88% of IT Admins Would Steal Passwords If Laid Off

narramissic writes "According to identity management firm Cyber-Ark's annual 'Trust, Security & Passwords' survey, a whopping 88% of IT administrators would steal CEO passwords, customer database, research and development plans, financial reports, M&A plans and the company's list of privileged passwords if they were suddenly laid off. The survey also found that one third of IT staff admitted to snooping around the network, looking at highly confidential information, such as salary details and people's personal emails."

Not reasonable

[linear+a]

Sounds like an unreasonable estimate to me. If people were that vindicative and dishonest then IT (and similar) systems wouldn't ever keep working.

Betray the betrayer?

[knarfling]

When someone is laid of for no apparent reason, they often feel hurt and betrayed. A natural reaction is that the trust between them has already been destroyed.

At one company I was with, a sysadmin was on a conference call, and had his hands full when the call ended. The CEO never hung up the phone, and started talking to his assistant about people loosing their jobs and how much severance would be paid. The sysadmin, who probably should have hung up when he was first able to, couldn't resist listening for a short time. After a couple of minutes, the CEO finally realized that his phone was still on, and hung up the line. By that time, the sysadmin knew that several people would be laid off soon, but not how soon, or which people.

He informed a couple of his friends that the company was in worse shape than he had realized, and discretely began updating his resume. Within a month, the company was bought out and closed down by another company and everyone lost their jobs. He was asked to stay on as part of the transition team and that the new company would pay him, but after a couple of days, it was clear that he had been working for free and the new company was not going to honor the agreement.

At that time, he still had sysadmin access, and began to look through emails of the former employees. Some, including the CEO, were still getting and sending emails through web access through the old company server. He learned that although the board of directors did not want to spend the money to make sure that the fired employees could still have health insurance for a couple of months, they were willing to give the former CEO $25,000 for his efforts.

I have always said that a good sysadmin knows all the secrets of a company, but a great sysadmin knows when not to look. In this case, was the sysadmin justified in looking after he had been promised to be paid and then told he was not being paid? (Yes, his access should have been cut off, but he was the one who would have had to cut himself off and he was never told to do so.)

Although this situation may be unique, I think that many sysadmins may feel the same way. Once they are betrayed, they no longer feel the need to stay loyal to those that betray them.

Re:Might Be Reasonable

[visualight]

I've been through a couple of layoffs. In one, the company was concerned about stealing, sabotage, and other vindictive behaviours. So they surprised everyone with two week severance packages and an escort out the door one morning. They brought in people at the butt crack of dawn to turn off every computer in the building. Later, "core" people started deserting the company, taking whatever they wanted with them.

In the other one, there was an announcement, something like, "The 20 people in this room are being laid off. Starting in two weeks we're going to lay off 4 people per week for 5 weeks. We expect you all to continue to do your jobs as well as you can *while* you look for work. Let your supervisor know of any scheduled interviews, they will be considered paid time off. As you find work report your start date so each week we can try to lay off people who already have new jobs."

The second layoff went without a hitch. The people laid off kept relations with the company, some came back later.

I know it's not the same as firing someone, but it does seem to me some companies treat laid off employees as if they've been fired.