This post originally appeared at The Var Guy
Company managers might think their IT staff would be the most trusted not to make any security gaffs, but they may want to think again, according to a new survey, which found that these types of workers are posing some of the biggest risk to IT security.
The 2015 Insider Risk Report—commissioned by cloud business app provider Intermedia and delivered by independent marketing association Precision Sample—found that people with the greatest access to company data who are tasked with keeping it secure, such as IT personnel, are more likely to engage in risky behaviors than the average employee.
According to the survey—which polled more than 2,000 business professionals—32 percent of IT staff admit to having given out their login and password credentials to other employees. This is compared to 19 percent of other staff that responded to the survey who said they’ve given out their login and password credentials.
“It’s nearly always that technical people are the worst offenders,” said Richard Walters, vice president of Identity and Access Management at Intermedia, in a press release. “They know how to get around various controls that an IT team will put in place. It’s sometimes done with the best intent, but nevertheless with a complete lack of consideration for the risk or security implications.”
Moreover, 28 percent of IT pros said they’ve accessed systems of previous employers even after they’ve left positions at those companies, compared to 13 percent of other respondents, according to the survey. And 31 percent of IT professionals said they would take data from their company if they think it would positively benefit them—a number that’s nearly three times the rate of general business professionals, according to the survey.
Overall, 93 percent of those polled admitted to insecure IT practices, which result in myriad issues for the enterprise, including lost data, regulatory compliance failures, data breaches and even blatant sabotage by a disgruntled current or former employee, according to Intermedia.
The newer entrants to the workforce, millennials, also are some of those most likely to put enterprises at risk. The survey found that this group of employees—who have been comfortable with technology most of their lives—are also most likely to be guilty of installing applications without company approval.
They also engage in behaviors that breach the personal and professional divide by saving company files to personal cloud storage or other so-called “shadow IT” practices, according to the survey.