Companies that attempt to increase profits by lowering the wages for the IT staff may be playing Russian roulette with the organization’s future and finances because the risks clearly outweigh the rewards. Any savings gained by paying lower wages will be offset by higher human resource costs, administrative costs associated with responding to and repairing network and information breaches caused by disgruntled or careless employees, and potential fines or penalties incurred by failing an Information Security Audit.


There is a saying in Information Security, “your company’s security is only as good as your weakest link.” The weakest link for most companies dealing with electronically stored information or IT related services is the entry level employee. Paying the weakest link in your security apparatus a substandard wage is the equivalent of letting the fox guard the hen house.


Positions offering substandard wages are going to have a high turnover ratio as the low paid workers seek out better and more lucrative opportunities. IT Security professionals consider high turnover in an IT position to be a dangerous situation. Workers that are given even limited access to IT infrastructure can pose serious potential security risks to any organization.

Imagine the amount of workers coming and going through a revolving door that had direct access to an organization’s network and information. Even with the best laid access control policies and security domain templates, it only takes one careless employee to lose or compromise valuable company assets. Anyone that disregards security protocols or is computer savvy and disgruntled may find a security hole and wreak havoc.

The administrative costs associated with responding to a breach and repairing any damage can be significant. Just imagine the public outrage that will occur when it is publicized that a theft or compromise of sensitive information was the direct result of employing low paid workers within an IT position. This potential scenario could financially ruin a company.

Companies that must be compliant with certain industry and regulatory standards such as SOX, PCI, HIPPA, and FISMA should be especially aware of the financial consequences associated with paying IT staff below standard wages. Information Security and Compliance Audits, conducted bi-annually or quarterly depending on the type of business, will usually be conducted by an experienced Certified Information Security Auditor (CISA).