Psychology is defined as the science of studying the mind and related behavior. At first glance, it would seem to be far removed from technical areas involving IT security. However, as recently illustrated on ZDNet, it seems that psychology professionals with technical expertise will now become a valuable resource for IT administrators seeking to plug security holes in their networks.

Joseph Steinberg, CEO of security firm Green Armor Solutions, indicated that psychologists understand how the mind works and are more likely to identify weaknesses in security policies that can be easily exploited by hackers, who more often than not utilize their own knowledge of psychology by correctly determining common passwords and protection methods. He also added that, "Just as it is important to understand the bad guys in real life, it is critical to have insights--such as what their motivations are--to fight cyber crime."

Psychologists are often used in criminal profiling. And when it comes to cyber attacks, it is very useful to gain insight into the mindset of the attacker. Some hackers are motivated for criminal gain while others penetrate networks to prove a point or, in the case of professional hackers, to demonstrate to a company that network security needs improvement. Others see themselves as crusaders against the "big brother" mentality, embarrassing high-profile companies by altering web pages, etc. A trained psychologist can effectively profile multiple types of hackers and advise IT personnel accordingly.

The protection of company networks is made more difficult when companies allow their employees to use their own personal devices to connect to it. Smartphones, laptops, and other portable devices should be subject to the same security restrictions as those that are directly connected to the network. Failing to implement security policies that monitor external access to the network by BYOD is taking unnecessary risks with proprietary data. Even small businesses that allow employees to use their own devices often fail to protect them, as indicated in a recent survey. The same situations apply to midsize companies, where IT departments do not have the authorization to configure personal devices used for work.

Perhaps, going forward, psychologists with technical expertise may become more common in the IT security area, providing valuable insights into the minds of cyber criminals and advising IT administrators to select unconventional methods when protecting their networks. Most IT professionals will already be very well aware of the importance of selecting secure passwords, but it must also be remembered that certification courses are available in hacking and other techniques. Therefore, IT administrators need to be very familiar with the latest trends in hacking methodologies and combat these threats accordingly.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.