Over half (54%) of German IT and security staff confess to snooping on sensitive information about their company’s performance according to a recent study from One Identity of over 900 IT and security professionals from seven different countries. This is in contrast to the 42% of UK security and IT employees that confessed to snooping on sensitive corporate information.
In addition, 80% of German IT and security staff admitted to accessing corporate data that is not relevant to their day to day jobs in contrast to 67% in the UK.
Typically, Germany is thought of as the most privacy conscious, and therefore has more strict rules on how organisations can monitor employees, yet they confess to snooping on corporate data the most, while the UK – which has passed a Snooper’s Charter – is not as inquisitive.
Commenting, Andrew Clarke EMEA director for One Identity said: “In Germany there are strict rules regarding what tools employers can implement with regard monitoring their employees. Monitoring and filtering tools can be used to analyse IT problems and prevent sensitive data leaks. However, IT administrators and managers could also use these tools to monitor employee performance which impacts individual privacy.
“One factor to consider is that German labour laws provide strong rights for workers’ representatives to be part of major decisions that impact employees. These include decisions not only about pay conditions, but also for corporate strategy, and the systems and processes that are used in the business.”
While it is true that other countries likely will have better identity access management systems in place to prevent snooping, this study indicates that the more access an employee is granted, the potential for abuse is, of course, greater – and not only that, employees will abuse that privilege.
Lee Munson, security researcher for Comparitech.com said:
““Do as I say, not as I do” is a phrase that springs to mind when looking at the attitude of German citizens toward confidential or sensitive information.
“Despite having a reputation for taking privacy far more seriously than many other nations, including many in Europe, the German people appear to have an unhealthy interest in poking their noses into their employer’s business.
“The fact that over half of German employees had attempted to uncover sensitive business information, and 80% had gone looking for other business data outside of their job requirements, suggest a potential insider threat issue for businesses in the country.
“Even though the perennially conservative Brits were less nosey, the suggestion that 42% had gone looking for sensitive company information is about 42% higher than most internal security departments would be happy with.
“It’s also rather ironic, isn’t it, that many of those people going beyond their pay grade in their search for UK company information are likely to be among those who cried foul when the British government brought in the Snooper’s Charter legislation last year?
“I guess spying is only bad when you are on the wrong end of it, right?”
Professor Andrew Jones from the University of Hertfordshire added: “I am surprised at the level of snooping.
“It actually shows a lack of security and compartmentalisation within organisations. It is the old ‘fortress’ mentality, where they are trying to keep the ‘bad guys’ out of the system. The reality is that the insider is the person that has the knowledge and access. If organisations segmented their networks and had good access and user permission control, then the snooper would only have access to a very limited portion of the available data.”