IT staff would steal passwords if laid off

Cost-cutting clients eyeing layoffs should "exercise extreme caution" when letting go of IT staff because they stand to pay a much higher price than they bargained for.

If the downturn claimed their job tomorrow, almost nine out of ten IT administrators said they would react by stealing sensitive or proprietary data from their workplace.

One-third of the disgruntled leavers would take the privilege passwords list, giving them access to the most sensitive data, while others would target customer details.

Just 12 per cent of staff said they would be honest enough to leave empty-handed, according to ID management specialist Cyber-Ark, which commissioned the findings.

Chief executive Udi Mokady said the survey of 300 IT security workers proves to employers that "recession-dismissed IT staff will steal your secrets – if you let them."

"Most company directors are blissfully unaware of the administrative or privileged passwords that their IT guys have access to which allows them to see everything that is going on within the company," he said.

"These privileged identities, which lie on hundreds of servers and applications, very rarely get changed as it's often considered too much hassle. When people leave the organisation, they can often still access the network using these passwords to acquire an organisations' most sensitive information."

One third of companies said that industrial espionage and data leakage was already rife, as data had leaked out of their systems and gone to their competitors or criminals.

Usually, the swiped information was sent via powerful high gigabyte mobile devices such as USB sticks, iPods, Blackberry's and laptops – or sent over email.

A quarter of companies also admitted to suffering from internal sabotage and/or cases of IT security fraud happening in their workplace,

"Our advice is secure the most privileged data, and routinely change and manage them" Mr Mokady said, "so that if a [worker's]…contract is terminated, whether sacked or made redundant, they can't maliciously play havoc inside the network or vindictively steal data for competitive or financial gain."

According to the survey, IT administrators don't exchange or send information securely with 35% having sent highly confidential information via email.

Furthermore, 35% of those surveyed use couriers to transport sensitive data - a system notoriously used by HMRC which sorely failed last year when the courier lost computer discs containing millions of people's records.

"You can install the best security systems in the world, but if your staff do not respect the information they are entrusted with, then the information will definitely go astray – just as the findings of this survey have illustrated." Mr Mokady said.

"That's why we recommend companies secure their privileged identities and sensitive information in a digital vault – just like a physical one - only giving individuals access to the information they actually need, when they need it. This can be audited so you can keep track of who is accessing what and where it's going."

Printer Friendly, PDF & Email

Sign up to our Weekly Newsletter

Keep up to date with everything in the world of contracting.


Contractor's Question

If you have a question about contracting please feel free to ask us!

Ask a question