Warning: IT staff snooping on confidential data!

by Alex Zaharov-Reutt

Monday, 23 June 2008

Page 1 of 2 ! Do you trust your IT staff to do their jobs and mind their own business? If so, you could be in for a scandalous shock, as a third of whom have inexplicably volunteered in a survey that they’re looking at highly confidential data, sometimes even after they’ve left the company. Time to be alert – and alarmed! Do you trust your IT staff? That’s a question every company now needs to ask itself in light of a survey from security company Cyber-Ark, which unveils some very shocking findings: your IT staff are spying on you. Of course, not all IT staff are doing that, but one third of 300 senior IT professionals surveyed at the recent “Infosecurity Expo 2008” event showed they were really IT unprofessionals, “snooping around the network, looking at highly confidential information including salary details, M&A plans, the personal emails of others, board meeting minutes and other personal information”. Cyber-Ark’s annual survey is called “Trust, Security and Passwords”, and it reached out to IT professionals mainly from companies employing over 1000+ employees to take part. When one third of those surveyed freely admit “to using their privileged rights to access information that is confidential or sensitive by using the administrative passwords as a means of peeking at information that they are not privy to”, we’re talking about a major security breach. Worse still, of those 300 surveyed, 47% admitted to accessing information that was not relevant to their role. Not only are some of these IT staff an active danger to the security of the companies that employ them – they’re admitting so in a survey which will have its results made public! That’s highly careless in itself, why are these IT staff so willing to admit their transgressions to third parties, even if their identities are anonymous? Few companies will be willing to accept their IT department’s assurances that security and privacy of information is being respected now. Mark Fullbrook, UK Director of Cyber-Ark says "When it comes down to it, IT has essentially enabled snooping to happen! It's easy - all you need is access to the right passwords or privileged accounts and you're privy to everything that's going on within your company.” Fullbrook continues: “Gone are the days when you had to photocopy sheets of information with your customer database on it, or pick the lock to the salaries drawer! In some organisations there is little understanding or lack of controls in place to manage workers access to systems.” Next up on page 2: What else are supposedly trusted IT people getting up to behind your back... and the worrying news that your strong password regime could actually be startlingly weak. << First page <   1 2 Next page > Last page - Post your comment >>

 

< Next story in category		Previous story in the category >

Visitors last 30 days Suscribers

904,266 13,751