Most IT staff would steal company secrets including passwords and customer details if they were to be laid off
Most IT staff would steal company secrets including passwords and customer details if they were to be laid off, according to a survey from software company Cyber-Ark.
The annual “Trust, Security and Passwords” survey focused on 300 IT professionals, and found 88% would steal privileged information if they were to be laid off tomorrow.
“One third of devious IT administrators would take the privilege password list, which would give them access to all the other sensitive and valuable documents and information such as financial reports, accounts and HR records,” the survey says.
“Most company directors are blissfully unaware of the administrative or privileged passwords that their IT staff have access to, which allows them to see everything that is going on within the company,” Cyber-Ark chief executive Udi Mokady says.
“These privileged identities, which lie on hundreds of servers and applications, very rarely get changed as it’s often considered too much hassle.”
The survey also found one-third of privileged passwords are still being stuck on post-it notes and IT staff also regularly look at information they are not authorised to view.
“That’s why we recommend companies secure their privileged identities and sensitive information in a digital vault – only giving individuals access to the information they actually need, when they need it, while also keeping a log of who has accessed what and when,” Mokady says.
Steve Wright, principal of information technology law firm WCL, says employers need firm security policies in place to ensure employees are reminded of the consequences of stealing private data.
“I think the typical way is to refer the employee back to the agreement that they signed, which would cover off those particular issues. You should have policies in relation to that information stored and used. It’s a civil offence to steal that data, so they need to point that out.”
Wright says employers need to make sure agreements are signed by employees and regularly revised.
“Have appropriate security policies,” Wright says. “People shouldn’t have access to huge pieces of information they can walk away with. Of course that gets harder when the seniority of the employee gets higher and higher, but it’s what has to be done.”