One-third of IT pros admit to snooping on co-workers

As many as a third of all senior IT professionals use their administrative passwords and other privileges to "snoop around the network" looking into employees' confidential material, say newly released survey results.

Conducted by Cyber-Ark Software as part of its annual look at "Trust, Security and Passwords," the study also suggests that IT pros -- typically working in companies of 1,000 or more -- are peering at confidential information such as salaries, personal e-mails, and merger and acquisition plans. They could also be sneaking peeks at confidential data long after they've quit their jobs and gone elsewhere.

Specifically, almost half of the 300 respondents -- or 47 percent -- admitted to accessing information that is not "relevant to their roles."

"Privileged passwords get changed infrequently and often a lot less than user passwords," according to the survey results. "Thirty percent get changed every quarter [and] 9% never get changed, giving access indefinitely to all those who know the passwords, even when they've left the organization."

About half of the IT pros questioned said they don't even need to get authorization in order to access privileged accounts.

But Cyber-Ark -- a maker of software for protecting passwords and confidential data -- isn't the only one paying heed to snooping these days.

A ruling issued this week by the 9th U.S. Circuit Court of Appeals in San Francisco holds that, under many circumstances, employers must have either a warrant or the employee's permission to view communications such as SMS text messages.

As the court in San Francisco sees it, text messages fall into a different category than e-mail -- a type of communications that employers have been legally allowed to see -- if these text messages are not stored by either the employer or someone the employer pays to store messages.

Meanwhile, Cyber-Ark's survey also pointed to an absence of effective policies around information exchange at most organizations. "Seven out of 10 companies rely on outdated and insecure methods to exchange sensitive data when it comes to passing it between themselves and their business partners," according to Cyber-Ark's report.

Specifically, 35% of companies use e-mail for sending sensitive data to business partners, 35% use couriers, 22% turn to FTP, and 4% still rely on the postal system.

In another startling finding, 12% of the senior IT pros surveyed admitted to sending out cash via postal mail.