What your IT pro knows about you

Why worry about hackers half a world away? The biggest threat to your business may lurk within your business's walls.

By Paul Venezia, PC World |  Security, privacy

The audit should consist not just of physically inspecting all computing resources, but also of performing a Wi-Fi scan to detect rogue access points, and of running scanning software on each PC (or at least a random number of them) to look for keyloggers and the like.

Of course, if you resort to these auditing measures, you send your in-house staff the clear message that you feel you can't trust them, which can hurt morale and may even cause the IT suspect to implement extraordinary methods to find out why you're being "overprotective" of your network and what you're trying to hide.

Perhaps the best way to handle the situation is to be frank about it. Discuss the security need for a second set of eyes on the network, and emphasize that bringing in an outside group to do security audits is in your IT department's best interests. After all, if your network does get compromised, the outside company responsible for testing the network and pronouncing it secure must shoulder a substantial amount of the blame for failing to identify the vulnerability.

If the price of annual or biannual security audits makes your budget watchdog howl, your options for protecting against an IT staffer gone wild dwindle. If you're somewhat technically inclined, you can download and use a Wi-Fi sniffing app for your smartphone, such as WiFi Analyzer, WiFiFoFum, or WiEye for Android to alert you to the presence of hidden Wi-Fi network SSIDs. If you use an iPhone, though, you're out of luck unless you jailbreak your phone, because Apple removed all Wi-Fi scanning applications from its app store last year. Regardless, simply scanning for rogue access points doesn't guarantee that other untoward devices aren't collecting data somewhere on your network.

In a small or medium-size business, being able to trust your employees is vitally important, as is being able to navigate a sensible course between budget constraints and the potential for future problems. Consider yourself very fortunate if your IT group has earned your complete trust, and you can confidently say that you don't have to worry about this problem.

Originally published on PC World |  Click here to read the original story.
Join us:






SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Ask a Question