Major problem with employees snooping on corporate networks, IT poll shows

Perhaps more worrying is that much of the snooping was being done by the very people in charge of keeping the info safe - tech security professionals.
Perhaps more worrying is that much of the snooping was being done by the very people in charge of keeping the info safe - tech security professionals.PHOTO: ST FILE

SINGAPORE - More than 90 per cent of IT security professionals here say employees in their firm have sought some information they are not permitted to access, exposing a major "snooping" problem in today's workforce, a new study finds.

Technology market research firm Dimensional Research polled more than 900 IT security professionals worldwide, including 100 in Singapore in July and August (2017), and found that nearly every respondent here admitted that it was happening where they work.

Perhaps more worrying is that much of the snooping was being done by the very people in charge of keeping the info safe - tech security professionals.

Nearly half of IT professionals polled in Singapore admit to looking for or assessing information not required for their job. Experts say the findings - coming amid a nationwide push to go digital - raise important questions about whether there is a blindspot in cybersecurity measures.

Mr Lennie Tan, whose company commissioned the study, said it is worrying that employees in Singapore have free access to sensitive company information such as financial performance.

Mr Tan is the vice-president of United States-based access management software firm, One Identity.

"Meddling with confidential information, even if it is non-malicious in intent, could lead to serious damage to the business's reputation and financial standing," said Mr Tan, who is also the firm's regional general manager.

Others warn that such lapses can have wide-ranging consequences.

Mr Bill Taylor-Mountford, LogRhythm's vice-president in Asia Pacific & Japan, said employees who snoop may inadvertently leak sensitive data by losing the documents they copied or when their computers are compromised.

Many of those surveyed by Dimensional Research also said they are concerned that dormant user accounts such as those for accessing e-mail and shared folders may not have  been purged when employees leave the organisation.

Only 7 per cent of respondents in Singapore said their companies immediately cut off the accounts of employees who left.

Mr Nick FitzGerald, a senior research fellow at security software maker ESET, said companies are opening their doors to hackers by leaving these user accounts active.

Disgruntled former employees may install malware on the network, or leak their access details on the Internet where hackers pick up information.

According to IBM's 2016 Cyber Security Intelligence Index, 60 per cent of all security breaches globally were carried out by insiders. Of these attacks, three-quarters involved malicious intent, while the rest were inadvertently caused.

Experts said that companies can protect themselves against snooping by using software to limit access to information based on job functions and encrypt all their shared data so that only authorised computers can read the information.