One third of IT staff admit to snooping on confidential salary information.
Nearly every business relies heavily on IT, but few really understand the technology they are using and instead call on specialised staff or outside contractors to install and update their systems.
A survey by IT security Cyber-Ark found that one third of IT staff admit to snooping on confidential salary information, while half confessed to accessing data which had nothing to do with their jobs. Another study by Verizon Business’ investigative department found that 18 per cent of data breaches are caused by rogue employees (as opposed to outside hackers), with trusted IT administrators (‘super-users’) responsible for more compromises than any other IT role.
Manoj Patel is CEO of UK-based software company Unity, which is piloting a monitoring program called Lanxoma that works like a ‘benevolent trojan’, recording video, audio and key inputs whenever anyone logs on to the system as a ‘super-user’.
‘Businesses spend millions on hardware and firewalls to stop external threats like hackers,’ he says. ‘But IT workers have the keys to the kingdom and, of course, they snoop – humans are a curious lot.
‘For IT, if it’s marked “confidential” then it’s a challenge to break into. These guys are geeks, and often very technical. You cannot always believe what they’re telling you.’
Lanxoma requires anyone needing admin access to a system to request permission. This session is timed and the user is informed that they are being recorded, and if the program is tampered with or deleted the system shuts down and Lanxoma resurrects itself on reboot.
‘It’s a deterrent like a CCTV camera. It stops someone from being opportunistic if they stumble on a private document, and it has training uses as well,’ Patel explains.
Monitoring staff in this manner carries legal and ethical implications, and can suggest failings elsewhere in the business. Patel acknowledges that companies must carefully establish procedures around the use of such technology, and admits that ‘it can have an effect on morale. But ultimately it proves the innocence of people as well. So much of this kind of fraud is happening that something has to be done about it, even if it means upsetting a few members of staff.’