More than a quarter (26%) of employees surveyed admitted to uploading proprietary or sensitive company data to a location in the cloud, specifically for the purpose of sharing that data with parties outside the company. More than a third admitted to buying a SaaS (Software as A Service) without the IT department’s knowledge.
Well over half (63%) of employees admitted to using poor password conventions, using the same password across multiple secure applications, and nearly a third (28%) admitted to sharing those passwords with their co-workers.
Those statistics aren’t good by any stretch, but as bad as they are, they don’t represent the worst findings of the survey. In fact, it’s hard to say which of the following is the worst: the fact that 39% of employees report to still having access to a variety of corporate accounts after leaving the job, or the fact that a staggering 56% of employees surveyed admitted that they would sell company passwords for less than a thousand dollars.
Think about that last statistic for just a moment. A robust, top of the line data security system can easily cost your company tens of thousands of dollars. It can be undone by a single employee who’s willing to sell his password for less than a thousand bucks. This represents asymmetrical warfare at its finest, and is one of the biggest reasons why enterprise IT struggles to keep pace with the hacking community. It is simply easier (and cheaper) to destroy than it is to create.
This is not at all to suggest that it’s not worth the fight, but rather, to point out the daunting challenges that lie before you.