In one of the bombshell revelations last year was the alleged Russian interference in the US elections involving Kaspersky that provides security solutions for computer systems. ‘To whom it may concern’it was a wake-up call.Nevertheless, what is becoming increasingly clear is that there is a gap between the hardcore technical teams and the top managementthus creating vulnerabilities. Many executives out there are susceptible yet unaware of what a twisted mind can accomplish without even being detected for months, perhaps years.
Interestingly businesses spend millions on physical security measures, financial audits and verification processes, however what escapes many brilliant minds are the possibilities that exist in the ‘server room’.
In a typical small to medium sized organization that relies on a small team of IT guys the perils are significant. If you are a business owner or at CEO, CMO, CFO level how would you like if someone can monitor or access your files or emails or keep tab of your google searches to say the least, without you even knowing.
These are soft targets that at times catch even the savviest of minds unawares. Nothing is missing, nothing is misplaced, yet their privacy may have been compromised.
Did you know that a moderately experienced email administrator can very easily copy all email traffic coming back and forth from your official email ID without you even knowing and without him even accessing your account? You could have the most secure password but to an email administrator that password is meaningless. Did you know that in a group email account there might be a person being copied all your confidential communication without you ever knowing about it?
You may have invested in a state-of-the-art sophisticated firewall or a proxy server, but you are still at the mercy of those IT guys. To one with a warped mind you are naked, and he is enjoying the peep show without you ever noticing.
You may say you trust your team and surely you must, however do understand that the guy whom you pay a measly salary (according to him anyway), at the right price can become quite cozy with someone who is not in your good books to put it mildly. Over the years I have seen too many cases of disgruntled IT administrators who have sabotaged systems, diverted official websites to websites you wouldn’t want small children to see. It’s great if you are convinced that this will not happen in your organization, in that case what have you planned if, God forbid, your IT guy meets with an accident and the worst happens. Along with him your organization’s super secure passwords will also be buried. Do you have a contingency plan?
You may have leased some super-duper bandwidth, that is great, but is someone monitoring how much is coming in.It may be peanuts for you, but can you swear upon the Almighty that your bandwidth is not being compromised in the graveyard shift, i.e. not the graveyard shift of your office. All that activity, legal or not, is in your name.Do you have a clause in your agreement to adjust for times or days when you did not get what was promised?
You paid for a certain number of licenses of a software, is someone tracking their installation and usage. The excess can be sold in certain markets, you may not care, but someone will be making a fortune. Ever heard of pirated software, this is one of it sources.
Did you know that the paan-wala around the corner from your building, catching your Wi-Fi signal is getting free internet service, courtesy some guy in your office who is enjoying free paans? Again, you may choose to ignore, but it will become an issue if that paan-wala has certain friends who are involved with shady online activities thanks to your Wi-Fi charity.
You may ask, what can be done? Well there are various options. Have a third party, even if they are from a sister organization, audit your systems. This is a friendly way, none-the-less a good start. More brutal however are surprise inspections;of course, theymust be with the highest stakeholder’s consent and authorization. Be ready for what may be revealed – who is spending how much time browsing around, downloading movies and songs or worse. If as a business owner you provide that perk that that is fine, but youhave the right and tools to know.You are paying for it either way.