IT staff used their admin passwords to peek at information they were not authorized to view. Almost half of the 300 senior IT professionals interviewed admitted that they’d accessed information that wasn’t relevant to their job.
For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems. To those in the know they are the keys to the kingdom and if unprotected or fall into the wrong hands wield a great deal of power. This could include highly sensitive information such as merger plans, the CEO’s emails, company accounts, marketing plans, legal records, R&D plans etc, said Mike Fullbrook, UK director of Cyber-Ark.
As 30% only change their passwords every quarter, while 9% never get changed, this means IT staff could potentially access information even after they’d left the company.
The results suggest an underlying sloppiness to dealing with sensitive data. Most were using email or couriers to transport sensitive company material rather than using more secure methods.