Despite the assumption of corporate loyalty, employees don’t assume responsibility for protecting the integrity of corporate security processes. Nearly one in five employees would sell their passwords to an outsider.
According to SailPoint’s annual Market Pulse Survey, a surprising disconnect exists between employees’ growing concern over the security of their personal information and their attitudes toward data security practices in the workplace.
For instance, of those who would sell their passwords, 56% would do so for less than $1,000.
And, unintentionally poor password hygiene continues to plague enterprises. The majority of respondents (63%) admitted to using a single password among applications, and 28% share passwords with their co-workers.
“The survey found that 87% of employees would react negatively if their personal information was breached by a company,” the report noted. “Yet these same employees are exposing their employers to the same data breaches through negligence and poor password hygiene.”
Additionally, the survey highlights an ongoing challenge for IT and security professionals: 26% of employees admitted to uploading sensitive information to cloud apps with the specific intent to share that data outside the company. And, one in three employees admitted to purchasing a SaaS application without IT’s knowledge.
And, perhaps the most alarming finding is that more than 39% of respondents reported having access to a variety of corporate accounts after leaving their last job.
“This year’s Market Pulse Survey shines a light on the significant disconnect between how employees view their personal information and that of their employer, which could also include personal information of customers,” said Kevin Cunningham, president and founder of SailPoint. “Today’s identity governance solutions can alleviate the challenge of remembering several passwords and automate IT controls and security policies, but it’s imperative that employees understand the implications of how they adhere to those policies. It only takes one entry point out of hundreds of millions in a single enterprise for a hacker to gain access and cause a lot of damage.”
Photo © alice-photo