Hacking
IT employees are peeking at confidential information such as private files, salary information and personal emails
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

IT staff regularly snooping on users

Abuse of admin passwords rife, claims survey

Clement James, vnunet.com 30 May 2007
ADVERTISEMENT

One in three IT employees admits to snooping on company systems, peeking at confidential information such as private files, salary information and personal emails, it was claimed today.

The "worrying" findings of a survey carried out by security firm Cyber-Ark include IT pros abusing administrative passwords that give them privileged and anonymous access to virtually any system.

The survey reported that more than one third of IT professionals admit that they were still able to access their company network after they had left their job.

More than 200 IT professionals participated in the poll, which was carried out at last month's Infosecurity Exhibition.

Many revealed that, although it was not corporate policy to allow IT workers to access systems after termination, over one quarter of respondents knew of an IT staff member who still had access to sensitive networks after leaving the company.

IT professionals are also failing to follow their own advice. While more than half of employees still keep their passwords on a Post-It note, 50 per cent of these are IT professionals.

More than half of respondents admitted to using Post-It notes to store administrative passwords.

Furthermore, one fifth of all organisations admitted that they rarely change their administrative passwords, and seven per cent never change them.

Even eight per cent of IT professionals revealed that the manufacturer's default admin password on critical systems had never been changed, which remains the most common way for hackers to break into corporate networks.

Gary McKinnon, who is waiting to be extradited to the US for gaining entry to 90 computers at the US Department of Defense by scanning systems for blank administrator accounts, was quoted in the report.

"The easiest way to infiltrate a company's network is to look for administrative passwords which are left blank, still have the manufacturer's default password or just use obvious names," McKinnon was quoted as saying.

"Once you find these, which are unbelievably simple and common to find, you are into the system and have the highest level of authority. Bingo, you've got control of the company's system."

Calum Macleod, European director at Cyber-Ark, said: "It is surprising to find out how rife snooping is in the workplace.

"Gone are the days when you had to break into the filing cabinet in the personnel department to get at vital and highly confidential information.

"Now all you need is the administrative password and you can snoop around most places, and it appears that is exactly what's happening."

See also:

Microsoft
Microsoft plays nice with identity systems
Courting open source developers with tools and pledges  25 May 2007
Trojan horse
Smart malware steals from SSL streams
Is nothing safe?  22 May 2007
Trojan horse
New threats top April malware charts
Malware showed 'renewed vigour' last month  14 May 2007
Swiss trial first biometrics-only bank
No tokens needed to access your Nazi gold  07 May 2007
Hacking
Small firms warned of 'security apathy'
SMEs not taking security seriously enough  30 Apr 2007

All Enterprise Security Technology

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Process consultant
| Greythorn IT
Leading Mobile Network vendore is currently seeking a Process consultant for a positions based either in the Middle east or Africa. We are looking for around 10 years experience with at least 5 years business ... more >
Arabic Speaking Sales manager
| Greythorn IT
Tier 1 Network solutions provider is currently seeking an experienced Telecommunications sales manager to work in their Abu Dhabi office. There is a brilliant benefits package as well as an attractive salary available for the ... more >
Egyptian Network Operation /Supervision Engineer
| Greythorn IT
Leading network solutions provider in Egypt is currently seeking and experienced Egyptian Network Operation /Supervision Engineer. There are competitive packages and attractive benefits package on offer for the right candidate. You will be responsible to ... more >
Service Assurance manager
| Greythorn IT
A leading network Solutions vendor is currently seeking an Egyptian national to act as a Service Assurance manager out of their Egyptian office. Ideally we are looking for someone with Vendor based experience however other ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Accessibility
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503