Dive Brief:
- One in five employees would sell the passwords they use at work to access employer networks if they were asked, according to a new survey from SailPoint Market Pulse, an identity and access management company.
- 44% of those who assented to selling their passwords would do it for $1,000 or less, the report reveals, while some would sell for less than $100. That statistic is particularly problematic, as 65% said they use a single password for all applications. The U.S. has the highest percentage of those who said they would sell their pass at 27%.
- For perspective: At a 50,000 person organization, these statistics mean 32,500 would share passwords between applications, 17,000 would share passwords with coworkers, and 10,000 would sell their passwords outright.
Dive Insight:
HR departments are a top security risk for many companies, according to research released last year. 54% of the workforce is in a position where they might cause an accidental security breach, while 5% are seen as having the potential to cause a malicious one, that data notes.
HR departments should educate their employees on data safety, particularly about phishing scams and password buying offers, and make their employees aware of the risks involved if they do sell their passwords, SHRM reports.
"Some people may think that they’ll sell their password today and then change it tomorrow and it’s fine," SailPoint President and founder Kevin Cunningham told SHRM. "The actual selling isn’t as much of an issue as the risk to information. When someone has those credentials, it can cause real damage—everything from identity theft to money stolen."
