IT staff snoop on personal data

May 31 2007 by Brian Amble Print This Article

If you're not worried about the security of personal data being demanded from you by a growing army of companies and official bodies, perhaps you ought to be. Because a new survey has found that almost a third of IT staff abuse their trusted positions to snoop on the confidential information held on their company's computer systems.

A survey conducted by Cyber-Ark Software at last month's Infosecurity Exhibition Europe revealed that one in three IT staff admit to snooping through company systems and peeking at confidential information such as private files, wage data, personal emails, and HR data.

One IT Administrator laughed out loud as he answered the survey, saying: "Why does it surprise you that so many of us snoop around your files, wouldn't you if you had secret access to anything you can get your hands on!"

As if that weren't bad enough, more than third of IT professionals also admit that lax network security meant that they were confident they would still be able to access their company's network if they left their current job.

What's more, more than a quarter said they knew of another IT staff member who still had access to networks even though they'd left the company long ago.

The research is the latest to highlight that human failings and shoddy security are the "weakest link" in the data security chain. And it comes just months after research by privacy research group, the Ponemon Institute, revealed that a third of executives don't trust their own companies with private or sensitive information and don't think that most of their business partners are trustworthy, either.

According to Cyber-Ark, a large part of this security shambles is caused by the mismanagement of passwords.

One-fifth of all organisations admitted that they rarely changed their administrative passwords with seven per cent saying they never change administrative passwords – which may explain why so many people said they could still access their network even if they left the company.

Moreover, more than half of respondents said they wrote critical administrative passwords on sticky notes, while eight in 10 IT professionals just try to remember administrative passwords in their heads – which might explain why, as another IT professional said, "we just pick one password for all the systems and write it down."

"It's surprising to find out how rife snooping is in the workplace," said Calum Macleod, European director for Cyber-Ark, said.

"Gone are the days when you had to break into the filing cabinet in the personnel department to get at vital and highly confidential information. Now all you need to have is the administrative password and you can snoop around most places.

"Companies need to wake up to the fact that if they don't introduce layers of security, tighten up who has access to vital information, and manage and control privileged passwords, then snooping, sabotage and hacking will continue to be rife," he added.

  Categories: