Corporate Politics vs. Corporate Security: A Conflict of Interest

December 21, 2017 | Views: 1690

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

When new employers are orientated, trained and onboarded there are many different types of issues brought to the attention of the new member of your occupational family. An individual may feel that they are part of a new community, may be receiving a high wage rate and may have a high degree of pride.

It is important to remember that the manner in which an employee treats internal vendors, such as the help desk, which may be contracted out, much the same way that the cafeteria may be contracted out, so the core employees can focus on their goals and reduce costs for the corporation as a whole.

For example; if an employee or group of employees calls into the help desk fopr a password reset, and refuses to offer authentication questions, develops an unprofessional attitude of undeserved arrogance and ignorance, with an elevation of threatening posture, this may be an indicator of a security issue.

I.T. Professionals who are exposed to a conversatioon where the conversation indiates, urgency, or a situation where an I.T. Help desk employee or contractor is threatened with their job security is at stake, that phone call, should be preserved, logged as to the date and time and the key help issue.

Individuals whom, conduct penetration testing and individuals who attack I.T. Systems from outside or from within, want to influence the emotional state of the help desk professional and obtain as much information as possible, with the limited amount of time, hassle and may use [hrases, hey I hope you can help me, I’ll let your boss know how much you helped me out.” , or “Help me out of I will, have you fired.”, “You don’t know what you are doing.” This is a huge thing because indivisuals who work in information technology sometimes have huge egos, and noone wants their ego hurt.

The right thing for a I.T. Help desk professional to do, is to ask the end user to have their supervisor call in, this way, A. The supervisor is aware of the activity. By getting the supervisor involved, the question can be asked, as to why the employee is losing their password, and the matter is off of the help desk person.

A good example of a situation where this can be an issue is if a help desk is located at a chemical plant, for example, maybe a government contractor with security clearance. If a permanent employee calls into the contracted help desk and starts having an unprofessional attitude and is threatening an individual’s employment because the full time employee can not offer their credentials in order to reset a password, calmly reminding the employee the nature of the business and importance of the work, may work and reminding the employee to call back or have their supervisor call in would be more appropriate.

There are many chemical companies, truck lines, and contractors all over the United States. This is an amazing understatement, but these are located within residential areas, tucked alongside quiet neighborhoods and if credentials are offered to the wrong individual, safety controls can be overridden, tanks can be over pressurized. A tanker truck could have a toxic mix when a dirty taker is filled whith two reactive chemicals.

Unfortunately, seasoned technical support reps, can lose their employment by doing nothing more then the right thing. The alligation of being “rude” carrys more weight than the greater good that infastructure security management can offer. In protecting the community, fellow employees and the interests of the corporation, the employee is placed in a conflict of interest, because their employer is in a business agreement with the employer and likely to fire an employee that a client wants gone.

The scary thing is that the next time an employee calls in and demands access to a system and does not have correct credentials, will the next contractor just offer access, or run the risk of losing their job? It is the job of a help desk professional to secure and be a steward of the system as much as it is for customer service, but customer service should never trump the integrity of the controls put into practice.

How will that contractor know that the individual on the phone, has a right to be in that system?

Will the management at the subcontractor company truly care? Every time a family watches their children play or board the schoolbus in the morning in the shadow of a chemical plant will any thought be made to the security of the plant nearby?

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel