Sign up for our newsletter
Technology / Cybersecurity

Insider threat: 20% of office workers would sell corporate passwords to third parties

Employees are increasingly creating security risks in their organisations, both deliberately and through negligence.

65 percent of office workers use a single password among applications, according to a survey commissioned by SailPoint. The survey also found that a third of employees shared passwords with co-workers.

Perhaps most worryingly, however, the survey revealed that nearly one in five employees would sell passwords to an outsider, while 26 percent admitted to uploading sensitive information to cloud apps with the aim of sharing it outside the company.

These figures, from the 2016 Market Pulse report, showed that many of these risks were increasing.

White papers from our partners

Last year, one in seven respondents was willing to sell their passwords to a third party while 20 percent shared passwords with co-workers and 56 percent shared passwords among applications.

Specifically in the UK, 16 percent of respondents would sell their passwords, while 56 percent would sell their passwords for £700 or below.

Globally, 42 percent of respondents were able to access corporate accounts and data after termination, or 39 percent in the UK.

These are not simply hypothetical threats. Recently, a former Ofcom employee gave a large amount of sensitive data from the regulator to his new employer, in the largest breach in the company’s history.

The Guardian report said that as much as six years of data that submitted to the regulator by broadcasters was downloaded. The new employer, said to be a major broadcaster, was offered this information but instead disclosed Ofcom to the theft.

The breach reveals that it is not just the company hit by the breach that can be damaged by hacks; it could also impact third parties with information stored there.

SailPoint argued that the solution was to make employees "shepherds" of corporate data.

"Just as organisations need to be committed to ensuring the proper security policies and IT controls are in place, it’s imperative that employees understand the implications of how they practice those policies," the report said.

The survey, conducted by Vanson Bourne, surveyed 1000 office workers across the United Kingdom, the United States, Germany, France, the Netherlands and Australia.
This article is from the CBROnline archive: some formatting and images may not be present.