Are your employees snooping on your corporate network?
A new survey of IT security professionals reveals that 92 percent of respondents say employees at their organizations try to access information that is not necessary for their day-to-day work.
The study from identity management company One Identity also shows that IT security professionals themselves are among the worst offenders for corporate data snooping. One in three respondents admit to having accessed sensitive information that is not necessary for their day-to-day work -- showing an ongoing abuse of elevated rights given to the IT security role.
More than one in three (36 percent) of IT pros admit to looking for or accessing sensitive information about their company’s performance, beyond what is required to do for their job. 71 percent of executives admit seeking out extraneous information, compared to 56 percent of non-manager-level IT security team members. Additionally, 45 percent of executives admit to snooping for or accessing sensitive company performance information specifically, compared to just 17 percent of non-manager team members.
In smaller companies the problem is worse, 38 percent of IT security professionals at companies with 500-2,000 employees admit to looking for or accessing sensitive performance data, compared to 29 percent at companies with more than 5,000 employees.
Perhaps less surprising is that workers in technology companies are most likely to go on a sensitive information hunt, with 44 percent of respondents working for technology companies admitting to searching for sensitive company performance information. This compares to 36 percent in financial services, 31 percent in manufacturing, and just 21 percent in healthcare.
"While insider threats tend to be non-malicious in intent, our research depicts a widespread, intrusive meddling from employees when it comes to information that falls outside their responsibility -- and it could be that meddling that ends up putting their employers in hot water," says John Milburn, president and general manager of One Identity. "Without proper governance of access permissions and rights, organizations give employees free reign to move about the enterprise and access sensitive information like financial performance data, confidential customer documentation, or a CEO’s personal files. If that information winds up in the wrong hands, corporate data loss, customer data exposure or compliance violations are possible risks that could result in irreversible damage to the business's reputation or financial standing."
You can read more about the survey results in the full report, available from the One Identity website.