調查：三成網管偷窺同事隱私

One in three information technology professionals abuses administrative passwords to access confidential data such as colleagues' salary details, personal emails or board-meeting minutes, according to a survey.

US information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role.

"All you need is access to the right passwords or privileged accounts and you're privy to everything that's going on within your company," Mark Fullbrook, Cyber-Ark's UK director, said in a statement released along with the survey results on Thursday.

"For most people, administrative passwords are a seemingly innocuous tool used by the IT department to update or amend systems. To those 'in the know' they are the keys to the kingdom," he added.

Cyber-Ark said privileged passwords get changed far less frequently than user passwords, with 30 percent being changed every quarter and 9 percent never changed at all, meaning that IT staff who have left an organization could still gain access.

It added that seven out of 10 companies rely on outdated and insecure methods to exchange sensitive data, with 35 percent choosing email and 35 percent using couriers, while 4 percent still relied on the postal system.

一項調查顯示，三分之一的IT從業人員利用自己的網管權限偷窺同事的工資、私人電郵及董事會會議記錄等一些保密信息。

美國Cyber-Ark信息安全公司對300名高級IT人員開展的一項調查顯示，三分之一的人承認自己曾偷窺過公司的保密信息及同事的隱私，47%的人說他們曾瀏覽過與本職工作無關的信息。

本週四調查結果公佈時，該公司英國區總監馬克•福爾布魯克在發言中說：“你只需輸入正確的口令或登錄有特別權限的管理員賬戶，公司的所有機密信息就一覽無餘了。”

他說：“在多數人看來，管理員密碼只不過是IT部門用於更新或維護系統的一個工具，不會有什麼害處。而對於那些‘知情人士’來說，這可是‘打開王國的鑰匙’。”

Cyber-Ark公司說，網管密碼的修改頻率比普通用戶密碼要低得多。其中30%的網管密碼每季度修改一次，9%從未修改過，這意味着IT人員離職後還能用管理員密碼登錄以前公司的內部系統。

此外，70%的公司仍採用一些落後、不安全的方式傳送敏感數據；分別有35%的公司用電子郵件和快件傳送數據信息，而還有4%的公司仍採用郵政系統傳送。