Computer and IT systems are not easy to set up. They take a lot of technical knowhow as well as a lot of attention to details. IT systems are not foolproof and there is no perfect way to put them together. Unlike a carpenter who knows how to fit things together without any doubt, an IT person often has to contend with other factors outside his or her control.
Some of the things that the IT person has to deal with include eat, loss of power or surges in power, unauthorized access, mistakes by the users, third party software which can be faulty and incompatibility of systems among others.
What most people, even advanced computer and IT people, don’t realize is that these challenges pose hidden risks for the security of the information. One of the risks is the disposal of old technologies. Many institutions find that over time they have to upgrade their systems to remain competitive.
Things like old computers are therefore wiped, their drives wiped and shred then shipped off to be disposed. Few years ago it was revealed that old computers were being shredded and sent for disposal in Ghana. The people in Ghana found ways to recover the information and sold that information to criminals in the black market, leading to several blackmail cases.
The other risk is old equipment in the office. This can conclude things like old servers which run software that had weaknesses. Such servers can allow access by hackers and that can be a huge threat. Other old equipment like fax machines can also be a source of insecurity. This is because faxes have hard disks which store information. If such hard disks are not wiped and destroyed then they can be a vulnerability.
The other risk is human error. This can range from anything like accessing the IT system from an unencrypted device such as a personal phone or taking home files from the office to go work on them over the weekend. These sorts of risks can be dangerous to an organization.
Another hidden risk legacy software. This is software that was designed to be used by more than two systems for portability of data. Legacy software has to allow access to both systems. This means that it potentially has risks from two main ends. Failure to monitor these kinds of risks can result in risks and breaches.