Watch Out for IT Administrators Going ‘Rogue’
Tough economic times usually mean that businesses need to look at reducing costs. Typically, a company’s largest overhead – especially in the IT space – will be its staff. IT managers may want to think twice before shrinking headcount in their department. A recent survey by Cyber-Ark highlighted that 88 per cent of IT administrators would steal passwords and valuable data from the network if they unexpectedly lost their jobs.
This statistic, as concerning as it seems, doesn’t even touch upon the problem of those left behind, simmering in discontent at the sudden increase in workload for no extra pay. What power is being left in the hands of people who could potentially use their knowledge and expertise to wreak havoc on your network?
What can companies do to protect themselves from a potential rogue IT professional? The key is to remember some good working practices at any point in time, and to ensure that the appropriate technology is in place to help maintain the necessary equilibrium between access and control.
Segregation of duty: One of the key recommendations of Sarbanes-Oxley legislation, and a sensible principle for a company of any size or status, is the concept of segregation of duty. This ensures that no single individual has control over two or more phases of a transaction or operation.
Role-based access: In addition to segregation of duty, it’s important to work to the principle of least privilege. Each individual should only be awarded a level of network access that is essential for them to do their job. These access rights and privileges can be most effectively managed through a centralized system which grants staff access to both buildings and systems, facilitated by the use of smart card technology.
Password management: The use of one-time passwords (OTPs) can help protect the validity of passwords in the authentication process. Ensuring critical passwords are automated to change after each use (as opposed to static passwords) significantly diminishes the risk of rogue administrators harvesting individual log-ins for unauthorized remote access, or using the data to block all users from the network.
Hardware: Conduct regular audits of all devices supplied to staff during a period of employment, ensuring no unauthorized equipment is attached to the network or removed from the building without permission.
Taming the rogue: Of course, it’s not 100 per cent possible to safeguard completely against the wrath of terminated IT administrators. A clever individual with highly tuned technical abilities and a resentful nature will always find a way to get around the system. However, with the right operational policies and effective management technologies in place, there’s no reason why an equally clever IT manager can’t make it that bit more difficult for the rogues to try.
