It’s not surprising that employees who are fired from their jobs are generally displeased people. A recent survey of 300 Australian IT administrators found that an overwhelming majority would steal company data if they were laid off.
According to the survey, 88 percent of IT administrators said that they would knowingly take with them company secrets before their departure. Such sensitive data would include passwords, client records, financial reports, company strategy and other critical documents.
“Most company directors are blissfully unaware of the administrative or privileged passwords that their IT guys have access to which allows them to see everything that is going on within the company. These privileged identities, which lie on hundreds of servers and applications, very rarely get changed as it’s often considered too much hassle,” said Udi Mokady, chief executive of security firm of Cyber-Ark.
Mokady then offered what seems like common sense. “Our advice is secure the most privileged data, and routinely change and manage them, so that if an employee’s contract is terminated, whether sacked or made redundant, they can’t maliciously play havoc inside the network or vindictively steal data for competitive or financial gain.”
Even with such measures in place to prevent disgruntled former employees from causing harm for long, it appears that another problem is that some administrators have unsecure habits. The survey found that over a third of respondents admitted to writing down passwords on Post-It notes and leaving them fixed on computer monitors, or sending confidential information through unencrypted email.
Current IT administrators are often the gatekeepers to sensitive information storage. A third of administrators admitted to snooping around the network for confidential data such as employee salary information and personal emails.
Finally, one compounding factor threatening corporate security is the growing reliance on mobile devices such as BlackBerry, USB thumbdrives and laptops that can end up misplaced.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
LOL, I could tell that "Office Space" pic a mile away. Initrode, "I want those TPS reports ASAP"Reply
And if this article is 50% true OMFG!!!Reply
The problem with stealing data from your company, is depending on where your stealing from, you may end up in 'federal pound me in the ass prison.'Reply
"A third of administrators admitted to snooping around the network for confidential data such as employee information and personal emails."Reply
Man they must have a lot of time on their hands, I personally do not have time to 'snoop around our network' I'm being kept on my toes every day with 'OMG MY INTRAWEB IS DOWN' phone calls. Anyway what do I care about other peoples' personal emails, seriously I'm not that bored with life to want to meddle in others'.
As for stealing data upon getting fired, we've become quite efficient here, if you get an access denied message when trying to log into the network, and then get paged to HR... Hah, well you might as well grab your car keys while you're at it. XD
Hmmm... 88% of all IT workers in the headline but the survey was of 300 Australian IT administrators.Reply
Stats 101 - you can only draw conclusions about the population from which you randomly sampled. You cannot sample administrators and extrapolate to all IT workers, and you cannot sample Australian and extrapolate to global populations.
Also, was this a random sampling of the workers - or was it based on volunteers?
Finally, before getting all shocked, what percentage of people with access to sensitive data not in IT would steal it if fired? Perhaps they are the same, which would show that IT workers are as human as the rest of the working world...
This is why companies like mine offer computer forensic services. You would be surprised how many employers contact us after letting an employee go and ask us to bring back the information that the employee deleted just prior to leaving. Most of the time, they deleted evidence that they were either goofing off at work or the trail of them making copies of the company data.Reply
"Such sensitive data would include passwords"Reply
How the hell is it, that if an IT admin gets fired, and rememberes the passwords he's been using for years, is that called "stealing sensitive data?" And what, he's supposed suffer from strategic amnesia and forget the companies strategies the day he's FFing fired or what?
I call BS. Scare tactic statistics from a 'security' firm trying to sell their services. Get some real statistics and try again.
bountythe passwords he's been using for yearsReply
if the same password has been in place for years, then its more the company's fault for not changing things on a regular basis (but neither is the ex-employee completely off the hook)
Steal it and do what with it? Insider trading is only viable for a short time period, blackmail is a BAD idea, the only data that would make sense to steal is "whistle-blower" data.Reply
If an employee is fired, then he should be locked out from the computer network ASAP. If the employer have to keep them for a month or two due to employment conditions, it's better to send them home and pay for that time still, rather having them at the company and riskin theft of hardware, software or intellectual properties. That's a small fee compared to the damege they otherwize can cause.Reply