IT workers admit snooping through private data

29 May 2007

In a recent survey carried out by Cyber Ark Software in the UK, it was found that a third of IT workers admitted to using their administrative passwords to access confidential data, such as personal emails, wage details and human resources files.

Cyber Ark Software carried out this research as part of an annual survey entitled Trust, Security and Passwords, which not only found a lack of trustworthiness among IT workers, but found that organisations are not securing their systems sufficiently in the first place.

One third of IT workers said that they could still access their old company network long after leaving the job, and over 25pc of survey participants said they were aware of this practice, despite the fact that sensitive data was at stake and it was against company IT policy.

Shockingly, the survey revealed that over 50pc of network users, including IT professionals, were storing their confidential passwords on Post-It notes, with the same number admitting to storing the administration password for the entire network on bits of paper also.

Clearly users find passwords difficult to remember, especially if IT security directs that they be changed regularly. Despite this, one fifth of organisations said that they rarely change their passwords and 7pc say they have never changed theirs.

Further to this, 8pc of IT workers said that the default admin password on parts of the network was never actually set or changed. This is the most common way for a hacker to access an organisation’s network.

Some 82pc of IT workers said that they stored the admin passwords in their head, making password management a nightmare for companies should the worker become unavailable.

However, 18pc used an Excel spreadsheet to store passwords and 57pc stored them manually.

Calum Macleod, European director for Cyber-Ark, said: “It’s surprising to find out how rife snooping is in the workplace. Now all you need to have is the administrative password and you can snoop around most places and it appears that is exactly what’s happening.

“Companies need to wake up to the fact that if they don’t introduce layers of security, tighten up who has access to vital information and manage and control privileged passwords, then snooping, sabotage and hacking will continue to be rife.”

By Marie Boran