The Threat From Within: What CIOs Need To Do To Protect The Company From The IT Department

by drjim on February 27, 2013

CIOs can't be too careful when it comes to protecting the company from the IT department…

CIOs can’t be too careful when it comes to protecting the company from the IT department…
Image Credit

As CIO the rest of the company is relying on you to keep them safe. They expect you to lead the IT team in defending the corporate castle from hackers and attackers. The importance of information technology requires us to spend time doing this – it’s really part of the CIO job. However, it turns out that no matter how thick you make the virtual fences that you put around the company’s IT assets, you may be dealing with an even bigger threat from within your own IT department.

Who’s Watching The Store?

A recent survey that was done by PriceWaterhouseCoopers revealed that 56% of the companies that responded to the survey said that they had experienced an economic crime in the past 12 months and the person who did it was an employee. The IT department was identified as being the #1 department that these rogue employees might be working in.

What this means to a CIO is that we need to be very, very careful whom we invite to work in our IT departments. Before we onboard anyone, we have some serious homework to do.

More and more firms are conducting background checks on IT employees that they are considering hiring. The goal of these expensive checks is to assure the rest of the company that the new IT staff can be trusted to be the ones to keep the bad guys out.

CIOs Need A Little Help From Big Brother

This, of course, leads to the next challenge for a CIO – how do you make sure that the IT staff that you have on board right now are still honest? Although when you hired them they were committed to helping the company to succeed, many things may have happened in their lives and some members of your IT staff may now be scheming against you.

Detecting when members of your own IT department have switched teams on you can be very challenging. However, voices from the field indicate that there are ways to do this.

The simplest way to detect IT staff members who may have gone rogue on you is to keep track of when they are accessing the company’s computers. If they work a normal shift and then all of a sudden you see them logging on in the middle of the night with no clear reason as to why they are doing this, something might be up.

Another powerful way to detect when an employee has undergone a behavior change is to monitor how they communicate. Studies have shown that as an employee’s feelings about the company that he or she works for changes, their written communication style will also change.

The types of changes that you need to be looking for include wordy people who suddenly become very brief in their written communication. Additionally, phrases that they use that indicate that they are angry can be another tipoff.

When you are looking for changes in an IT employee’s writing style you should also look for increased incidences of the word “me”. When we become angry, we spend a lot more time thinking about how the world is against us and that causes us to talk about ourselves more. Finally, an IT employee who has started to plot against the company will start to reflect their more polarized way of thinking in their writing and this will show up by an increased use of words like “never” and “always”.

What All Of This Means For You

If you are in the CIO position, then you have many jobs to do. One of the most important of these jobs is to keep the company safe from people who seek to do harm to its IT systems. No matter how well the company is protected from attacks that come from the outside, a CIO always needs to be aware that some of the most serious attacks may come from the inside.

In order to minimize the risk that an IT insider attack poses to your company, you are going to have to take steps to prevent the problem before it starts. This means that you are going to need to carefully screen all potential IT new hires. Once on board, you are going to have to monitor every IT employee’s written communication and be on the lookout for changes in how they express themselves.

It would be nice if there was some way to identify the good guys from the bad guys – like if the good guys wore white hats and the bad guys wore black hats. However, things don’t work that way in the real world and so CIOs have to take extra steps in order to keep the company safe. Follow these suggestions and you’ll have more time to spend on the attacks that come from outside of the company.

- Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: When you detect a change in an IT employee’s communication style, what steps should you take?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

The CIO job is to find ways to use IT technology to help his or her company move faster, do more, and in the end make more money. Ultimately this is how we show the importance of information technology. While this is pretty clear, just exactly how to do this, or how to measure how well you are doing this, has always been just a bit trickery. Now things are starting to become more clear. It turns out that how fast a CIO can get data to move within the company determines just how fast the overall company is able to move.

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: