Lowering IT Wages May Cost Companies More

Companies that attempt to increase profits by lowering the wages for the IT staff may be playing Russian roulette with the organization’s future and finances because the risks clearly outweigh the rewards. Any savings gained by paying lower wages will be offset by higher human resource costs, administrative costs associated with responding to and repairing network and information breaches caused by disgruntled or careless employees, and potential fines or penalties incurred by failing an Information Security Audit.

There is a saying in Information Security, “your company’s security is only as good as your weakest link.” The weakest link for most companies dealing with electronically stored information or IT related services is the entry level employee. Paying the weakest link in your security apparatus a substandard wage is the equivalent of letting the fox guard the hen house.

Positions offering substandard wages are going to have a high turnover ratio as the low paid workers seek out better and more lucrative opportunities. IT Security professionals consider high turnover in an IT position to be a dangerous situation. Workers that are given even limited access to IT infrastructure can pose serious potential security risks to any organization.

Imagine the amount of workers coming and going through a revolving door that had direct access to an organization’s network and information. Even with the best laid access control policies and security domain templates, it only takes one careless employee to lose or compromise valuable company assets. Anyone that disregards security protocols or is computer savvy and disgruntled may find a security hole and wreak havoc.

The administrative costs associated with responding to a breach and repairing any damage can be significant. Just imagine the public outrage that will occur when it is publicized that a theft or compromise of sensitive information was the direct result of employing low paid workers within an IT position. This potential scenario could financially ruin a company.

Companies that must be compliant with certain industry and regulatory standards such as SOX, PCI, HIPPA, and FISMA should be especially aware of the financial consequences associated with paying IT staff below standard wages. Information Security and Compliance Audits, conducted bi-annually or quarterly depending on the type of business, will usually be conducted by an experienced Certified Information Security Auditor (CISA).

The auditor will not only test the network and the information access programs for vulnerabilities but, the auditor will also interview employees having access to the IT system. This includes testing entry level and mid-level IT personnel for their ability to comply with policies and required regulations. Lower paid IT employees that may be working at the organization until something better comes along are far more likely to disregard security policies and/or not stay current with their necessary compliance training.

The attitude is that lower paid workers may not take the organization’s security policies seriously; they are just there until they find a better paying job. CISA’s are very aware of these issues and they will document every concern and vulnerability related to an employee’s compliance failure. The failure of an information security assurance compliance audit or, in some circumstances, a poor score on a compliance audit can cause an organization to incur substantial fines or penalties.

 A company that lowers the wages for mid-level and senior IT staff runs the risk of losing critical IT professionals when the economy improves and market forces create new higher paying positions elsewhere. Modern management theories suggest that money does not necessarily motivate workers to perform and excel but, salary is a determining factor as to whether an employee is satisfied or dissatisfied with his or her position. Dissatisfied workers are more likely to leave an organization and in the case of experienced IT personnel, such losses could leave a vacuum in an organization’s IT infrastructure.

Prudent organizations will keep IT salaries in line with pre-recession industry standards in order to keep critical staff for the long term and reduce costs associated with information security breaches and compliance issues. These companies will save money in the long term.

Martin Connell is an Information Technology Security Specialist and the author of the "Computer and Internet Security Basics" eWorkshop.

• PRE-Syndication Visits: 18
• articleadvocates.com Visits: 84
• net-teams.net Visits: 66
• computersecuritybasics.com Visits: 229
• buzzstandard.com Visits: 4
• eworkshopcourses.com Visits: 5
• buz-r.com Visits: 3