20 Percent of Employees Would Sell Their Passwords

March 21, 2016

According to new research, one in five employees would be willing to sell their work passwords to another organization, up from one in seven last year.

The research by identity management company Sailpoint, found that of those who would sell their passwords, 44 percent would do it for less than $1,000, and some for less than $100. This is made worse by the fact that 65 percent admit to using a single password among applications and 32 percent share passwords with their co-workers.

In addition, the survey found that more than two in five employees still have corporate account access after they leave their job. More than 25 percent uploaded sensitive information to cloud apps with the specific intent to share data outside the company. And one in three employees purchased a SaaS app without IT's knowledge, a 55-percent increase from last year. Reasons for not involving the IT department include because it's faster (49 percent), because IT adds too much process (40 percent), and IT over complicating things (21 percent).

The data comes from a survey of 1,000 office workers at large organizations (with at least 1,000 employees) across the US, UK, Germany, France, the Netherlands and Australia. It reveals a disconnect between employees' growing concern over the security of their personal information and their negligence over data security practices in the workplace.

"This year's Market Pulse Survey shines a light on the significant disconnect between how employees view their personal information and that of their employer, which could also include personal information of customers", says Kevin Cunningham, president and founder of SailPoint. "Today's identity governance solutions can alleviate the challenge of remembering several passwords and automate IT controls and security policies, but it's imperative that employees understand the implications of how they adhere to those policies. It only takes one entry point out of hundreds of millions in a single enterprise for a hacker to gain access and cause a lot of damage".

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.