Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

One in Five Employees Would Sell Work Passwords: Survey

One in five employees are willing to sell their work passwords to an outsider, in many cases for less than $1,000, according to a survey conducted by identity and access management firm SailPoint.

One in five employees are willing to sell their work passwords to an outsider, in many cases for less than $1,000, according to a survey conducted by identity and access management firm SailPoint.

SailPoint’s Market Pulse Survey, which is based on the responses of 1,000 people working at large organizations in the U.S., Europe and Australia, shows that employees’ poor security practices often expose companies to potentially damaging attacks.

Despite the increasing number of incidents involving stolen credentials, poor password hygiene and negligence continue to be a problem. According to SailPoint, 65 percent of respondents admitted using a single password for multiple applications, and roughly one-third of them have shared passwords with their co-workers.

Furthermore, one in five employees said they would sell their work passwords to a third-party. In the United Kingdom, for instance, more than half of respondents who said they would sell their passwords, would do it for less than $1,000.

In the United States, 40 percent of those who are ready to sell their passwords would do it for less than $1,000. Worryingly, some employees said they were willing to sell corporate access credentials for less than $100.

SailPoint noted that since the organizations taking part in the survey employ, on average, roughly 50,000 individuals, the report shows that 10,000 of them would sell their passwords, 32,500 use the same credentials across multiple apps, and nearly 17,000 share passwords with co-workers.

The 2016 Market Pulse Survey shows that one in three employees have purchased SaaS applications without their IT department’s knowledge, and a quarter of respondents admitted uploading sensitive information to cloud applications with the specific intent to share the files outside their company.

The main reason office workers chose to bypass IT when acquiring an SaaS application are the IT department’s tendency to overcomplicate things and slow down the process.

Advertisement. Scroll to continue reading.

The survey has also highlighted the need to disable the accounts of former employees. More than 40 percent of respondents said they still had access to a variety of corporate accounts from their previous job.

While their poor security practices expose their organizations to data breaches, most employees are concerned about their personal information being shared, and 40 percent of them said they would stop doing business with a company that suffered a breach.

“This year’s Market Pulse Survey shines a light on the significant disconnect between how employees view their personal information and that of their employer, which could also include personal information of customers,” commented Kevin Cunningham, president and founder of SailPoint. “Today’s identity governance solutions can alleviate the challenge of remembering several passwords and automate IT controls and security policies, but it’s imperative that employees understand the implications of how they adhere to those policies. It only takes one entry point out of hundreds of millions in a single enterprise for a hacker to gain access and cause a lot of damage.”

Related: Breach Detection Time Improves, Destructive Attacks Rise – FireEye

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...