I read several articles about research on the behavior of IT professionals recently. The research was sponsored by security vendor Cyber-Ark. Amazing stuff! A third of all IT professionals surveyed could still access the company’s network after they left the job. A third admit to snooping and peeking at information like people’s personal emails, salary info and other juicy tidbits. Most shocking: 50% of all IT professionals still keep passwords on Post-It notes. These are administrative passwords!! The really omnipotent accounts!!
The press release from Cyber-Ark has more details. The survey was of 200 IT professionals at April 2008’s Infosecurity Exhibition Europe, and it was entitled “Trust, Security and Passwords”.
Interestingly, these folks admitted these things in an anonymous survey, but aside from that they might never be detected in their snooping – admin passwords generally give privileged and anonymous access to systems.
One point: there’s a difference between snooping and corporate-policy-based monitoring of company IT assets. The survey was pointing out the fact that IT administrators can inappropriately access information and they count on not being caught.