22% of UK workers admit to internal espionage
54% say they would do it if given the opportunity
Men more dishonest than women
British businesses face a serious security threat from inside their own walls. Nearly a quarter (22%) of UK employees admit to having illegally accessed sensitive internal information such as salary details on their employerís IT systems and over half (54%) would do, given the opportunity.
The research by YouGov, commissioned by Microsoft highlights the challenge facing IT, HR and finance departments in protecting confidential information from non-authorised employees. When asked what type of information would tempt them most, respondents said that HR and payroll information was the most popular target (36%), followed by their managerís personal notes (28%) and their colleaguesí personal notes (25%). If presented with the opportunity, 6% said they would steal a colleagueís password.
It seems that men tend to be more dishonest than their female colleagues with 27% of men, compared to 16% of women, admitting to having stolen confidential information. Workers in London and Scotland (25%) were the most likely to offend, with the most honest workers living in the Midlands (18%).
ìThe results of this survey were surprising,î commented Annemarie Duffy, Infrastructure Server Marketing Team Lead at Microsoft Ltd. ìNot only are more than half of all UK employees prepared to snoop on confidential data, nearly a quarter have actually already done so. Particularly worrying is how vulnerable HR and payroll information has become, HR departments typically hold information that could be damaging for business and individuals if in the wrong hands. Details of salary, bank accounts, health records, National Insurance numbers, home address, family members could all be taken by a determined internal snooper or identity thief.î
This issue isnít just confined to the four walls of a business and itsí current employees; the survey also highlighted an external risk with a 33% of respondents admitting that they would access documents, files, customer details and old accounts from previous employers if they still had access. This shows the importance for organisations on controlling their usersí accounts and ensuring that there are processes in place to lock down accounts when employees leave organisations.
ìMany organisations may already have the tools to resolve this issue but arenít making the most of themî continued Duffy, ìcompanies need to ensure they are maximizing the service of their existing servers. For example the implementation of a directory service, such as Active directory, which ships as an integral part of Windows serverô 2003, making it easier for the IT department to manage users identities and their access to information. The set-up of a directory service should be the first step for any organisation wanting to manage identities and secure access to information.î
ìOrganisations have statutory as well as moral obligations to all their stakeholders to protect this sort of information,î said Hugh Simpson-Wells at Identity and Access Management consultancy Oxford Computer Group. Solutions are available for any size of business that are not only technically sound, but are accessible and affordable, and support flexible business processes for securing this kind of data. Failure to provide such systems not only risks prosecution under the Data Protection Act but invites destructive and divisive internal espionage - and is just plain inefficient.î
Survey finds: Employers may be leaving the door open to internal espionage
British businesses face a serious security threat from inside their own walls
