Is your IT person holding the network hostage?

Problems with your PC Support and IT staff

“Step 1: Change all the passwords…”

This is an inside joke for IT professionals.  It refers to job security.  If you are the only person who has the keys, your management will think twice before they fire you.  With that level of job security, you can close the door and go back to playing computer games.

As a business owner, you need to stay in control of your computer system!  The best way to do this is to demand documentation and account best practices from your computer staff.

Standard IT department documentation should have this information (at minimum):

  • A visual diagram of major systems (such as servers, network equipment) listing their purpose, how they are connected, and network addresses to administer them.
  • “Administrator” level usernames and passwords for each piece of network equipment, server operating system, and major application (such as your website and email).
  • Printouts or backups of configurations for each major program and equipment, so that if your IT guy gets run over by a bus (or quits suddenly), a new person can see how it should work.

Account best practices should be followed:

  • If a system allows you to create more than one administrator account, each IT staff should have their own account, named to identify the owner (example: jsmith).
  • Generic “administrator” or “root” accounts should not be used if named accounts are available.
  • Generic “administrator” or “root” accounts should have unique, complex passwords that few people know.

These two best practices are important for protecting yourself against criminal IT people as well as outside hackers.

Here are four reasons why:

  1. Access logs can be reviewed periodically or after a security incident to see which account performed the action.  Generic accounts always leave the question of “who was actually logged on?”
  2. IT people are much less likely to do improper things if their personal account is associated with it.
  3. If an IT person leaves the company, you can disable their personal accounts easily without hurting anything.
  4. And you are more likely to notice if new administrator accounts are created, or there is unusual access by the “administrator” / “root” account (symptoms of outside hackers).


And the obvious business pitch:  If you are having trouble with your staffing, want to supplement them, or don’t have an IT department at all, consider Kieri Solutions.  We support businesses near Frederick, Baltimore, and Gaithersburg MD with a variety of IT and cybersecurity services.