Workplace Issues

Employees Playing Fast and Loose with Passwords

A survey by SailPoint found that many would sell a password to an outsider for less than $1,000.
Katie Kuehner-HebertMarch 31, 2016
Employees Playing Fast and Loose with Passwords

More than a quarter (26%) of employees admitted to uploading sensitive information to cloud apps with the specific intent to share that data outside the company, according to a survey of 1,000 office workers at large organizations in the United States, the United Kingdom, Germany, France, the Netherlands, and Australia.

SailPoint’s annual Market Pulse Survey, conducted by research firm Vanson Bourne on behalf of the Austin, Texas-based identity and access management (IAM) provider, asked respondents how they viewed their individual role in IT security processes, and whether there were any improvements being made by their organizations to beef up practices in light of ever-changing security threats.

The survey found that 65% of respondents admitted to using a single password among applications, and one-third share passwords with their co-workers. One in five employees would sell their passwords to an outsider, and of those, 44% would do so for less than $1,000.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

One in three employees admitted to purchasing a SaaS application without IT’s knowledge, and more than 40% said they had access to a variety of corporate accounts after leaving their last job.

“Today’s identity governance solutions can alleviate the challenge of remembering several passwords and automate IT controls and security policies, but it’s imperative that employees understand the implications of how they adhere to those policies,” SailPoint’s president Kevin Cunningham said in a press release. “It only takes one entry point out of hundreds of millions in a single enterprise for a hacker to gain access and cause a lot of damage.”

Indeed, there’s been “a movement to kill the password,” and instead employ tighter security measures such as biometrics or passcodes sent to personal devices, which must then be entered into a login page, according to MarketWatch.

“Professors from Stanford University and George Washington University suggested last year that the government should help kill passwords by banning companies [from relying on them] exclusively, so as to hasten a technological evolution,” MarketWatch wrote.

Understanding Which ERP Modules Your Business Needs – And When