Why Employees Are Often the Weakest Link in Enterprise Security Chain

Why Employees Are Often the Weakest Link in Enterprise Security Chain

By Don Reisinger

How Much Would You Sell a Password For?

While most IT decision-makers would like to believe their employees have a vested interest in keeping their workplace IT systems secure, the SailPoint survey showed that some employees would sell off their passwords for remarkably little. According to SailPoint, one in six employees say that they would sell their corporate passwords “for the right price.” Some respondents said that the price they’re seeking is as little as $150.

Password Sharing Remains a Common Occurrence

Don’t expect that your employees are actually keeping their log-in credentials private. In fact, 20 percent of respondents say that they often share their credentials with fellow employees, despite the fact that such a practice can cause all kinds of security problems in the office.

Password Reuse Is Still a Common Activity Despite Frequent Warnings

One of the cornerstones of enterprise password security is not to reuse passwords for multiple applications or computers. However, 56 percent of employees say that they often use their corporate credentials for other services they regularly use, including cloud applications like Dropbox and Google Drive.

It’s Essential to Require Regular Password Changes

If there’s anything that IT staff should do, it’s to force employees to change passwords from time to time. A surprisingly large number of employees—14 percent—say they use the same passwords across all applications and see no need to change them.

BYOD Does Have an Impact on IT Security

Those who don’t think the consumerization of IT is affecting them are in for a rude awakening. According to the data from SailPoint, 70 percent of employees use their personal mobile devices for work purposes. Furthermore, 63 percent of employees said they regularly use their own devices to access corporate data, creating a worrisome mix of personal and enterprise information all on the same device.

Corporate Data Is Leaking Out Through the Cloud

The cloud has become a real issue for IT. Despite many companies limiting which cloud services employees should use to share corporate information, 20 percent of workers say they employ unauthorized cloud services to send files to people outside the company.

IT Managers Are Kept in the Dark About Data Sharing

Keeping IT in the dark about data access and data sharing seems to be a corporate sport. Twenty percent of survey respondents who use cloud applications to share corporate data with others said they do it without telling IT about their activities. As far as they know, they’re sending corporate data through unauthorized channels without IT knowing the difference.

Corporate Data Monitoring Is Less Than Ideal

Corporate policies aimed at limiting the impact sharing sensitive data can have on a company are sorely lacking in the enterprise. Less than one-third of employees say that their companies have corporate policies in place that closely monitor how they share “mission-critical” data. In other words, the vast majority of companies aren’t closely monitoring how important information is being shared.

There Are Policies on Corporate Data Theft

While companies aren’t necessarily monitoring information the way they should, they at least have some policies that govern what to do if and when disaster strikes. According to SailPoint, 60 percent of the employees surveyed said they were aware of corporate policies that dictate what should happen if their companies fall victim to data theft.

The Risks Don’t Decrease When Employees Depart

Employees in the office might be scary enough, but the troubles don’t end after they leave. Two-thirds of employees say that even after they leave a company, they can access corporate cloud services, indicating that their accounts weren’t turned off. In addition, 25 percent of employees say that if they left a company, they would take corporate data with them.