Follow us at
Sapient Coach
  • Blog
  • Services
  • Contact
  • EspaƱol

Investing in IT Staff to Reduce Security Breaches and Data Leaks

5/5/2019

0 Comments

 
SapientCoach, Gilberto Crespo Technology Blogger
​It is well known that humans are the weakest link in the information security chain, but specifically, who are them? Well, you may guess, “they” are everyone. I have been in both sides, as a user and as a system admin; and in both sceneries humans tend to make mistakes. It’s human nature.
I don’t want to justify that human trait. I just want to create some kind of awareness. Specifically, companies should consider invest in security education trainings and awareness programs directed to their Information Technology personnel. They are clever at securing the information technology assets of an organization. A single unchecked checkbox in the configuration of a firewall rule or security policy, is enough for a cybercriminal to penetrate the corporate perimeter and compromise the entire network infrastructure without any trace. Furthermore, causing a security breach that in turn would potentially cause a massive data leak. You may be familiar with the severe regulatory and business consequences of these type of security events. Definitely this technical staff will appreciate the company investment in their continuous professional and educational development.
 
What am I proposing? Well, more than demanding compliance with information security policies from staff, companies need to keep them with the most up-dated training and knowledge about the latest cyber threats, and vendor specific and technology trainings. Likewise, IT staff need to have the kind of sense that their work is contributing successfully to accomplish the organization’s  objectives, goals and profits by being compensated with market rate salaries. Providing staff with the necessary tools, knowledge and motivation, will let them know their  value within the company, as well as the importance of their jobs. This will also help companies to attract and retain the best talents.
 
Technical trainings and awareness should be directed to multiples areas such as secure development, system hardening, security controls effectiveness, vulnerability assessment, patch management, IT asset management (software & hardware), and IT staff recruitment, just to mention a few. Likewise, management should consider mid to long term professional development plans, that may allow them being certified among various paths like CEH, CISM, CISSP, MSCE, Security+, and ITIL, among many others. This should strengthen the staff with the latest technological and security knowledge. Also, this would help them to develop and/or maintain a more mature security posture. Not to mention that they would be intrinsically better motivated.
 
Companies investing in developing their internal IT staff should consider this a win-win scenario, where better prepared, compensated, and motivated staff, presented more engaged and loyal employees. Even though that this will not necessarily be always the case, it is worth the try. It will cost much less that being hacked.
 
Remember, most of the time, hackers are organized, better prepared than some industries, and highly motivated. Internal IT staff should be ahead of them.

Author: Gilberto Crespo, MSCE, CDIA+, CIP, ITILv3
Computer Engineer & Technology Blogger
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Gilberto Crespo

    Author

    Dr. Gilberto Crespo is an information security researcher & technology expert.

    He has been working for more than 20 years in the information technology industries, cybersecurity, financial, higher education, and life coaching.  He is also a motivational and leadership speaker.

    View my profile on LinkedIn

    Archives

    June 2022
    January 2021
    May 2019
    April 2018
    March 2018
    July 2017
    May 2017
    February 2017
    September 2016
    July 2016
    April 2016
    March 2016
    January 2016
    December 2015
    November 2015
    August 2015
    June 2015
    May 2015
    February 2015
    January 2015

    Categories

    All
    Android
    Apple
    Business
    Certification
    CloudComputing
    Coaching
    Computers
    Covid19
    Cyber
    Cybersecurity
    Education
    Employment
    Faith
    Goals
    Google
    Hackers
    Heaven
    Homeopathy
    Inspiration
    IOS
    IoT
    Jobs
    Microsoft
    Motivation
    Nature
    Online
    Potions
    Publication
    Remedies
    Research
    Security
    Skies
    Sun
    Technology
    Tips
    Work
    Zombies

    Subscribe to email updates, it's FREE

    *required

Copyright © 2023.  This site is part of Sapient Coach © 2023.  All rights reserved.  All content posted on this site is a commentary or an opinion, and is protected by freedom of expression.  Sapient Coach is not responsible for content written by contributing authors.  The information in this blog is provided for educational and informational purposes only.  It is not intended as a substitute for professional advice of any kind.  Sapient Coach © assumes no responsibility for the use or misuse of this material.  The use of this web site indicates your acceptance of these terms.  All brands, trademarks and service marks mentioned on this site are the property of their respective owners.

Designed by Blig Consulting

BligConsulting.com