IT staff may be a primary source of data leakage, according a survey of 300 IT professionals at the recent Infosecurity exhibition in London.
One-third of those questioned said they used their administrator passwords and privileges to look at confidential company information. This included salary details, merger and acquisition plans, personal e-mails, board meeting minutes and other pieces of personal information. Some 47% said that they had accessed information that was not relevant to their role.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The survey is part of ongoing research by IT security firm Cyber-Ark into industries' information access and control procedures.
Researchers reported that privileged passwords are changed less often than user passwords. They found 30% change once a quarter and 9% never get changed.
Half of IT administrators do not need authorisation to access privileged accounts. This shows a general lack of control of these power identities and indeed understanding over the power that these privileges command, said Mark Fullbrook, UK director of Cyber-Ark.
Data exchanges were also vulnerable. One in three e-mail sensitive data, 35% send it via courier, 22% use FTP and 4% still use the postal system. And 12% of these senior IT staff also chose to send cash in the post.