Forget about sophisticated international hackers or even malicious ex-employees with an ax to grind – the No. 1 thing you need to worry about when it comes to keeping sensitive info safe is employees who can’t mind their own business!
A whopping 92% of folks have tried to access information they didn’t need for their day-to-day work. Nearly a quarter of them (23%) do it regularly.
Those eye-openers come from a recent study commissioned by identity and access solution providers OneIdentity.
There’s nothing nefarious happening – the vast majority of folks are more nosy than anything else. But every time a person accesses or even shares data that isn’t intended for their eyes, you run the risk it’ll end up in the wrong hands.
And that makes your company vulnerable to everything from data loss to customer data exposure to compliance violations.
The good news is, your organization can minimize its risk.
The biggest offender is …
Two-thirds (66%) of IT pros admit that they’ve sought out or accessed corporate info they didn’t need for their jobs. And it’s the ones with the most seniority who are the worst offenders.
Of course they know better. And they’re certainly not the only ones doing it. But by addressing this issue with your top IT folks, you’ll greatly reduce your exposure.
The why
It helps to understand just what types of info folks are poking around in if you want to stop it.
Often, they’re looking for information on your company’s performance. Nearly half of IT execs say they’ve snooped for sensitive company performance info, compared to 17% of regular team members. So that’s the first thing you want to lock down and restrict access to.
Other times, it’s a lot more random. Nearly three quarters (71%) of IT execs cop to seeking out “extraneous” info and 56% of non-manager levels have done the same.
And it’s not a strictly big-company phenomenon. In fact, the smaller you are, the more vulnerable you may be. More than a third (38%) of companies with 500 to 2,000 employees have employees who’ve looked for or accessed sensitive performance data. That’s compared to 29% of companies with more than 5,000 employees.
Your best protections
No matter what your size, considering how much sensitive data is housed in your company – and how many different laws you must comply with to protect it – no company can afford a bunch of Nosy Neds and Nellies who let their fingers do the walking. These strategies can minimize your risk:
Across your company: Keep the general population of snoops out by establishing role-based access controls. You’ll also need strict governance of those permissions to make sure they’re being followed to the letter.
With senior IT executives: This is a trickier one, as they’re the folks with all the access in the first place! Experts advise you tap “identity intelligence” to gather info on who’s accessing what. From there you can add in controls to prohibit unauthorized access.
And everyone should understand the consequences of putting their noses in things that aren’t their business.