One-third of IT pros admit to snooping on co-workers
One-third of IT pros admit to snooping on co-workers
By Jacqueline Emigh, BetaNews
June 20, 2008, 12:13 PM
As many as a third of all senior IT professionals use their administrative passwords and other privileges to "snoop around the network" looking into employees' confidential material, say newly released survey results.
Conducted by Cyber-Ark Software as part of its annual look at "Trust, Security and Passwords," the study also suggests that IT pros -- typically working in companies of 1,000 or more -- are peering at confidential information such as salaries, personal e-mails, and merger and acquisition plans. They could also be sneaking peeks at confidential data long after they've quit their jobs and gone elsewhere.
Specifically, almost half of the 300 respondents -- or 47 percent -- admitted to accessing information that is not "relevant to their roles."
"Privileged passwords get changed infrequently and often a lot less than user passwords," according to the survey results. "Thirty percent get changed every quarter [and] 9% never get changed, giving access indefinitely to all those who know the passwords, even when they've left the organization."
About half of the IT pros questioned said they don't even need to get authorization in order to access privileged accounts.
But Cyber-Ark -- a maker of software for protecting passwords and confidential data -- isn't the only one paying heed to snooping these days.
A ruling issued this week by the 9th U.S. Circuit Court of Appeals in San Francisco holds that, under many circumstances, employers must have either a warrant or the employee's permission to view communications such as SMS text messages.
As the court in San Francisco sees it, text messages fall into a different category than e-mail -- a type of communications that employers have been legally allowed to see -- if these text messages are not stored by either the employer or someone the employer pays to store messages.
Meanwhile, Cyber-Ark's survey also pointed to an absence of effective policies around information exchange at most organizations. "Seven out of 10 companies rely on outdated and insecure methods to exchange sensitive data when it comes to passing it between themselves and their business partners," according to Cyber-Ark's report.
Specifically, 35% of companies use e-mail for sending sensitive data to business partners, 35% use couriers, 22% turn to FTP, and 4% still rely on the postal system.
In another startling finding, 12% of the senior IT pros surveyed admitted to sending out cash via postal mail.
By Jacqueline Emigh, BetaNews
June 20, 2008, 12:13 PM
As many as a third of all senior IT professionals use their administrative passwords and other privileges to "snoop around the network" looking into employees' confidential material, say newly released survey results.
Conducted by Cyber-Ark Software as part of its annual look at "Trust, Security and Passwords," the study also suggests that IT pros -- typically working in companies of 1,000 or more -- are peering at confidential information such as salaries, personal e-mails, and merger and acquisition plans. They could also be sneaking peeks at confidential data long after they've quit their jobs and gone elsewhere.
Specifically, almost half of the 300 respondents -- or 47 percent -- admitted to accessing information that is not "relevant to their roles."
"Privileged passwords get changed infrequently and often a lot less than user passwords," according to the survey results. "Thirty percent get changed every quarter [and] 9% never get changed, giving access indefinitely to all those who know the passwords, even when they've left the organization."
About half of the IT pros questioned said they don't even need to get authorization in order to access privileged accounts.
But Cyber-Ark -- a maker of software for protecting passwords and confidential data -- isn't the only one paying heed to snooping these days.
A ruling issued this week by the 9th U.S. Circuit Court of Appeals in San Francisco holds that, under many circumstances, employers must have either a warrant or the employee's permission to view communications such as SMS text messages.
As the court in San Francisco sees it, text messages fall into a different category than e-mail -- a type of communications that employers have been legally allowed to see -- if these text messages are not stored by either the employer or someone the employer pays to store messages.
Meanwhile, Cyber-Ark's survey also pointed to an absence of effective policies around information exchange at most organizations. "Seven out of 10 companies rely on outdated and insecure methods to exchange sensitive data when it comes to passing it between themselves and their business partners," according to Cyber-Ark's report.
Specifically, 35% of companies use e-mail for sending sensitive data to business partners, 35% use couriers, 22% turn to FTP, and 4% still rely on the postal system.
In another startling finding, 12% of the senior IT pros surveyed admitted to sending out cash via postal mail.
Comments
-
Rikku Member Posts: 82 ■■□□□□□□□□A ruling issued this week by the 9th U.S. Circuit Court of Appeals in San Francisco holds that, under many circumstances, employers must have either a warrant or the employee's permission to view communications such as SMS text messages.
As the court in San Francisco sees it, text messages fall into a different category than e-mail -- a type of communications that employers have been legally allowed to see -- if these text messages are not stored by either the employer or someone the employer pays to store messages.
All employers need to back them up is the proper company policy written up and overseen by the company lawyer to make it water tight. You sign on the dotted line; your rights are cut out of the picture. Say, if the above example is for say the company blackberry system and they need to archive traffic and keep a copy of the communications..etc.
Bottom line, if it is company property or if sensitive traffic is handled over company devices on the work site they have every right to record/monitor and keep records of the data. If it is getting into HR data or something that falls under HIPPA/PCI compliance..thats a different story and the company can seriously be penalized/fined.
I believe under the PCI compliancy, most copies are supposed to archive company email records for around at least 5 years worth..or something to that extent. I know realistically for a lot of companies that is laughable. But, I have found that more and more of policy requirements and standards are being implimented. Companies are being held accountable if they do not show example of certain recordkeeping/security requirements they cannot participate in certain business transactions say merchant transcations for VISA etc...
-Rikku