Poor password hygiene and negligence continue to plague the enterprise, with the majority of business users (65 percent) admitting to using a single password among applications, according to a SailPoint survey.
The survey was conducted by Vanson Bourne, an independent research firm, which interviewed 1,000 office workers at private organizations with at least 1,000 employees across Australia, France, Germany, the Netherlands, the United Kingdom, and the United States.
The study revealed one-third of respondents share passwords with their co-workers and one in five employees would sell their passwords to an outsider.
Additionally, one in three employees admitted to purchasing a SaaS application without IT’s knowledge--a 55 percent increase from last year’s report, and more than 40 percent of respondents reported having access to a variety of corporate accounts after leaving their last job.
Half of respondents who purchased a SaaS app without involving IT did it simply because it was faster, while 40 percent stated that IT adds too much process, and 21 percent said they believed that IT over-complicates simple purchases.
More than a quarter (26 percent) of employees admitted to uploading sensitive information to cloud apps with the specific intent to share that data outside the company.
The survey also found one-third of respondents have been impacted on a personal level by recent data breaches.
The vast majority (85 percent) of employees said they would react negatively if their personal information was breached by a company, and 84 percent of respondents are concerned that extremely sensitive information about them is being shared.
"These results underscore that there is a disconnect for employees: while data breaches in and of themselves are affecting them personally, these same employees may be causing potential security breaches with poor password hygiene and circumvention of the IT department," the report noted.
This year, the survey found that one in five respondents would sell their passwords to a third-party organization and a staggering 44 percent of them would do it for less than $1,000.
Even more concerning was the finding that some respondents said they would sell their corporate credentials for less than $100.
"It’s not just employees that are posing security risks for the organizations, however," the report warned. "Proper password policies and automated on- and off-boarding procedures can help to mitigate some of the security risks that come from provisioning and application usage. Unfortunately, our survey found that in a large portion of organizations, this simply isn’t happening."