Third of IT workers snoop confidential info
July 10, 2009 by Sam NarisiPosted in: In this week's e-newsletter - Tech
One of an IT department’s biggest nightmares: staffers using their access privileges for illegal or unethical purposes. That kind of behavior may be more widespread than you think.
One in five companies have experienced insider sabotage or security fraud by a member of the IT staff, according to a new survey of 400 IT administrators by CyberArk. Of those companies, 36% say the IT employee delivered privileged information to a competitor.
Overall, 33% of IT workers admit they’ve used their administration rights to access confidential information, such as HR records, customer databases and layoff lists.
To make sure your business isn’t the victim of sabotage or theft, here are some tips experts recommend:
- Perform reference/background checks — Checking applicants’ history is one way to keep out IT staffers who might abuse their access privileges.
- Make sure the rules are clear — IT employees can be more likely to violate policies than other employees because they have a better idea of how to get around technology controls. That’s why it’s important to have rules about who can access what and discipline people who break them.
- Restrict access — Employees should only be able to view data that they need for their jobs.
- Change passwords — Passwords should be changed regularly and be complex enough to stay unpredictable. That’ll reduce the likelihood of unauthorized employees (or even ex-employees) accessing things they shouldn’t.
July 14th, 2009 at 1:00 pm
Yes, I have been a victim of this on numerous occasions. I would find information I would send in emails being repeated back to me by the employees who were subjects of them; or copies of the emails provided to me by the unions or press. None of the material was inappropriate and was simply responses to requests for information by the CEO or managers. However, I only sent the emails to a single individual and they were never forwarded by them. Investigation revealed that people in the I/S Dept. were snooping in on them and they were terminated. This happened several times over the course of years.
July 14th, 2009 at 2:51 pm
What has always interested me is that IT will check use and abuse of our time and systems when asked by the Management, but no one is able to check abuse of use of time and sytems of the IT employees. They sit alone in the basement offices (for coolness needed by machinery), have incredible security locks for their workspace and Management wouldn’t know if they are doing their own “thing” most of the day.
July 15th, 2009 at 7:33 am
Karen: Excellent point. What I have always wondered. Plus how could they get caught anyway?
July 18th, 2009 at 10:12 am
It’s like the police checking on the police.
July 20th, 2009 at 7:25 am
Yes, Police do check Police. State Police or County can be turned to for local Police wrong doing and the State’s Atty Generals should oversee the State and County Police and can also turn to the Federal Authorities for oversight if the State Police play dirty. I guess we then pray that education, from whatever source, parents, schools, churches, has provided the moral compass all need.