We all know that times are tough.We have heard about the housing crisis. We have heard about the banking crisis. We see every day at our jobs the strain on our own companies. As security specialists we need to be aware of the impact this is going to have on the vulnerability space. Our job is to ensure that these strains do not increase the vulnerabilities on our networks. Unfortunately often these times will increase the numbers, opportunities, and likelihood of internal threats to a network. The stress on an individual pushes them to fin opportunities to get ahead and when the ship is going down they often feel as though they have nothing to lose. So often companies, when they feel the need to tighten their own belts, tighten the noose around their employees. While this is a quick and easy place for a company to save some money, it is important for us as security professionals to advise administrators to find ways to keep the moral up among employees at the same time. Often you will see employers do things such as increasing the amount of auditing done to time keeping and payroll, or restrict vacation and sick time that employees have justifiably accrued. While these steps may give the appearance that they will save money, and they may catch one or two people that cheat on their time, they will draw down on moral and may insight that one person to breach internal security rules and compromise the network; costing the company much more then they might have saved.
Moral is an important asset to foster in a company. Loss of moral is often harder to get back that you might think.While there are little things that a company may do to save a dollar here or there in tight economic times, the need to way them against the tangential cost incurred by side affects of those cost saving measures. Even if a disgruntled employee does not breach security, loss of moral inevitably will drive away good employees and loss of talent always hurts a company. As security professionals we need to look at the risks to a company. We do not stop at the dollar amount but look beyond to the impact that a program, strategic plan, or application to the impact it has on the security of the data and network of the organization. Our job is to advise the stake holders of these impacts.
No comments:
Post a Comment