Corporate Network Snooping, in a security context, is gaining or trying to gain unauthorized access to another employee’s or the company’s data, that may not necessarily pertain to the job.
A recent survey of 913 individuals conducted by One Identity revealed shocking statistics about employee snooping on corporate networks. The results are unnerving because the number of employees across countries and sectors is very large, and majority of the respondents admit to have indulged in some snooping themselves.
While the survey respondents constituted primarily of individuals from the USA (34%), respondents from other regions were represented well enough (Hong Kong: 11%, Singapore: 11%, Australia: 11%, France: 11%, Germany: 11% and United Kingdom: 11%). Varying company sizes were included, with companies having 500-2000 employees at 44%, 2000-5000 at 28%, and more than 5000 employees at 28%.
Of those surveyed, majority were team managers (45%), which ensured that relevant people in the organization who could observe employee behavior made up the bulk of the sample. Executives were also represented at 35% and ‘individual contributors’ were at 20%.
The individuals also, by a majority, already had privileged account access (87%), which makes it even more alarming that they felt the need to snoop the corporate network for more data despite their elevated access. This scenario uncovers behavioral trends towards snooping that are psychological in nature, and therefore must be addressed at the security level rather than in any other way.
When asked the question, “In your experience, do employees ever attempt to access information that is not necessary for their day-to-day work?”, 69% said “Rarely, but it happens”, 23% said “Yes, this happens frequently”, and only 8% said “No, they never even try.” This places 92% of employees in the ‘potential insider threats’ category, which is a huge percentage. When asked instead the question, “Have you ever attempted to access information that is not necessary for your day-to-day work”, the numbers again favored snooping. (51%) responded “Rarely, but I have done it” and (15%) replied “Yes, I do this frequently”.
Critical performance data is regularly compromised as well. More than 1 in 3 (36%) respondents replied ‘Yes’ to the question “Have you ever looked for or accessed sensitive information about your company’s performance, apart from what you are required to do as part of your job?” Such statistics could spell disaster for any business, regardless of whether it is a large enterprise, a mid-market organization or a startup. Data breaches are expensive, but performance related breaches more so. These can threaten the very survival of any business.
The situation clearly demands attention. How can one reduce the threat of insider corporate network snooping?
Identity and Access Management (IAM) is the answer. Role-based access control and strict governance of rights and permissions can help prevent potential bad actors from accessing confidential or sensitive information. Organizations can leverage identity intelligence and privileged access management to identify employees who have been granted elevated rights and pinpoint exactly where abuse of those rights is occurring.
Ilantus Compact Identity offers a comprehensive solution that allows role-based access control, governance, and risk metrics powered technology to identify privileged accounts. It is the only solution in the industry to offer Single Sign-on, Multi Factor Authentication, Enterprise Class Password Management, Access Recertification, and all essential IAM components that most businesses require to secure themselves against insider threats. Tight integration with Privileged Access Management ensures elevated access are not misused and helps with timely access revocation on role change or employee exit.
