Temporary staff, cleaners, salesmen and security guards are perceived as the least trustworthy members of staff in a recent survey into “Trust, Security and Passwords” by Cyber-Ark Software, specialists in digital vaulting.
What is surprising is that the board of directors (10%) and PR and marketing personnel (10%) were then closely ranked as the next in line as the groups of people who you would trust the least within your organization.
No surprises then that those in personnel, the legal department and the boss’s secretary as well as the IT department were up there as some of the most trustworthy within the organization!
The survey was conducted amongst 200 office workers mainly consisting of IT personnel who unsurprisingly, felt that they were the most trustworthy groups of people within an organisation! However, this opinion was soon shattered as 1 in 3 then went onto admit that they abuse their IT privileges by using their administrative passwords to access all kinds of information by snooping around through the company systems, often peeking at confidential data such as your private files, wage data, personal emails, and HR background.
One survey participant exclaimed “So I know some personal stuff about my co-workers but who cares? Sales and marketing are constantly making things up about our products. That’s so much more dangerous to our company than me knowing how much Viagra the COO ordered last month – okay it’s a bit cheeky snooping around other peoples email systems but at least I’m not lying!” He continued “I also don’t trust the board of directors who trump up figures just to please the shareholders and just like politicians only tell us what they want us to know.”
Research conducted for the US Department of Defense by Carnegie Mellon University, found that it was often not the predicted, stereotypical group of workers such as cleaners, temps or security guards that you need to fear as the most untrustworthy within an organization, but the number one threat to enterprises are those that can attack the company from inside mainly the IT worker who uses their privileged passwords to access systems and can often do invisible damage without anyone necessarily detecting what they are up to.
It doesn’t necessarily come as a surprise that workers don’t trust the board of directors as never a week goes by without reports of news of another executive who has defrauded a company for falsifying figures, stealing and lying. Recently Stephen Richards the former head of sales for Computer Associates who was jailed for 7 years for conspiracy, securities fraud, perjury and obstruction of justice has been forced to pay £15.6m in restitution for his role in the accounting scandal at the firm which amounted to over £1m.
Calum Macleod – European Director for Cyber-Ark said “In an organization you never know who you can trust! There is increasing evidence to show that most breaches are carried out by insiders who are those people you least suspect such as the temporary staff who may be paid by your competitors to extract vital information. The findings of this survey show that there is distrust across all groups of workers and our advice to companies who need to protect sensitive information is to encrypt it, lock it away in a digital safe and make sure that you only allow staff to have access to what they need, by creating layers of security on your network.”
The leaking of the Harry Potter book before it came out last month was a typical example of what can happen when companies take a lax attitude to security and data breaches which can often have massive financial repercussions.
Macleod concludes “It is time companies take stock of who they employ and don’t naively allow staff general access to everything and anything. Often people can do more damage than you can imagine just at the click of a mouse so it’s worth sitting up and taking note of just who has access to what, researching your vulnerabilities and then locking down and securing your not only your physically backdoors but also your virtual ones.”