IT professionals admit to snooping

IT staff are abusing administrative passwords to look at confidential data

One in three IT staff abuse administrative passwords to gain access to confidential data, according to a recent study.

The information includes salary details, personal emails and board-meeting minutes.

The survey of 300 IT professionals revealed that an additional 47 per cent of IT staff had accessed information not relevant to their role.

Carried out by US information security company Cyber-Ark, the study also showed that privileged passwords get changed far less frequently than user passwords.

Only 30 per cent of respondents said they change privileged passwords every quarter, while nine per cent admitted to never changing them at all giving ex-IT staff access to confidential company information.

Outdated and insecure methods of exchanging sensitive data are still employed, with 35 per cent opting for email and a further 35 per cent choosing couriers. Meanwhile, some four per cent still depend on the postal system.

"All you need is access to the right passwords or privileged accounts and you are privy to everything that is going on within your company," said Cyber-Ark UK director Mark Fullbrook.

"For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems.

"To those 'in the know’ they are the keys to the kingdom and wield a great deal of power if unprotected or fall into the wrong hands."