There are a number of pitfalls that IT departments fall into, Church or otherwise.
No matter the organization, much of the culture and dynamics are the same.
Here are the first 5 IT pitfalls to avoid:
1. Overzealous Password Policies
I know, I know. After talking about the importance of password policies, how to create good passwords, and password management solutions, this almost sounds contradictory.
Here’s where you have to be careful: Don’t be too complex.
If you make passwords too complex or require passwords to be updated too often, all your hard work putting together a stellar password management solution will be found on scraps of paper in desk drawers, Post-It notes and on pieces of tape stuck to keyboards and monitors.
Follow-up with your password users and strike a healthy balance.
2. Mismanaged Datacenter
If your data center (no matter the size) looks like a plate of spaghetti, fix it! All your gear should be properly labeled and your cables should be neat, tidy and easy to manage.
I know the data center is your place to hide away from those nasty accountants and cocky marketing guys, but it isn’t your private hide-a-way. It should be orderly enough that any visiting tech guy could easily figure out how you’ve set things up.
3. Ignoring the Human Element of Security
The weakest link in your IT security is human beings. More reason not to have an overzealous password policy. Even still, education and action are your best weapons.
You can have the best firewall installed, but if your login and password is “admin,” consider your firewall non-existent.
As for education, teach those on your network about phishing, identity theft and the like; but please — please — don’t talk over their heads. I don’t care if you’re surrounded by “e-tards,” when your system gets hacked, who’s at the office at 3am?
4. Creating Indispensable Employees
Having a valuable team of employees is awesome, but creating indispensable employees can create monsters.
Take, for example, former City of San Francisco employee Terry Childs, who was eventually jailed for refusing to reveal key network passwords that only he knew.
Encourage team work and collaboration!
5. Raising Issues without Solutions
It’s not enough to point out potential security risks and points of potential failure. This will ultimately lead to defensiveness and leave issues un-addressed.
Whenever you present a problem or report an issue, have a solution ready.
Share any pitfalls you’ve seen or experienced?
Read 5 More Church-IT Pitfalls to Avoid!
[via InfoWorld | Image via David Heinen Jr]
Eric Rovtar says
Another great article. Here are two tips I can think of…
Don’t sacrifice quality for cost. Good equipment costs more because it’s good. Go with name brand networking equipment and professional level models. For example, buy Cisco, not Linksys or Cisco Home. Professional level equipment offers better security and more features (features you might not implement right away, but could come in handy down the road).
Also, buy consistently. It makes your life easier. If you can have all of your switches the same model (and even laptops for that matter), it is so much easier to work with them.
Eric Dye says
Good call! Excellent tips!
BenJPickett says
This is important but make sure you look at whole picture and all options. Cisco is great but in a lot of situations a Netgear level 3 managed switch will do the job just as well as a Cisco and save a lot of money. If you’re securing a smaller or home office, no need to spend a lot of money, a stable release of DDWRT is solid and rocks. DDWRT will not handle traffic from several computers but if you have 4 or 5 computers, save the budget for when it’s needed.
The best advice I can give on security is to never, under any circumstances say “it won’t happen to me”.
Eric Rovtar says
Sorry, I wasn’t trying to plug Cisco. It’s just the brand I’ve grown accustomed to, so it’s the one that comes to mind. I know there are other brands out there, though, I would reluctantly try them since I’ve built that relationship with Cisco.
Also, I was assuming that most on here were dealing with a church our size (4 campuses, about 50-60 staff members). I agree, that a church that is smaller doesn’t need the “large scale” items.
Thanks for the helping me clarify that!!
Eric Dye says
Dude. No problem. 😉
Eric Dye says
Isn’t THAT the truth!
Raoul Snyman says
http://xkcd.com/936/
Eric Dye says
I <3
Paul Clifford says
The last company I worked for made me change two or three different passwords (one for timecard, one for network, and another one) every couple of months. I spent so much time thinking about new passwords, that I’d often forget them and just change back to the previous one. Add to that, that either my email or the printer would quit working for me for a couple of days every time I changed my network password and you’ll know why I eventually would change my password and change it back immediately. In keeping the network safe, they made it so that I tried to figure out ways around the security so that I could actually do my job. Too much security can make you insecure.
Eric Dye says
Absolutely!
Raoul Snyman says
We have the same irritating password policy. Sadly, it’s a Microsoft mentality, which means that any business running a largely Microsoft-centric network will have this policy.
As you said, Paul, it makes it difficult to have secure passwords. I’ve asked numerous people at work, and 90% of them have admitted that they simply change the number at the end of their password every month. I bet you that I could *GUESS* 50% of those passwords in less than 5 minutes (per password).
I actually blogged about it here: http://blog.saturnlaboratories.co.za/archive/2010/10/31/security-windows-vs-linux