Employees share passwords: here’s what that means for your business

Sometimes employees feel they need to supplement their income, and a surprising few will even go as far as sell company secrets to do so.

One in five employees say they would sell a company password to a third party, according to a recent survey. It’s an alarming number for employers. Here is a look at the survey’s findings, what they mean for businesses and what businesses can do to protect their privacy.

Password management risks

A recent survey commissioned by identity management company SailPoint and conducted by market research company VansonBourne found a number of startling tidbits that should get business owners thinking about privacy and security.

Among the findings: one in four respondents said they would sell their work passwords to a third party, and 44% would do so for less than US$1000.

Further findings show that employees generally aren’t vigilant with their passwords, a fact which could also pose risks to businesses. For example, 65% said they use a single password among applications, and one-third share passwords with co-workers.

What it means for your business

The obvious takeaway for businesses is that policies regarding password security should be revisited and tweaked where needed. But this stems beyond current employees — the survey found that 40% of respondents had access to corporate accounts even after leaving their last job.

Challenges for businesses include identifying and dealing with potentially disgruntled employees, and doing the same with those who aren’t necessarily disgruntled but simply careless or under-informed.

It may seem routine or mundane, but dealing with password security is the key to keeping a businesses’ private data safe and secure.

Here’s what businesses can do

Here are five tips businesses can remember to help ensure their passwords aren’t breached.

Never stop training

Constant training can be tedious for employees, so one good way to go about this is to explain the personal benefits of practicing network security. In addition to initial security training for new hires, companies should consider ongoing training and constant reminders of things such as changing or strengthening passwords.

Don’t forget about mobile

Most people have personal smartphones, and many are also issued smartphones by their companies. While the ability to keep employees connected constantly has no doubt helped productivity and communication, more devices also means more potential security breaches. In fact, an all-lowercase six-character password can be cracked in 10-minutes. Employers should make sure workers take smartphone security seriously.

Assess potential risks

Some companies don’t worry about the possibility of security issues, but rather react when an issue arises. If employers understand that their company will likely deal with security issues at some point, the employee’s prerogative will be to the potential fallout. One of the best ways to do this is to plan for security, starting with a complete risk assessment. This can help businesses develop policies that address specific risks they might face.

Prepare a response

Once all of the potential risks are assessed, companies can then plan a response. Many companies can set up an automated security incident response which collects alert data, analyzes it, and triggers an automatic process if appropriate.

Preach password protection

One way to make sure passwords aren’t sold or shared regularly is to implement a policy that continually strengthens employees’ passwords. This could include encouraging employees to change passwords at least every 90 days, and to never reuse a password. Generally, passwords should always be at least eight-characters long and include a mix of uppercase and lowercase letters along with numbers and special characters.

As the survey indicates, password security is a major and growing concern for businesses. Following these tips can help educate employees and decrease the risk of a security breach.

Feature image: Negative Space



Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.