Other issues in this category (69)
Outsourced system administrators
Many companies outsource the maintenance of their IT infrastructures to contract system administrators. Why pay a salary to an employee (a manager may think) if their assistance is only required once or twice a month? Let's pay them on a per-visit basis and optimise our costs.
Does this approach entail security risks? At first glance, no.
However, an outsourced system administrator will come to your office with their own laptop, which will probably be running a different anti-virus (not the one your company is using). And that is quite logical: when employed by multiple companies, an individual can't install new anti-virus software whenever they pay a visit to a client.
And what if the outsourced administrator uses free anti-virus software or has no anti-virus whatsoever?
A contractor installing a digital display at a Queens police academy in New York connected an infected NUC (a mini-PC) to the organisation's network. As a result, the unidentified malware spread to the 23 computers that were communicating with the LiveScan fingerprint database.
A similar incident can occur in the network of any company that hires contractors for one-time jobs. The same applies to technicians who carry out similar tasks at hospitals, maintain payment terminals in shopping malls, etc. Their computers are beyond your control. Nonetheless, to do their job in a corporate network, they usually need administrator permissions—which makes it even easier for malware to be deployed. The consequences of optimising costs in such a way can be dire.
Unfortunately, small and medium-sized companies usually cannot enforce security policies for the equipment that their hired contractors are using. But we can give you some advice.
- Work only with certified engineers. If you are dealing with a reliable professional, they will most likely have a certificate issued by a respectable anti-virus company (for example, Doctor Web offers a variety of free certification courses for IT technicians). These administrators are competent enough to understand the existing security risks and are prepared to use cutting-edge anti-virus technologies to keep their customers safe.
- Add a clause to the contract that will hold an outsourced worker responsible if an infection appears in your network. Also indicate that their computers must be protected with a commercial anti-virus product.
- Divide your network into subnets. Should malware infect some of your computers, it won't be able to spread all over the network.
- Back up your data.