Employees are granted excessive privileges and access for their particular roles, which brings unnecessary risk to the organization they work for, according to a report released on Tuesday by security company BeyondTrust.
BeyondTrust interviewed 265 IT decision makers, and found that 28 percent admitted to having retrieved information not relevant to their job, including financial reports, HR data, and personnel documents.
The survey also showed that two-thirds of respondents have controls in place to monitor privilege access yet more than half said employees are able to circumvent those controls.
“Allowing any employee unfettered access to non-essential company data is both unnecessary and dangerous and should be an issue that is resolved quickly,” Brad Hibbert, EVP of product strategy at BeyondTrust said in a statement. “The insider threat has always been a vulnerability we take very seriously at BeyondTrust and it’s our goal to help customers combat this growing problem.”
Over three-quarters of respondents believe the risk to their organization caused by the insecurity of privileged users will increase over the next few years, and 80 percent of respondents believe that it’s at least somewhat likely that employees access sensitive or confidential data out of curiosity.
While it may not seem to be such a big deal that employees are able to access information that doesn’t pertain to their job, customer information could be at risk if there is a lack of proper access controls over privileged users. The lack of controls, combined with lax (or nonexistent) BYOD policies, could equal a security nightmare for organizations.
Web hosts have the opportunity to address these security concerns with the organizations they work with to ensure customer data is as safe as possible, especially considering hackers are able to use automated tools to target this data more frequently than ever before.