‘Snoop­ing’ may lead to data leaks

The New Paper - - NEWS - IRENE THAM, SE­NIOR TECH COR­RE­SPON­DENT

Poll of IT se­cu­rity pro­fes­sion­als

More than 90 per cent of IT se­cu­rity pro­fes­sion­als here say em­ploy­ees in their firms have sought some in­for­ma­tion they were not per­mit­ted to ac­cess, ex­pos­ing a ma­jor “snoop­ing” prob­lem in today’s work­force, a new study has found.

Tech­nol­ogy mar­ket re­search firm Di­men­sional Re­search polled more than 900 IT se­cu­rity pro­fes­sion­als, in­clud­ing 100 in Sin­ga­pore in July and Au­gust, and found that nearly ev­ery re­spon­dent here ad­mit­ted it was hap­pen­ing where they worked.

Per­haps more wor­ry­ing is that much of the snoop­ing was be­ing done by the very peo­ple in charge of keep­ing the in­for­ma­tion safe — tech se­cu­rity pro­fes­sion­als.

Nearly half of IT pro­fes­sion­als polled in Sin­ga­pore ad­mit­ted to look­ing for or as­sess­ing in­for­ma­tion not re­quired for their jobs.

Ex­perts say the find­ings — com­ing amid a na­tion­wide push to go dig­i­tal — raise im­por­tant ques­tions about whether there is a blind spot in cy­ber-se­cu­rity mea­sures.

Mr Len­nie Tan, whose firm com­mis­sioned the study, said it was wor­ry­ing that em­ploy­ees here have free ac­cess to sen­si­tive com­pany in­for­ma­tion such as fi­nan­cial per­for­mance. Mr Tan is the vice-pres­i­dent of USbased ac­cess man­age­ment soft­ware firm One Iden­tity.

“Med­dling with con­fi­den­tial in­for­ma­tion, even if it is non-ma­li­cious in in­tent, could lead to se­ri­ous dam­age to the busi­ness’ rep­u­ta­tion and fi­nan­cial stand­ing,” said Mr Tan, who is also the firm’s re­gional gen­eral man­ager.

Oth­ers warn that such lapses can have wide-rang­ing con­se­quences.

Mr Bill Tay­lor-Mount­ford, LogRhythm’s vice-pres­i­dent in the Asia-Pa­cific and Ja­pan, said em­ploy­ees who snoop may in­ad­ver­tently leak sen­si­tive data by los­ing the doc­u­ments they copied or when their com­put­ers are com­pro­mised.

Many of those sur­veyed also said they were con­cerned that dor­mant user ac­counts, such as those for ac­cess­ing e-mail and shared fold­ers, were not purged when em­ploy­ees left the or­gan­i­sa­tions. Only 7 per cent of re­spon­dents here said their com­pa­nies im­me­di­ately cut off the ac­counts of em­ploy­ees who left.

Mr Nick FitzGer­ald, a se­nior re­search fel­low at se­cu­rity soft­ware maker ESET, said com­pa­nies are open­ing their doors to hack­ers by leav­ing these ac­counts ac­tive.

Ex­perts said com­pa­nies can pro­tect them­selves against snoop­ing by us­ing soft­ware to limit ac­cess to in­for­ma­tion based on job func­tions, and en­crypt all their shared data so only au­tho­rised com­put­ers can read the in­for­ma­tion.

itham@sph.com.sg

Newspapers in English

Newspapers from Singapore

© PressReader. All rights reserved.