In a recent survey of 500 information technology and data security workers, 40 percent said they could easily use their knowledge of encryption keys, shared passwords, weak controls and loopholes in data security programs to make off with information, or hold their organization’s data hostage. And 31 percent said that, even if they no longer worked for the company, with their knowledge of the systems they could access encryption keys and authorization codes and hack in remotely to snoop, secretly alter files or shut down the data system.
Digital security firm Venafi discovered that firms that mismanage their encryption keys could fall victim to disgruntled former employees hiding or withholding encryption keys to the detriment of the firms. This threat has been attributed to lack of internal controls, poor management and failing to understand how weak management of encryption keys, data and security can hurt their organizations.
The survey reveals that organizations need to come to terms with how crucial encryption keys are to safeguarding the entire enterprise, but even more critical it is to monitor and manage who has access to them!
A good example stems from a recent US case.
Read more on the topic on my latest post on Slaw
First Reference Human Resources and Compliance Managing Editor