Managers unaware of extent of IT access to company data

28 Jul 2011

Senior management is often unaware of how much access their IT departments have to sensitive internal data – up to and including a CEO’s private files.

A new survey of almost 500 IT professionals in the US and UK has found that 42pc of IT staff can obtain unauthorised access to their organisation’s most confidential documents. Almost the same amount of those polled (39pc) said senior executives in their respective organisations have no idea what IT can and cannot access.

Almost four out of five (78pc) said they could, if they wanted, walk out of the office carrying highly sensitive information, and one-third said they would still be able to access much of the same information even after leaving the company because of lapses in security practices.

The survey was commissioned by identity management specialist Lieberman Software in order to ascertain workplace ethics among IT workers. It found a strong correlation between job security and the likelihood of stealing sensitive data: people who fear losing their jobs are far more likely to make off with confidential information – 31pc, according to the survey, compared to 18pc who feel their jobs are safe.

IT professionals working for smaller companies were more likely to be uncertain about the security of their current jobs, compared to those working in larger organisations.

Job security

Abuse of administration rights doesn’t appear to be a widespread practice: 15pc of UK IT professionals and 9pc in the US admitted they would use their administrator privileges to snoop around the network to look at sensitive data, such as personnel records to try and find out if their job, or a colleague’s job, was at risk.

Philip Lieberman, president and CEO of Lieberman Software, commented: “Companies should wake up to the fact that IT holds the keys to the kingdom. Nothing is secret or private unless you establish systems and procedures to lock down data from prying eyes and, according to our study, most organisations don’t,” he said.

Lieberman said the situation had moved on from the days when an organisation’s most sensitive data was locked away in a filing cabinet with just one or two trusted key holders. “Today, it’s locked away in a virtual filing cabinet, but the problem is most companies have no idea just how many people have keys to this cabinet. What’s clear from this survey is that management just doesn’t understand the privileges their IT staff have to the most sensitive data.”

Noting that bosses’ documents can be read by 42pc of IT personnel, Lieberman added: “If these guys can’t be trusted – which in some cases, they can’t – the directors shouldn’t be surprised when their data gets leaked or exploited.”

Gordon Smith was a contributor to Silicon Republic