As your organization looks to wrap up the year, there is one event that seems inevitable – the office holiday party. This year, take time to really notice your merry and festive colleagues. A few of them might be better informed than you’d ever believe – particularly if they’re part of your organization’s IT Security staff.
A recent post in Slashdot referenced our password security survey which found that out of 300 IT professionals surveyed, 26 percent admitted to using their privileged login rights to look at confidential information they should not have had access to in the first place.
It seems as though some IT security professionals just cannot resist peeking at information that should be barred to them. Perhaps it can be blamed on human nature, but the survey seems to prove that IT staff are likely to access confidential items such as redundancy lists, payroll information and other sensitive data including, for example, fellow employees’ Christmas bonus figures.
More significantly, the survey shows that senior management at these organizations still don’t recognize the need to control privileged access to their most sensitive information. This is a weakness that threatens to expose these organizations’ most sensitive data and could pave the way for another wave of data breaches.
I strongly urge organizations to implement a privileged identity management solution that will add a layer of automated security and prevent unauthorized staff (along with hackers and malicious programs) from accessing private data. Otherwise, there will only be more data breaches that tarnish the reputations of more organizations.
Have you ever suspected an IT professional at your organization abused a privileged login? Has your organization implemented a preventative security solution? Share your thoughts on the blog. You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.