IT's dark little secret
Sunday, 22 June 2008 10:23![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
claidheamhmorThis article was interesting.
This sort of thing is one of IT's dark little secrets. A network administrator in most companies can access just about any data in the company, whether people's mailboxes or even their personal files on their PCs. What's more, they can generally do it completely undetected, and even if there are suspicions, getting security auditing logs into some useful form is an almost impossible task.
Now, I'm not one of those admins who does dig around in confidential files, except in the direct line of work. I regard myself as having a position of enormous responsibility at work, and I try to treat data the way I would want mine treated. Digging around in people's files for salary information or whatever would be unethical, and anyway, I don't think I want to know about it.
IT professionals have keys to your personal details
20 June 2008 at 06h00
Frankfurt - One in three information technology professionals abuses administrative passwords to access confidential data such as colleagues' salary details, personal emails or board-meeting minutes, according to a survey.
US information security company Cyber-Ark surveyed 300 senior IT professionals and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role.
"All you need is access to the right passwords or privileged accounts and you're privy to everything that's going on within your company," Mark Fullbrook, Cyber-Ark's UK director, said in a statement released along with the survey results on Thursday.
"For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems.
"But to those in the know, they are the keys to the kingdom," Fullbrook added.
Cyber-Ark said privileged passwords get changed far less frequently than user passwords, with 30 percent being changed every quarter and nine percent never changed at all, meaning that IT staff who have left an organisation could still gain access.
It added that seven out of 10 companies rely on outdated and insecure methods to exchange sensitive data, with 35 percent choosing email and 35 percent using couriers, while four percent still relied on the postal system. - Reuters
Source: IOL
This sort of thing is one of IT's dark little secrets. A network administrator in most companies can access just about any data in the company, whether people's mailboxes or even their personal files on their PCs. What's more, they can generally do it completely undetected, and even if there are suspicions, getting security auditing logs into some useful form is an almost impossible task.
Now, I'm not one of those admins who does dig around in confidential files, except in the direct line of work. I regard myself as having a position of enormous responsibility at work, and I try to treat data the way I would want mine treated. Digging around in people's files for salary information or whatever would be unethical, and anyway, I don't think I want to know about it.