A Third of IT Staff Secretly Peek at Confidential Data
12/06/2009
Cyber-Ark® Software’s annual survey for 2008 into Trust, Security and Passwords has discovered that organisations confidential data is at risk from their own IT staff.
The survey found that one third of the IT staff asked admitted to using their privileged rights to access information that was confidential or sensitive.
The survey included 300 senior IT professionals (mostly from organisations with more than 1,000 employees). Most commonly the snooping staff used administrative passwords as a means of looking at sensitive information.
The type of information being looked at included salary and redundancy lists plus alarmingly many admitted that they would steal information from their employer if they were made redundant.
The data most likely to be targeted included e-mail administrator passwords, copies of customer databases and business merger plans. In addition some were also likely to target financial reports and managing director passwords.
Worryingly only 26% of those questioned said they would not be able get around their organisations security controls without being detected. This is not surprising as privileged passwords are still being infrequently changed.
The survey further revealed that 7 out of 10 companies were relying on insecure methods to transfer sensitive data both within organisations and between business partners with 35% choosing to email, 35% using courier services, 22% using FTP and 4% relying on the traditional postal system.
Udi Mokady, boss of Cyber-Ark summaries that:
"This survey shows that while most employees claim that access to privileged accounts is currently monitored and an overwhelming majority support additional monitoring practices, employee snooping on sensitive information continues unabated"
It would appear that many businesses have developed a culture of trust rather than security when it comes to senior IT staff, which is seriously compromising their confidential data.
DCS takes this sort of security risk into account when creating information management software and solutions.
Kevin Ingram, Managing Director of Data Capture Solutions Ltd commented that:
“It is important to separate out from IT staff certain compartments of sensitive company information into a different secure document repository where different security models can apply and network administrators do not have carte blanche access.
In addition to this operating systems (like Windows) do not record access and audit information so the company does not know who has seen what and when.
Our award winning document management product FileStore EDM gives solutions to both of these issues allowing sensitive information to be better controlled and audited alleviating business risk.”
DCS are global providers of enterprise information management solutions including both installed and hosted SaaS solutions to many of the World´s largest companies allowing them to improve operational efficiency while making significant business savings. Find how DCS can help your organisation today.