Security and Privacy: What Secrets Does Your IT Department Know?
Contributed by Mark Davenport
If you are a CEO or a CFO with an IT department of any size, you might wonder to yourself just what they know, and what they are doing with that knowledge.
The first thing to understand is that no matter what the size of the department, there are individuals in IT that have admin rights to every system supported. This allows them to singularly access sensitive information of customers, employees, and even vendors. Additionally, with the right tools, they can track every move you make while using your computer, such as web sites visited, what you print, what you store on your hard drive, and even track each of your keystrokes.
What Does Your IT Department Know in Human Resources
An IT individual with admin rights to the human resource system(s) will have the ability to access extremely sensitive information of all the employees in the company. Sensitive information such as salary, benefits, bonus payouts, and even court ordered wage garnish information, such as alimony and/or child support payments. This access can be used to access personal information, and even the CEO and CFO aren’t exempt.
Furthermore, those individuals have access to the customer facing systems and data regarding the customers, names, addresses, and the ever sensitive credit card numbers…and much more depending on the nature of the business. There are many high profile instances where a breach in this area has been a huge issue for companies.
What Does Your IT Department Know in Email
The major area of what IT knows is within the corporate e-mail system. The email system is something everyone takes for granted, and almost every thought, idea, strategy, decision, concern, and the like is written down and sent in an email and/or attachment. This then usually gets backed up and sent offsite in many cases. There are multiple people in IT that have access to these emails and calendars, and they read them more than occasionally.
Many companies have developed a work culture of sending emails instead of phoning or meeting in person. This has elevated email (and other forms of social networking) to the primary method of communicating with our coworkers, clients and vendors. Because of this, an IT email admin has the ability to learn just about everything that is going on inside and outside the organization…if they were so inclined. To this end, each person in the organization needs to recognize that everything that is written in the body of an email, or is not in an encrypted attachment has the potential of being compromised. Emails should be composed with the understanding that someone other than the intended recipient will read it.
Trust is Key
It’s not all bad. Most companies have a very high level of trust between IT and the business, and this trust is vital for those companies to function. This is definitely something that your IT department knows.
Mark is a professional with over 25 years experience in IT and technology management. Mark’s SPECIALTY is the marrying of IT and the business processes to strategically align objectives of the overall organization to the technology that serves it. Mark can be reached at [email protected]