As long as it’s just the two of us talking, you can tell me – don’t you sometimes go snooping inside the storage servers? Not to be nosy, of course. But, perhaps, to see just what those disk hogs (you know, the ones who seem to need 10 times the storage space) are squirreling away? Well, evidently, you aren’t alone.

The recently released results of a survey by Cyber-Ark Software show that one out of every three IT employees admit to taking a peek at confidential data including private files, wage data, personal e-mails and HR’s employee background information. The research was carried out at last month's Infosecurity Exhibition Europe as part of the company's annual survey into "Trust, Security and Passwords" (check out some of last year’s results).

Cyber-Ark, if you aren’t familiar with it, develops Enterprise Password Vault for securing and managing privileged passwords. A privileged password is defined by the company as the passwords for non-personal accounts “…that exist in virtually every device or software application in an enterprise.” Not your systems, of course – you did change the “Administrator” password on your servers, didn’t you?

In other results of this eye-opening survey, more than a third of IT professionals admit they could still access their company's network once they'd left their job! (See: “E-provisioning true stories 2003”) You, of course, have a de-provisioning scheme in place to prevent that, don’t you? Even more shocking, over one-quarter of respondents knew of another IT staff member who still had access to sensitive networks even though they'd left the company long ago.

Other key findings:

* 20% of all organizations admitted that they rarely changed their administrative passwords with 7% saying they never change administrative passwords.

* 8% of the IT professionals revealed that the manufacturer’s default admin password on critical systems had never been changed (which remains the most common way for hackers to break into corporate networks).

* More than half of respondents admitted to using Post-It notes to store administrative passwords.

Cyber-Ark wants you to know all this so that you’ll be more receptive to installing its Enterprise Password Vault, of course. But even while you’re still evaluating that and similar products, you should be tightening up your own policies and procedures – it’s never too late to start being secure.