Slashdot Mirror


IT Pros Can't Resist Peeking At Privileged Info

Orome1 writes "IT security staff will be some of the most informed people at the office Christmas party this year. A full 26 per cent of them admit to using their privileged log in rights to look at confidential information they should not have had access to in the first place. It has proved just too tempting, and maybe just human nature, for them to rifle through redundancy lists, payroll information and other sensitive data including, for example, other people's Christmas bonus details."

9 of 388 comments (clear)

  1. Re:This is why I will never trust cloud services by masternerdguy · · Score: 5, Insightful

    Not true. I have had plenty of access to such information and have always avoided looking at it. It's immoral.

    --
    To offset political mods, replace Flamebait with Insightful.
  2. Re:This is why I will never trust cloud services by 1s44c · · Score: 5, Insightful

    Not true. I have had plenty of access to such information and have always avoided looking at it. It's immoral.

    Strongly agree. Plus if caught is destroys the trust that keeps them paying you, and it won't bring you happiness on any level anyway.

    Anytime a person tells another person how much they get paid one of them gets very pissed off. You are better off not knowing.

  3. Bad setup by ender- · · Score: 5, Insightful

    If your IT/Security staff can rifle through your sensitive data, you're doing it wrong.

    I have no ability to access the data in our HR or Financial systems. Only the HR and Financial folks do. *MAYBE* the DBAs could look at that data, but even if so they'd have to sift through the raw data or come up with their own queries. And I'm pretty sure a lot of that information is encrypted.

  4. Re:This is why I will never trust cloud services by DarKnyht · · Score: 5, Insightful

    We are quickly finding ourselves in a society where we lack an absolute morality authority. Therefore what is immoral for you may or may not be immoral to others. In other words, we are reaping the fruits of a society where all ideas are given equal worth. Where we are not to condemn someone because what they do is right from their point of view.

    --
    Voting them all out of office, now that's change I can believe in.
  5. Loose Controls and too many admins by Dakiraun · · Score: 5, Insightful

    I find a common problem with companies that have large IT departments is that too many users in those departments have "admin" level rights, which increases temptation and curiosity exponentially. Tighter controls on who needs elevated privileges and specifically where those privileges are needed are a way to help minimize exposure of sensitive data. On the other end of the problem, education is also helpful because most people who would go peeking likely don't understand the ramifications of that action should it be discovered. Have I ever done it as a professional? No. I'll admit, it was very tempting in a past firm since I had access to everything and I knew there were layoffs, salary changes and such going on. Curiosity does not get the better of me though when it means crossing ethical lines, and even if that were not true, I was well aware of the legal fallout that could happen where I to be aware of that information. The same could not be said though for other IT employees with the same access. In this situation, the access we had was certainly not necessary.

  6. Re:This is why I will never trust cloud services by Anonymous Coward · · Score: 5, Insightful

    have always avoided looking at it. It's immoral.

    Luckily most agree with you.. but it only takes one to steal your personal information.

  7. Re:This is why I will never trust cloud services by Anonymous Coward · · Score: 5, Insightful

    I admin that I have snooped through the financial information... And your right, it does piss you off. Company saying their in financial crises so they have to freeze all raises, but the executives all get their christmas bonuses that equal 1/2 my year salary.. Not sure why I couldn't control myself.. probably I was younger and more immature.. I have full access at my current job to all data, and haven't accessed anything I wasn't suppose to.

  8. Not socked by TheCarp · · Score: 5, Insightful

    I work in healthcare IT, and my mother was an X-Ray tech for years, until about 15 years ago.

    Even back when she was in the hospital, she saw people getting slapped and fired for it. Whenever someone famous came in, Princess Di was one of the big ones that I heard of, someone would go look up that persons info who shouldn't have, and of course, for famous people they would audit, and people got caught.

    Now? Now you get flagged for all manner of things (I don't know exactly what, but it is well known that it includes looking up family members or people living on your own street etc) and its automatic. We have training on "Ethical Standards" every year, which talks about all of these records access issues. Still... I hear the single most common reason for anyone at the hospital getting fired is.... you guessed it.... inappropriate records access.

    Here in MA they have the "CORI" system for doing criminal records checks. You are supposed to need consent to search it for someones info...unless you are a police officer doing his job or that sort of thing. Some auditing was done a while back and they found absolutely RAMPANT abuse. Police looking up their neighbors, looking up spouses, ex-girlfriends etc. (this was several years back... no idea if anything came of it...can't find any articles on it anymore)

    The problem is a very human one.

    --
    "I opened my eyes, and everything went dark again"
  9. Re:This is why I will never trust cloud services by Anonymous Coward · · Score: 5, Insightful

    If sales is so easy why don't you do it? The answer to that question is the reason why he makes more than you.