News Archive

Access Threat

by msecadm4921

Businesses face an insider security threat, a survey for IT firm Microsoft claims.

Nearly a quarter (22pc) of UK staff admit to having illegally accessed sensitive internal information such as salary details on their employer’s IT systems and over half (54pc) would do so, given the opportunity. IT, HR and finance departments alike have to protect confidential information from non-authorised staff, the IT firm suggests. When asked what type of information would tempt them most, respondents said that HR and payroll information was the most popular target (36pc), followed by their manager’s personal notes (28pc) and colleagues’ personal notes (25pc). If presented with the opportunity, 6pc said they would steal a colleague’s password. It seems that men tend to be more dishonest than their female colleagues: 27pc of men, compared to 16pc of women, admitting to having stolen confidential information. Workers in London and Scotland (25pc) were the most likely to offend, with the most honest workers living in the Midlands (18pc).

Annemarie Duffy, Infrastructure Server Marketing Team Lead at Microsoft, called the results surprising. She said: “Not only are more than half of all UK employees prepared to snoop on confidential data, nearly a quarter have actually already done so. Particularly worrying is how vulnerable HR and payroll information has become, HR departments typically hold information that could be damaging for business and individuals if in the wrong hands. Details of salary, bank accounts, health records, National Insurance numbers, home address, family members could all be taken by a determined internal snooper or identity thief.”

The survey also suggested an external risk. A third of those replying admitted that they would access documents, files, customer details and old accounts from previous employers if they still had access. This shows the importance, according to the IT firm, for organisations to control users’ accounts and ensure there are processes in place to lock down accounts when staff leave. Duffy added: “Many organisations may already have the tools to resolve this issue but aren’t making the most of them; companies need to ensure they are maximizing the service of their existing servers. For example the implementation of a directory service, such as Active directory, which ships as an integral part of Windows server 2003, making it easier for the IT department to manage users identities and their access to information. The set-up of a directory service should be the first step for any organisation wanting to manage identities and secure access to information.”
Failure to provide such systems not only risks a breach of the Data Protection Act but invites internal espionage, it is claimed. The survey was by YouGov on behalf of Microsoft with 2,226 adults questioned.

“Organisations have statutory as well as moral obligations to all their stakeholders to protect this sort of information,” said Hugh Simpson-Wells at Identity and Access Management consultancy Oxford Computer Group. "Solutions are available for any size of business that are not only technically sound, but are accessible and affordable, and support flexible business processes for securing this kind of data. Failure to provide such systems not only risks prosecution under the Data Protection Act but invites destructive and divisive internal espionage - and is just plain inefficient.”

Microsoft reported this year it has supported more than 325 phishing and spam enforcement actions worldwide, including civil lawsuits by the company besides actions by law enforcement or government agencies for which Microsoft provided support or referrals. Briefly, phishing involves fake internet pages or spoof e-mails, whether supposedly from a bank or IT provider such as Microsoft, seeking people’s bank or other financial details, for the criminals to misuse.

Related News

  • News Archive

    Directory Manager

    by msecadm4921

    Group 4 Technology offers Directory Sync Manager as an optional module in its new multiMAX security management system. The makers report that…

  • News Archive

    NSI CEO

    by msecadm4921

    The new chief of the National Security Inspectorate (NSI) spoke with Mark Rowe. Brigadier Jeff Little, OBE, MBA, took over officially from…

  • News Archive

    Runway Camera

    by msecadm4921

    Vancouver International Airport (YVR) is the first commercial airport in the world to install a day and night camera to its existing…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing