A surprising disconnect exists between employees’ growing concern over the security of their personal information and their attitudes toward data security practices in the workplace, according to a SailPoint survey of 1,000 office workers at large organizations worldwide.
The survey found that 85 percent of employees would react negatively if their personal information was breached by a company, yet these same employees are exposing their employers to the same data breaches through negligence and poor password hygiene.
Additionally, the survey highlighted an ongoing challenge for IT and security professionals, revealing that more than a quarter (26 percent) of employees admitted to uploading sensitive information to cloud apps with the specific intent to share that data outside the company.
"As recent data breach headlines show, insider access continues to be one of the most common and volatile causes of sensitive corporate data exposure," Juliette Rizkallah, chief marketing officer for SailPoint, told eWEEK. "It’s important that organizations and their employees understand how each digital identity creates a trail of access and therefore exposure points."
She noted a single identity could have thousands of access privileges across hundreds of applications and systems, with most applications requiring multiple levels of privileges to dictate what can be done with that access.
"This is why it’s critical that organizations have automated IT controls in place to govern that access according to the company’s policy," she said. "At the same time, ongoing employee education must take place to help them understand the role they play in protecting data."
Worryingly, one in five employees said they would sell their passwords to an outsider, and of those who would sell their passwords, 44 percent would do so for less than $1,000--up from one in seven who would sell a password a year ago, according to the report.
The majority of respondents (65 percent) admitted to using a single password among applications, and one-third share passwords with their co-workers.
In addition, one in three employees admitted to purchasing a SaaS application without IT’s knowledge--a 55 percent increase from last year’s report.
Perhaps even more alarming, more than 40 percent of respondents reported having access to a variety of corporate accounts after leaving their last job.
"The sheer volume of exposure points for a breach each individual identity has is single-handedly the largest employee-related threat to any company of any size," Rizkallah said. "Think of every password you have, every application you use, every drive you access – inside and outside the workplace – that grants you access to company data."
She explained each and every one of these constitute your digital identity and create another potential entry point for a breach, and even if the employee is well-meaning, their identity is being targeted by sophisticated hackers.