I’ve written about retirement plan data security – or lack thereof – in the past, but always in the context of employee data on laptops that had been stolen. But as I read about a recent study cited by AccountingWeb.com, Pogo’s famous words came to mind, “We have met the enemy, and he is us.”

Are we our own worst enemy when it comes to protecting employee and benefit plan data? Consider the results of the study which was carried out at last spring’s Infosecurity Exhibition Europe as part of an annual survey into "Trust, Security and Passwords”. It revealed the extent to which Information Technology (IT) employees snoop at the confidential information of other employees. By using the special administrative passwords that give IT workers privileged and anonymous access to virtually any system:

  • One-third admitted to snooping through company systems and peeking at confidential information such as private files, wage data, personal e-mails, and HR background.
  • More than 1/3 admitted they could still access their company’s network once they’d left their current job, with no one to stop them.

The big security risk is not just hackers, but companies mismanaging the storage and access to administrative passwords.

And IT folks are just like everyone else. Post-It Notes are the favorate way of storing passwords.