Skip Links

Network World

Michael Cooney

The IT department as corporate snoop

By Layer 8 on Thu, 05/31/07 - 2:40pm.
Newsletter Signup

As if we needed more proof that insiders are a seriously worse threat to your corporate jewels than any malicious hacker, a study released today says that  one in three of IT employees snoop  through company systems and peek at confidential information such as private files, wage data, personal emails, and HR background. The survey, which claims to reveal "the hidden scandal of IT staff snooping," is from Cyber-Ark Software, a company that, naturally  specializes in password protection As if that weren’t bad enough, the survey found that more than one-third of IT professionals admit they could still access their company’s network once they’d left their current job, with no one to stop them.  More than 200 IT professionals participated in the survey with many revealing that although it wasn’t corporate policy to allow IT workers to access systems after termination, still almost 25% of respondents knew of another IT staff member who still had access to sensitive networks even though they’d left the company long ago.  "Gone are the days when you had to break into the filing cabinet in the personnel department to get at vital and highly confidential information. Now all you need to have is the administrative password, and you can snoop around most places, and it appears that is exactly what's happening," said Calum Macleod, European director for Cyber-Ark, said in a statement The study also showed that over 50% of workers still keep their passwords on a Post-It note, in spite of all the education the IT security industry to do it differently. And in the don’t do-as-I do-dept., more than 50% of respondents admitted to using Post-It notes to store passwords to administrator accounts.  One-fifth of all organizations admitted that they rarely changed their administrative passwords with seven percent saying they never change administrative passwords. This would help explain how one-third of all people questioned would still have access to their network even if they'd left the company. Eight percent of respondents noted that they still use the manufacturer's default admin password on critical systems. This remains the most common way for hackers to break into corporate networks, Cyber –Ark said.

Welcome, visitor. Register Log in
About Layer 8
Layer 8 is written by Michael Cooney, an online news editor with Network World