Would you sell your corporate passwords?

A group of people from around the world who participated in the 2016 Market Pulse Survey were asked that simple question. You might be surprised that 1 in 5 was willing to sell them, and an astonishing 44% would give them away for less than $1,000 (to be precise, 45% of German office workers, 50% French and 33% Dutch). And by passwords, I don’t mean those for their personal accounts, but corporate credentials.

Sharing passwords is still an ongoing trend

By selling these passwords, they leave an open door to a multitude of corporate accounts because 65% of workers use a single password across different applications (and this figure is higher for French workers, 73%, against 68% of Dutch and 53% of German employees), and 32% of them share it with co-workers. This is especially common behaviour when there is a single login access to an application or software shared among the team. It saves time and money, but it poses a serious security risk.

Corporate security vs personal security

Despite their careless attitude towards corporate data security, employees really care about the security of their own data stored by the company: 84% of them are very concerned their personal information is being shared by the company, and 85% would have a negative reaction in case of company data breach, including cutting off any relationship with the company. Why this misalignment between corporate and personal security? Because staff know the company has a security system in place that they consider a parachute for their misconduct. Why do they have to be vigilant if someone else will take care of security?

Align personal and corporate security

How can a company align its staff’s concern for personal security with that of the company? By investing in a staff awareness programme. When carried out effectively, a staff awareness programme:

  • helps companies identify potential security problems;
  • helps staff understand the consequences of poor information security;
  • ensures procedures are followed consistently;
  • ensures requirements are understood.

There are multiple approaches to learning, but the most cost-effective and flexible for non-technical staff of any level is e-learning. Our latest course, Information Security & ISO27001 Staff Awareness, is what you need. It is accessible from anywhere (you only need an Internet connection) and at any time. Through consistent teaching and documentation, employees are able to take the course at their own pace and they will be impartially assessed with a final test that they can retake until they are satisfied with the grade (and you will know at what stage of the course each of them are).

Contact us on or email us if you are interested in our Information Security & ISO27001 Staff Awareness E-Learning Course or to book a demonstration.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.