What Information can my IT Department Access?
We’ve all heard of the hack attacks and photo leaks which are becoming a regular feature in the news. It’s not surprising considering that in today’s era information is just as valuable as money. The Information Age feeds off of personal information which includes anything from a person’s age and private details, to bank accounts, to shopping habits or even the kind of music they prefer.
Some companies are profiting from selling their clients’ information to third-party companies. Luckily there are certain security measures that businesses can take to protect sensitive data, but most of them involve relying on your IT department. While you may have the passwords and login details for your workplace system, the IT guys most probably have admin access to nearly anything on it.
In Security and Privacy: What Secrets Does Your IT Department Know? on the Cerius Blog, we discussed all the weak spots in your IT network and what information can be leaked:
What Does Your IT Department Know in Email
The major area of what IT knows is within the corporate e-mail system. The email system is something everyone takes for granted, and almost every thought, idea, strategy, decision, concern and the like is written down and sent in an email or attachment. This then usually gets backed up and sent offsite in many cases. There are multiple people in IT that have access to these emails and calendars, and they read them more than occasionally.
What Does Your IT Department Know in Human Resources
An IT individual with admin rights to the human resource system(s) will have the ability to access extremely sensitive information of all the employees in the company. Sensitive information such as salary, benefits, bonus payouts, and even court-ordered wage garnish information, such as alimony and child support payments. This access can be used to access personal information, and even the CEO and CFO aren’t exempt.
Furthermore, those individuals have access to the customer facing systems and data regarding the customers, names, addresses, and the ever sensitive credit card numbers and much more depending on the nature of the business. There are many high profile instances where a breach in this area has been a huge issue for companies.