One in five companies have experienced insider sabotage or security fraud by a member of the IT staff, according to a new survey of 400 IT administrators by CyberArk. Of those companies, 36% say the IT employee delivered privileged information to a competitor.

Overall, 33% of IT staffers admit they’ve used their administration rights to access confidential information, such as HR records, customer databases, and layoff lists.

To make sure your business isn’t the victim of insider sabotage or theft, here are some tips experts recommend:

• Perform reference/background checks – Checking applicants’ history is one way to keep out IT staffers who might abuse their access privileges.
• Make sure the rules are clear – IT employees can be more likely to violate policies than other employees because they have a better idea of how to get around technology controls. That’s why it’s important to have rules about who can access what and discipline people who break them.
• Restrict access – Employees should only be able to view data that they need for their jobs.
• Change passwords – Passwords should be changed regularly and be complex enough to stay unpredictable. That’ll reduce the likelihood of unauthorized employees (or even ex-employees) accessing things they shouldn’t.