Major 'snooping' issue in workforce: Study

Nearly all IT security staff polled here say employees have sought data they were not permitted to access

More than 90 per cent of IT security professionals here say employees in their firms have sought some information they were not permitted to access, exposing a major "snooping" problem in today's workforce, a new study has found.

Technology market research firm Dimensional Research polled more than 900 IT security professionals, including 100 in Singapore in July and August, and found that nearly every respondent here admitted it was happening where they worked.

Perhaps more worrying is that much of the snooping was being done by the very people in charge of keeping the information safe - tech security professionals.

Nearly half of IT professionals polled in Singapore admitted to looking for or assessing information not required for their jobs.

Experts say the findings - coming amid a nationwide push to go digital - raise important questions about whether there is a blind spot in cyber-security measures.

Mr Lennie Tan, whose firm commissioned the study, said it was worrying that employees here have free access to sensitive company information such as financial performance. He is the vice-president of United States-based access management software firm One Identity.

"Meddling with confidential information, even if it is non-malicious in intent, could lead to serious damage to the business' reputation and financial standing," said Mr Tan, who is also the firm's regional general manager.

Others warn that such lapses can have wide-ranging consequences.

Mr Bill Taylor-Mountford, LogRhythm's vice-president in the Asia-Pacific and Japan, said employees who snoop may inadvertently leak sensitive data by losing the documents they copied or when their computers are compromised.

Many of those surveyed also said they were concerned that dormant user accounts, such as those for accessing e-mail and shared folders, were not purged when employees left the organisations. Only 7 per cent of respondents here said their companies immediately cut off the accounts of employees who left.

Mr Nick FitzGerald, a senior research fellow at security software maker ESET, said companies are opening their doors to hackers by leaving these user accounts active.

Disgruntled former employees may install malware in the network, or leak their access details on the Internet where hackers pick up information.

According to IBM's 2016 Cyber Security Intelligence Index, 60 per cent of all security breaches globally were carried out by insiders. Of these attacks, three-quarters involved malicious intent, while the rest were inadvertently caused.

Experts said companies can protect themselves against snooping by using software to limit access to information based on job functions, and encrypt all their shared data so only authorised computers can read the information.

Join ST's Telegram channel here and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on November 15, 2017, with the headline Major 'snooping' issue in workforce: Study. Subscribe