Are you employees snooping on the corporate network?
The overwhelming majority of employees are deliberately seeking out information they are not permitted to access, exposing a major snooping problem among today’s workforce.
Have you ever looked for or accessed sensitive information about your company’s performance, apart from what you are required to do as part of your job?
A Dimensional Research survey polled more than 900 IT security professionals on trends and challenges related to managing employee access to corporate data. Among key findings, a remarkable 92 percent of respondents report that employees at their organizations try to access information that is not necessary for their day-to-day work – with 23 percent admitting this behavior happens frequently.
Most alarmingly, IT security professionals themselves are among the worst offenders of corporate data snooping. One in three respondents admit to having accessed sensitive information that is not necessary for their day-to-day work – indicating ongoing abuse of elevated rights attributed to the IT security role.
Snooping behavior
Other findings related to IT security professionals’ snooping behavior include:
Company performance information is a hot commodity: 36 percent of IT pros admit to looking for or accessing sensitive information about their company’s performance, apart from what is required to do for their job.
IT security executives are the guiltiest by level: Seventy-one percent of executives admit to seeking out extraneous information, compared to 56 percent of non-manager-level IT security team members. Additionally, 45 percent of executives admit to snooping for or accessing sensitive company performance information specifically, compared to just 17 percent of non-manager team members.
The smaller the company, the bigger the snoop: Thirty-eight percent of IT security professionals at companies with 500-2,000 employees admit to looking for or accessing sensitive performance data, versus 29 percent of professionals at companies with more than 5,000 employees.
Workers in technology companies most likely to go on a sensitive information hunt: Forty-four percent of respondents working for technology companies admit to searching for sensitive company performance information, compared to 36 percent in financial services, 31 percent in manufacturing, and just 21 percent in healthcare.
“While insider threats tend to be non-malicious in intent, our research depicts a widespread, intrusive meddling from employees when it comes to information that falls outside their responsibility – and it could be that meddling that ends up putting their employers in hot water,” said John Milburn, president and general manager of One Identity. “Without proper governance of access permissions and rights, organizations give employees free reign to move about the enterprise and access sensitive information like financial performance data, confidential customer documentation, or a CEO’s personal files. If that information winds up in the wrong hands, corporate data loss, customer data exposure or compliance violations are possible risks that could result in irreversible damage to the business’s reputation or financial standing.”
Have you ever looked for or accessed sensitive information about your company’s performance, apart from what you are required to do as part of your job?
Managing snooping and other access-based threats
Companies are not adhering to basic identity and access management (IAM) best practices. In the case of employee snooping, role-based access control and strict governance of rights and permissions can help prevent potential bad actors from accessing confidential or sensitive information.
With regard to snooping done by IT security professionals specifically, organizations can leverage identity intelligence to identify who has elevated rights and help pinpoint exactly where abuse of those rights is occurring to address this behavior.