Survey Reveals Scandal of Snooping IT Staff
Whilst you sit at your desk working innocently away, little do you realize that one in three of your IT work colleagues are snooping through company systems, peeking at confidential information such as your private files, salary data, personal emails, just by using the special administrative passwords that give IT workers privileged and anonymous access to virtually any system. One IT administrator laughed out loud as he answered the survey, saying: “Why does it surprise you that so many of us snoop around your files, wouldn’t YOU if you had secret access to anything you can get your hands on!” These are the findings of a survey released today by Cyber-Ark Software.

As if that weren’t bad enough, the survey found that more than one-third of IT professionals admit they could still access their company’s network once they’d left their current job, with no one to stop them.

More than 200 IT professionals participated in the survey with many revealing that although it wasn’t corporate policy to allow IT workers to access systems after termination, still over one-quarter of respondents knew of another IT staff member who still had access to sensitive networks even though they’d left the company long ago.

Post-It Notes: The IT Favourite for Storing Passwords

It seems that very little changes year over year – more than half of people still keep their passwords on a Post-It note, in spite of all the education and reminders to do differently. What’s shocking about this year’s annual survey was that the 50% number now applies to IT professionals as well! More than half of respondents admitted to using Post-It notes to store administrative passwords, the super-powerful codes pre-built into every system such the Administrator ID on your local workstation.

As one IT administrator explained: “Sure, it’s easy for an employee to update the personal password to their laptop, but to change the administrator password on that same machine? It would take days for IT to do them all by hand. In the end, we just pick one password for all the systems and write it down.”

And where do they write it? A Post-It note.

Administrative Passwords Rarely Get Changed

One-fifth of all organizations admitted that they rarely changed their administrative passwords with 7% saying they NEVER change administrative passwords. This may explain why one-third of all people questioned would still have access to their network even if they’d left the company. 8% of IT professionals revealed that the manufacturers default admin password on critical systems had never been changed, which remains the most common way for hackers to break into corporate networks.

Gary McKinnon who is still waiting to be extradited to the US for gaining entry to 90 computers at the US Department of Defense by scanning the US military computer systems for blank administrator accounts, says: “The easiest way to infiltrate a company’s network is to look for administrative passwords which are left blank, still have the manufacturers default password or just use obvious names. Once you find these, which are unbelievably simple and common to find, you’re into the system and have the highest level of authority – bingo you’ve got control of the company’s system.”

Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals it’s our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //