T 3.6 Hazards posed by cleaning staff or outside staff

It is not always easy nowadays to train your employees on the proper handling of business-critical information and IT systems. When outside staff is used, it cannot be assumed that they will handle the information and information technology according to the rules specified by the organisation they are working in, especially since the outside staff seldom knows these rules.

Visitors, cleaning staff, and external staff can pose a hazard to internal information, business processes, and IT systems in various ways ranging from the improper handling of the technical equipment, attempting to "play" with the IT systems, up to the theft of documents or IT components.

Examples:

• Visitors, when unaccompanied, could obtain access to documents, data media, or devices and damage them or gain knowledge of sensitive information without authorisation.
• Cleaning staff may accidentally unplug a cable connection, water may leak into equipment, or documents may be misplaced or even taken out with the trash.
• An external employee stored some documents that needed to be printed before a meeting in a government agency on his laptop. To print them, he copied them from a USB stick to a computer in the LAN of the government agency. Unfortunately, malware was also transferred to the computer.
• In one computer centre, painting work was to be carried out in the machine rooms. The painter accidentally knocked his ladder against the main emergency switch of the power supply and triggered it. The supply of power to all the z/OS systems in this computer centre was immediately interrupted. As a result of the power failure, several hard disks (DASD - Direct Access Storage Device) were not available immediately. It took the technician who was called in several hours work before production could be resumed.