Many UK businesses are ignorant of the level of access their IT staff have to systems that may contain highly sensitive...
data, a survey has revealed.
A poll of IT professionals in the UK and the US by access management firm Lieberman Software found that 42% of IT staff can get unauthorised access to their employer's most sensitive information.
More IT professionals in the UK say they could take sensitive information away with them to their next job with 85% admitting it would be easy compared with 76% of their US counterparts.
Respondents blamed the failing on management's naivety when it comes to understanding just how much privileged access their IT departments actually have.
More than a third of those polled said their senior management did not have the faintest idea what IT could and could not access, with 78% admitting they could walk away from their organisation with highly sensitive information.
Around a third of respondents said they would still be able to access sensitive information long after leaving the company as the result of lapses in the organisation's security practices.
"Companies should wake up to the fact that IT holds the keys to the kingdom. Nothing is secret or private unless you establish systems and procedures to lock down data from prying eyes and, according to our study, most organisations don't," says Philip Lieberman, chief executive officer of Lieberman Software.
The survey also shows a strong correlation between job security and data theft - 31% of respondents who are fearful of losing their jobs admitted they would take sensitive data with them, compared with just 18% who felt their jobs were secure.
Smaller companies are at a higher risk of data theft by disaffected employees, with 31% of IT professionals working in companies with fewer than 1,000 employees worried about the stability of their employment, compared with 20% of respondents at larger companies.
In addition to data theft, 15% of UK IT professionals admitted they would use their administrative rights to snoop around the network in an effort to sneak a peak at sensitive data such as personnel records to try and find out if their job, or a colleague's job, was at risk.