Security Experts:

One in Five Employees Would Sell Work Passwords: Survey

One in five employees are willing to sell their work passwords to an outsider, in many cases for less than $1,000, according to a survey conducted by identity and access management firm SailPoint.

SailPoint’s Market Pulse Survey, which is based on the responses of 1,000 people working at large organizations in the U.S., Europe and Australia, shows that employees’ poor security practices often expose companies to potentially damaging attacks.

Despite the increasing number of incidents involving stolen credentials, poor password hygiene and negligence continue to be a problem. According to SailPoint, 65 percent of respondents admitted using a single password for multiple applications, and roughly one-third of them have shared passwords with their co-workers.

Furthermore, one in five employees said they would sell their work passwords to a third-party. In the United Kingdom, for instance, more than half of respondents who said they would sell their passwords, would do it for less than $1,000.

In the United States, 40 percent of those who are ready to sell their passwords would do it for less than $1,000. Worryingly, some employees said they were willing to sell corporate access credentials for less than $100.

SailPoint noted that since the organizations taking part in the survey employ, on average, roughly 50,000 individuals, the report shows that 10,000 of them would sell their passwords, 32,500 use the same credentials across multiple apps, and nearly 17,000 share passwords with co-workers.

The 2016 Market Pulse Survey shows that one in three employees have purchased SaaS applications without their IT department’s knowledge, and a quarter of respondents admitted uploading sensitive information to cloud applications with the specific intent to share the files outside their company.

The main reason office workers chose to bypass IT when acquiring an SaaS application are the IT department’s tendency to overcomplicate things and slow down the process.

The survey has also highlighted the need to disable the accounts of former employees. More than 40 percent of respondents said they still had access to a variety of corporate accounts from their previous job.

While their poor security practices expose their organizations to data breaches, most employees are concerned about their personal information being shared, and 40 percent of them said they would stop doing business with a company that suffered a breach.

“This year’s Market Pulse Survey shines a light on the significant disconnect between how employees view their personal information and that of their employer, which could also include personal information of customers,” commented Kevin Cunningham, president and founder of SailPoint. “Today’s identity governance solutions can alleviate the challenge of remembering several passwords and automate IT controls and security policies, but it’s imperative that employees understand the implications of how they adhere to those policies. It only takes one entry point out of hundreds of millions in a single enterprise for a hacker to gain access and cause a lot of damage.”

Related: Breach Detection Time Improves, Destructive Attacks Rise - FireEye

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.