Survey: IT pros admit to peeking inside confidential data files

Windows Networking Strategies This newsletter is sponsored by Lockdown Networks NAC: Tighter security Download this whitepaper - learn how NAC works and how to evaluate solution Network World's Windows Networking Strategies Newsletter, 06/13/07 Survey: IT pros admit to peeking inside confidential data files By Dave Kearns As long as it’s just the two of us talking, you can tell me – don’t you sometimes go snooping inside the storage servers? Not to be nosy, of course. But, perhaps, to see just what those disk hogs (you know, the ones who seem to need 10 times the storage space) are squirreling away? Well, evidently, you aren’t alone. The recently released results of a survey by Cyber-Ark Software show that one out of every three IT employees admit to taking a peek at confidential data including private files, wage data, personal e-mails and HR’s employee background information. The research was carried out at last month's Infosecurity Exhibition Europe as part of the company's annual survey into "Trust, Security and Passwords" (check out some of last year’s results). Cyber-Ark, if you aren’t familiar with it, develops Enterprise Password Vault for securing and managing privileged passwords. A privileged password is defined by the company as the passwords for non-personal accounts “…that exist in virtually every device or software application in an enterprise.” Not your systems, of course – you did change the “Administrator” password on your servers, didn’t you? The IDC Enterprise Panel: Join IDCs panel of IT influencers and decision-makers. Your contributions will be compiled and distributed to technology and telecommunications vendors all over the world. As a thank you for joining, you will receive select free IDC research, and discounted IDC conference passes. Click here to learn more In other results of this eye-opening survey, more than a third of IT professionals admit they could still access their company's network once they'd left their job! (See: “E-provisioning true stories 2003”) You, of course, have a de-provisioning scheme in place to prevent that, don’t you? Even more shocking, over one-quarter of respondents knew of another IT staff member who still had access to sensitive networks even though they'd left the company long ago. Other key findings: * 20% of all organizations admitted that they rarely changed their administrative passwords with 7% saying they never change administrative passwords. * 8% of the IT professionals revealed that the manufacturer’s default admin password on critical systems had never been changed (which remains the most common way for hackers to break into corporate networks). * More than half of respondents admitted to using Post-It notes to store administrative passwords. Cyber-Ark wants you to know all this so that you’ll be more receptive to installing its Enterprise Password Vault, of course. But even while you’re still evaluating that and similar products, you should be tightening up your own policies and procedures – it’s never too late to start being secure.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Wireless networks: The burning questions 2. Top 15 USB geek gadgets 3. Juniper feels growing pains 4. Bill Gates' Harvard commencement speech 5. Marriott's converged network 'horror story' 6. Vista not playing well with IPv6 7. 10 free virtualization tools worth noting 8. Slideshow: Juniper unveils the T1600 9. Juniper unveils giant router 10. Microsoft vs. Google MOST-READ REVIEW: Clear Choice Test: Blades vs. Racks

Contact the author: Dave Kearns is a writer and consultant in Silicon Valley. He's written a number of books including the (sadly) now out of print "Peter Norton's Complete Guide to Networks." His musings can be found at Virtual Quill. Kearns is the author of two Network World Newsletters: Windows Networking Strategies, and Identity Management. Comments about these newsletters should be sent to him at these respective addresses: windows@vquill.com, identity@vquill.com . Kearns provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail. This newsletter is sponsored by Lockdown Networks NAC: Tighter security Download this whitepaper - learn how NAC works and how to evaluate solution ARCHIVE Archive of the Windows Networking Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007