long. If IT cares about the business they will be more attentive to situations that could threaten the organisation.
I know that gamification is a bit of a buzz word right now, and for good reason - introducing competition into the workplace can do wonders...IT workers are, by nature, a competitive bunch. Offer some good carrots, so hopefully you will not need a big stick. Incentives are a far more productive way to get the results you need than punishment. Encourage knowledge transfer by having a monthly competition for the best knowledge-base article, or the greatest number of 'approved' articles written.
Essential tasks, such as the UPS check or testing backups, can be made more visible. Put them up on a whiteboard, visible to the entire department - a bit like a sticker chart for encouraging good behaviour for a child. Everyone can see when the desired behaviour has been completed. If you want to add even more incentive, create a reward for the whole department when the action has been carried out successfully for a month - that way everyone will remind the person responsible. It takes six weeks to form a lasting habit, so if you can get that far you've won the battle.
Make sure that the tools that are needed to aid security are in place, such as password lockers, so that there is no excuse for careless use of passwords. Incentivise their use and take action where there is abuse of password security. If you have been able to install that feeling of belonging and loyalty to the business, then your team will understand the need to keep systems secure. This is not an area where you can afford to have lax behaviour.
Get those two legged risk factors under control, if you can take countermeasures against the human risk factor you will have gone a long way to protecting the business from avoidable threats.