Sign in with
Sign up | Sign in

Report: 88 Percent of IT Workers Would Steal Data If Fired

By - Source: Tom's Hardware | B 11 comments

It’s not surprising that employees who are fired from their jobs are generally displeased people. A recent survey of 300 Australian IT administrators found that an overwhelming majority would steal company data if they were laid off.

According to the survey, 88 percent of IT administrators said that they would knowingly take with them company secrets before their departure. Such sensitive data would include passwords, client records, financial reports, company strategy and other critical documents.

The information comes from Cyber-Ark, an identity management firm, which released its findings in its annual review titled, “Trust, Security & Passwords.”

“Most company directors are blissfully unaware of the administrative or privileged passwords that their IT guys have access to which allows them to see everything that is going on within the company. These privileged identities, which lie on hundreds of servers and applications, very rarely get changed as it’s often considered too much hassle,” said Udi Mokady, chief executive of security firm of Cyber-Ark.

Mokady then offered what seems like common sense. “Our advice is secure the most privileged data, and routinely change and manage them, so that if an employee’s contract is terminated, whether sacked or made redundant, they can’t maliciously play havoc inside the network or vindictively steal data for competitive or financial gain.”

Even with such measures in place to prevent disgruntled former employees from causing harm for long, it appears that another problem is that some administrators have unsecure habits. The survey found that over a third of respondents admitted to writing down passwords on Post-It notes and leaving them fixed on computer monitors, or sending confidential information through unencrypted email.

Current IT administrators are often the gatekeepers to sensitive information storage. A third of administrators admitted to snooping around the network for confidential data such as employee salary information and personal emails.

Finally, one compounding factor threatening corporate security is the growing reliance on mobile devices such as BlackBerry, USB thumbdrives and laptops that can end up misplaced.

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 1 Hide
    vladtepes , September 3, 2008 2:17 AM
    LOL, I could tell that "Office Space" pic a mile away. Initrode, "I want those TPS reports ASAP"
  • 0 Hide
    vladtepes , September 3, 2008 2:41 AM
    And if this article is 50% true OMFG!!!
  • 1 Hide
    blackened144 , September 3, 2008 1:13 PM
    The problem with stealing data from your company, is depending on where your stealing from, you may end up in 'federal pound me in the ass prison.'
  • Display all 11 comments.
  • 0 Hide
    invlem , September 3, 2008 1:36 PM
    "A third of administrators admitted to snooping around the network for confidential data such as employee information and personal emails."

    Man they must have a lot of time on their hands, I personally do not have time to 'snoop around our network' I'm being kept on my toes every day with 'OMG MY INTRAWEB IS DOWN' phone calls. Anyway what do I care about other peoples' personal emails, seriously I'm not that bored with life to want to meddle in others'.

    As for stealing data upon getting fired, we've become quite efficient here, if you get an access denied message when trying to log into the network, and then get paged to HR... Hah, well you might as well grab your car keys while you're at it. XD
  • 1 Hide
    mdillenbeck , September 3, 2008 2:35 PM
    Hmmm... 88% of all IT workers in the headline but the survey was of 300 Australian IT administrators.

    Stats 101 - you can only draw conclusions about the population from which you randomly sampled. You cannot sample administrators and extrapolate to all IT workers, and you cannot sample Australian and extrapolate to global populations.

    Also, was this a random sampling of the workers - or was it based on volunteers?

    Finally, before getting all shocked, what percentage of people with access to sensitive data not in IT would steal it if fired? Perhaps they are the same, which would show that IT workers are as human as the rest of the working world...
  • 0 Hide
    rforce , September 3, 2008 3:35 PM
    This is why companies like mine offer computer forensic services. You would be surprised how many employers contact us after letting an employee go and ask us to bring back the information that the employee deleted just prior to leaving. Most of the time, they deleted evidence that they were either goofing off at work or the trail of them making copies of the company data.
  • 1 Hide
    bounty , September 3, 2008 5:08 PM
    "Such sensitive data would include passwords"

    WTF?

    How the hell is it, that if an IT admin gets fired, and rememberes the passwords he's been using for years, is that called "stealing sensitive data?" And what, he's supposed suffer from strategic amnesia and forget the companies strategies the day he's FFing fired or what?

    I call BS. Scare tactic statistics from a 'security' firm trying to sell their services. Get some real statistics and try again.
  • 0 Hide
    kittle , September 3, 2008 9:44 PM
    bountythe passwords he's been using for years


    if the same password has been in place for years, then its more the company's fault for not changing things on a regular basis (but neither is the ex-employee completely off the hook)
  • 0 Hide
    Anonymous , September 6, 2008 2:50 AM
    Steal it and do what with it? Insider trading is only viable for a short time period, blackmail is a BAD idea, the only data that would make sense to steal is "whistle-blower" data.
  • 0 Hide
    Milleman , September 6, 2008 5:08 AM
    If an employee is fired, then he should be locked out from the computer network ASAP. If the employer have to keep them for a month or two due to employment conditions, it's better to send them home and pay for that time still, rather having them at the company and riskin theft of hardware, software or intellectual properties. That's a small fee compared to the damege they otherwize can cause.
  • 0 Hide
    tridac , September 18, 2008 3:43 AM
    The only time I snooped around checking people's salaries was when I was helping a user that had that info all over her screen. I couldn't help but check how much my boss makes. Also, we usually locked them out first before they find out they are fired. Along with a quick escort out the building.