Scaring survey finds that one out five employees would sell corporate passwords, some for less than $1000
According to the 2016 Market Pulse Survey, sponsored by an Austin-based security company, SailPoint Technologies, the biggest threat to a company’s digital security seems to be its employees. The survey says that one in five employees would be willing to sell their work passwords to another organization, which is up from one in seven last year.
The data comes from a survey of 1,000 office workers at private organizations (with at least 1,000 employees) across the US, UK, Germany, France, the Netherlands and Australia.
The survey shows that one third (32 percent) of respondents said they share their passwords with their co-workers, and nearly two thirds (65 percent) said they only use a single password across multiple applications.
However, the most shocking revelation is that one in five employees globally said they would sell their passwords to an outsider. Of those who would sell their passwords, 44 percent would do it for less than $1,000, and some for less than $100.
The study broke down that 20 percent who would sell passwords by country. The US led the pack with 27 percent willing to sell.
Among other findings, the worrying fact is that more than two in five employees still have corporate account access after they leave their job. Even worse, while in their current jobs, 33% of all employees admitted to purchasing and later using (for work) SaaS solutions without the IT staff’s knowledge or approval. 70% of these employees also admitted to uploading corporate data in cloud services, with the specific intent to share data or access it outside the company.
The main reason office workers chose to bypass IT when acquiring a SaaS application is that the IT department’s tendency to overcomplicate things and slow down the process.
The survey has also highlighted the need to disable the accounts of former employees. More than 40 percent of respondents said they still had access to a variety of corporate accounts from their previous job.
“The digital identity of an individual user is the key that unlocks corporate data and applications…” The survey said. “Organizations need to strike a balance between providing the level of convenience the employees require (and expect) while also ensuring that proper IT and security controls are in place. Corporate security and business agility can no longer be competing priorities, but instead must be interwoven.”
While their poor security practices expose their organizations to data breaches, the survey also highlights disconnect between employees’ growing concern over the security of their personal information and their negligence over data security practices in the workplace.
“This year’s Market Pulse Survey shines a light on the significant disconnect between how employees view their personal information and that of their employer, which could also include personal information of customers”, says Kevin Cunningham, president and founder of SailPoint. “Today’s identity governance solutions can alleviate the challenge of remembering several passwords and automate IT controls and security policies, but it’s imperative that employees understand the implications of how they adhere to those policies. It only takes one entry point out of hundreds of millions in a single enterprise for a hacker to gain access and cause a lot of damage”.
You can visit the SailPoint website and download the full report for more information.