Posted on 06/20/2008 2:08:50 AM PDT by Caipirabob
FRANKFURT (Reuters) - One in three information technology professionals abuses administrative passwords to access confidential data such as colleagues' salary details, personal emails or board-meeting minutes, according to a survey.
U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role.
"All you need is access to the right passwords or privileged accounts and you're privy to everything that's going on within your company," Mark Fullbrook, Cyber-Ark's UK director, said in a statement released along with the survey results on Thursday.
(Excerpt) Read more at news.yahoo.com ...
My son, an IT Pro, told me once his motto is “I will not use my skills to do evil”.
....Bob
This helps explain the cockiness and arrogance of most IT people.
Well, that’s the kind of fellow I want to work with. I’m privy to a lot of sensitive info myself. I pride myself in being “a human black-hole from which sensitive information enters yet never escapes.” I learn a lot of interesting things that are going on a result. It’s become a nice tool from the perspective of learning “where and where not” to be.
Well, they need an attitude adjustment for sure. IT is internal "Customer Service" and needs to provide users with a level of comfort in the tools that they use. The pride comes from leaving them with a smile.
You can learn all you want to but until you know where the money is stored, what’s transfered where and when, and how to get at it, you don’t know much....ha ha ha..
OH boy! Don’t get me started!! The manager of our IT dept thinks he rules the roost in our entire building!
Oh, never mind..................>:-(
Thoughts? Know someone like this?Honestly?! I would never impose on the privacy of others.... BUT, I would love to get my hands on the 'Minutes'...
“cockiness and arrogance” just about sums it up.
That's untrue. We simply bring out the insecurities of people. Deal with yours, eh?
With a considerable time in IT, I’d say the source for that statistic is wrong. In reality, the number of ‘snoopers’ is probably closer to 50%.
Wow, an IT security firm says much data isn’t secure. Shocker.
USPS goes beyond the business of allowing the IT folks unfettered access to "systems", their top dog in IT, guy named Bob Otto, actually works to prohibit any IT-secure system from growing up to frustrate that ambition.
Anyone who mails large volumes of mail should be aware that their proprietary corporate information (annual quantities mailed, paid, etc.) is probably available to contractors hired by IT to handle "system" maintenance. Your competitors can undoubtedly buy that information from folks with access to the maintenance companies.
I don’t have to bother to snoop. For instance, I requested a roster of active employees from HR for a project I was working on and the HR beyotch from hell sent me not only the active roster but everyone of the thousand employee’s latest salary information as well. I sent her back the information immediately and destroyed my copy. I’m not curious about that stuff because the info would only pi$$ me off. We’ve got a lot of dead weight pulling big salaries most likely.
Same HR person posted salary information in a folder on the company’s shared folder drive...unsecured. Anyone in the company could access the info.
Now I’ve got to admit I’d love to set Outlook storage space to about 10k for some folks or just lock out their network accounts throughout the day. Ultimately it’s just easier to mind my own business and get my work done.
We had a pretty high honcho in IT (I am in the department myself) who was fired for just such behavior. He may have been prosecuted as well since I believe he was trying to use information to assist competitors or set up his own shop.
Take a look at the other side please.
I have been in IT for 19 years. Why do you think you (generic you, meaning IT “customers”) can call me at 3:00 a.m. with a question because you could not sleep and decided to do some work? Why do I have to work every holiday because you do not celebrate it and I have to provide you support or that is the only time I can do upgrades without keeping someone from doing their job?
I am not cocky. I am just stressed out and tired. I have a thousand people wanting me to fix something, give them something new, teach them something, or run a question by me because they want to buy a new personal computer every minute of every day. I snap answers out so that I can move on to the next problem as fast as possible. I don’t call you back immediately because I am taking care of something in the infrastructure that I cannot explain to most people (and no one really cares to hear anyway) so that you can just flip the switch and your “stuff” works.
Don’t get me wrong, I recognize that there are some real a*holes that are full of themselves. Time usually takes care of them though. They come and go. When I am hiring and I see someone that changes jobs every year, my first thought is this is a person that is full of themselves. They think they are smarter than everyone else and my customers are going to hate them.
Yes, HR is always the worst. They will not consistently give you the information you need to meet audit requirements such as new hires or terminated employees. You ask them for a report that you can run at will and you get Salary, SS numbers, and every other personal detail they have.
Most people would be shocked also to find out what all Senior Management is “looking” at. I field requests constantly for a manager to look at the employees email, personal folders, etc.
Everyone needs to read and believe that company policy that states that all info belongs to the company and they have the right to view it. The computer you use at work is not your computer.
Mark
I generally don’t snoop but I catch’m doing things they shouldn’t. We were giving these users a new computer, laptop to replace their desktop. Now the desktop had a tape drive, the laptop did not. The user asked if we could copy the files off the tape drive and put them on the laptop. As the files were copying I see obsence filenames that catch my interest. I turn to my cohort I said look at this. We then went to look at the files, just naught pics nothing a ninth ciruirt court judge would have. And no kiddie porn. I would’ve just told them” hey, you really dont want me to copy these files,” but my cohort decided to report it. The users were denied access to network for a month and got a stern talking to.
oh yeah the teach me something really gets to me. I don't mind if its a new program and complete unrelated job for them. BUt I am talking about the office workers that want to do some geewhiz stuff in word ,ppt or program(x). I tell them I don't know their job or program(x) I am not an office clerk,maybe HR should hirer some people that know how to do their job. Well I don't actually them that. Sometimes I do take them up as charity case because I wanted to learn something too.
Mike you might like this site techcomedy
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.