informa
Commentary

Security Staff Snoops: Who's Watching Your Watchers (And What Are Your Watchers Watching?)

Fully a third of IT staffers recently surveyed admitted to taking unauthorized, inappropriate, and often illegal looks at confidential files and e-mails. Maybe that lets them get their peeping Tom jollies off -- but it may also leave your business on very shaky and un-jolly legal ground.
Fully a third of IT staffers recently surveyed admitted to taking unauthorized, inappropriate, and often illegal looks at confidential files and e-mails. Maybe that lets them get their peeping Tom jollies off -- but it may also leave your business on very shaky and un-jolly legal ground.Identity and information security company Cyber Ark surveyed several hundred IT pros at a recent conference, and found that one in three abused their status and admin accounts to spy on colleagues, superiors and customers.

It gets better, er, worse: a third of them (no word if it's the same third, but it doesn't really matter) remained able to access company networks and files after leaving the company's employ.

Half of them keep passwords -- including, it's implied, admin passwords -- on Post-Its.

Nearly 10 percent revealed that some of their systemware was still running the manufacturer's default-installed password.

Maybe the biggest scare -- and source of potentially devastating consequences: More than 80 percent of the survey participants admitted to keep at least some crucial system passwords in their heads. When they're fired -- or keel over -- the passwords go with them.

And these are the professionals!

The snoopings and invasions of privacy can be chalked up to human nature, I guess. Snoops are with us always.

But to have IT professionals at a security conference blithely reveal that they're just as likely to create the same vulnerabilities that their security policies (assuming they have such policies in place)... well, that's probably human nature, too.

Doesn't make it acceptable, though, and for the sake of your business it sure doesn't make it excusable.

Here's a bMighty take on network use policies.

Recommended Reading: