Businesses in the U.K. face a serious security threat from their own employees, according to new research.
Nearly a quarter (22 percent) of U.K. employees admitted to having illegally accessed sensitive internal information, such as salary details on their employer’s IT systems, and over half (54 percent) would do so, given the opportunity, according to the study.
The research by online polling firm YouGov, commissioned by Microsoft, found that over a third of respondents said that human resources (HR) and payroll information were the most popular targets (36 percent), followed by their manager’s personal notes (28 percent) and their colleagues’ personal notes (25 percent). Six percent said they would steal a colleague’s password if the opportunity arose.
The survey also found that men are more dishonest than their female colleagues, with 27 percent of men, compared to 16 percent of women, admitting to having stolen confidential information. Workers in London and Scotland (25 percent) were the most likely to offend, with the most honest workers living in the Midlands (18 percent).
“The results of this survey were surprising,” commented Annemarie Duffy, Infrastructure Server Marketing Team leader at Microsoft. “Not only are more than half of all U.K. employees prepared to snoop on confidential data, nearly a quarter have actually already done so. Particularly worrying is how vulnerable HR and payroll information has become; HR departments typically hold information that could be damaging for business and individuals if in the wrong hands. Details of salary, bank accounts, health records, National Insurance numbers, home address, family members could all be taken by a determined internal snooper or identity thief.”
A third of respondents admitting that they would access documents, files, customer details and old accounts from previous employers if they still had access.
“Organizations have statutory as well as moral obligations to all their stakeholders to protect this sort of information,” said Hugh Simpson-Wells at identity and access management consultancy Oxford Computer Group. "Solutions are available for any size of business that are not only technically sound, but are accessible and affordable, and support flexible business processes for securing this kind of data. Failure to provide such systems not only risks prosecution under the Data Protection Act but invites destructive and divisive internal espionage – and is just plain inefficient.”
A Websense study revealed last month that men are more likely to surf personal websites at work than women. Sixty-five percent of men surveyed said they access non-work sites while on the job, in comparison to 58 percent of women, according to that poll.