A third of IT staff look at private data

IT staff are taking advantage of poor security

One in three IT staff admit to using their position to access confidential or sensitive materials in their business, through improper use of administrative passwords.

A third of the 300 senior IT professionals questioned by security vendor Cyber Ark said that they had secretly looked at private data. A further 47 per cent admitted to accessing information that was not directly related to their role.

These examples of unauthorised access are being facilitated by poor security structures. In 30 per cent of the companies approached, administrative passwords were only changed every three months.

And in nine per cent of cases, these passwords were never changed at all. This situation can leave systems open to anyone who has ever had knowledge of the access codes, including employees who have left the company.

"In some organisations there is little understanding or lack of controls in place to manage workers' access to systems," said Mark Fullbrook, UK director of Cyber-Ark.

"For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems. To those 'in the know' they are the keys to the kingdom, which can wield a great deal of power if left unprotected."