As Mark Fullbrook, the UK Director of Cyber-Ark told us "When it comes down to it, IT has essentially enabled snooping to happen! It's easy, all you need is access to the right passwords or privileged accounts and you're privy to everything that's going on within your company."
Certainly the days of having to photocopy sheets of information or pick the locks of the filing cabinet holding salary data are long gone. Now all the office snoop needs is a modicum of authority.
Of course, for the majority of staff who do not work within the dark realm of IT services it is assumed that an admin password is just something used when software needs updating or the desktop machine crashes. The really worrying thing is that this misunderstanding seems to exist in the upper echelons of IT management as well.
With half of IT administrators questioned not having to get any kind of authorisation to access privileged accounts, the real power of these passwords is exposed.
Fullbrook explains that "in some organisations there is little understanding or lack of controls in place to manage workers access to systems. While for those "in the know" they are the keys to the kingdom and if unprotected or fall into the wrong hands wield a great deal of power."
Meanwhile, over in the US, a San Francisco appeals court has ruled that employers cannot read email or other personal data that is not stored on site. This means that in order for a company to access, for example, text messages stored on a mobile phone it would have to apply for a court warrant first.
Either that or get the employees permission. Which is exactly, I suggest, what will be happening in the form of changes to corporate privacy policies throughout the area.
Now might be a good time to get both the reading glasses and a lawyer out...