In a recent survey, one-third of IT professionals asked admitted to viewing confidential information using administrative passwords. Even more admitted to looking into information that was not relevant to the task they were performing.

“All you need is access to the right passwords or privileged accounts and you’re privy to everything that’s going on within your company,” Mark Fullbrook, Cyber-Ark’s UK director, said in a statement released along with the survey results on Thursday.

Is that really all it takes to view others’ confidential information? A password? It shouldn’t be. Here are some ideas for making snooping a little less tempting:

• Separation of Privileges – If someone has access to an account that allows them to view or change anything and everything, it will be very tempting for them to do just that. By giving different accounts limited privileges, it will be easier to track when a particular incident occurred and harder for someone to pretend they are doing one thing while actually doing another.

• Overlapping Responsibilities – Have people work together on tasks. Snooping is far less likely if someone else is present.

• Use and Review Logs – Set up policies so that everyone knows that certain sensitive activities are logged and that those logs are regularly examined. It will make most people think twice about snooping, and that second thought will usually be, “I’d better not.”

Most people want to do the right thing, and the above suggestions are just a few ways to lessen the influence of the little devil on your shoulder.

This entry was posted on Thursday, June 19th, 2008 at 5:17 pm by Mike Markiewicz and is filed under data protection. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.