Watch out for those geeks you call when your system crashes.

 

According to a recent survey from Newtown, Massachusetts-based Cyber-Ark Software, one in three tech workers admit to using special IT privileges to peek at employees’ confidential data.

 

According to the company, developers of the so-called “Enterprise Password Vault” solution for securing and managing privileged passwords, one-third of IT employees “admit to snooping through company systems and peeking at confidential information such as private files, wage data, personal emails, and HR background, just by using the special administrative passwords that give IT workers privileged and anonymous access to virtually any system.”

 

The survey, carried out last year, also found that more than one-third of IT professionals admit they could still access their company’s network once they’d left their current job, with no one to stop them.

 

According to Cyber-Ark, more than 200 IT professionals participated in the survey, and many said that although it wasn’t corporate policy to allow IT workers to access systems after termination, still more than one-quarter of respondents knew of another IT staff member who still had access to sensitive networks even though they’d left the company long ago.

 

Though Cyber-Ark clearly has a vested interest in relaying this kind of information, the survey did garner some interesting feedback from those people at the other end of a company helpdesk line.

 

The company reports that one IT administrator laughed out loud as he answered the survey, and said, “Why does it surprise you that so many of us snoop around your files, wouldn’t you if you had secret access to anything you can get your hands on?”

Another one said this, according to the company: “Sure, it’s easy for an employee to update the personal password to their laptop, but to change the Administrator password on that same machine? It would take days for IT to do them all by hand. In the end, we just pick one password for all the systems and write it down.”

 

According to a recent study by Carnegie Mellon University, the most common insider attack is by a disgruntled IT employee using anonymous access from a privileged account.

 

Calum Macleod, European director for Cyber-Ark, said he was surprised at how rife snooping is in the workplace.

 

“Gone are the days when you had to break into the filing cabinet in the personnel department to get at vital and highly confidential information,” Macleod said. “Now all you need to have is the administrative password and you can snoop around most places, and it appears that is exactly what’s happening. Companies need to wake up to the fact that if they don’t introduce layers of security, tighten up who has access to vital information, and manage and control privileged passwords, then snooping, sabotage and hacking will continue to be rife.”