A common frustration from CEO’s, executives, and business owners who suffer a loss from a virus is they “thought everything was ok” since “they never had a problem before now.”
Any IT professional who has worked with IT security knows the importance of ongoing diligence to keep the network secure. That is why they come to their bosses and managers requesting budget items including centrally managed operating system patches, Internet filtering tools to block malicious code, updated firewalls, robust anti-virus solutions, and other proactive defensive devices. Many executives empower their IT professionals to put these items in place right away. Organizations, after they have suffered a loss, lament about what they “would have, could have, and/or should have” done. Reasons vary greatly.
Budgetary: Some IT professionals explain that they did not even ask their manager to allow them to install a robust firewall since the IT professional felt their manager would refuse the relatively small investment. Some good news is that most security solutions are relatively inexpensive these days – certainly less expensive than a successful attack.
Political: Often, IT professionals do not want to be seen as “the bad guys” restricting users from downloading tools like LimeWire and using instant messenger. This is especially true when IT is outsourced to an IT services company. The outside company wants the users to remain happy so they “keep their job.” This is also true with in-house IT professionals who want to keep their executives and managers happy. I encourage IT professionals to have the courage to speak up, in a kind and gentle way, about how important security is to an organization.
Technology knowledge: Just as you would not go to a brain surgeon to operate on your knee, not all IT professionals are proficient in every area of IT. Be sure your IT professional gets enough IT security training or outsource to someone who can help him or her with the security. The same holds true if your IT professionals will be upgrading you to the latest mail server program. Be sure they are qualified and support them being able to say, “I do not know how to do this and it will cost the company more for me to take time to learn than to outsource this to a local company who will perform the installation for us.” IT is important that your IT professional know they will not lose their job if they know where they are proficient, and where they are not. Could you imagine a hospital firing a cardiologist because the cardiologist refused to deliver babies on weekends too?
Whatever the reason, if you have been putting off your IT security, now is a great time to batten down the hatches.