Would you agree to sell your account password at home or at work? According to Investors Business Daily, 20% of you would based on a study by SailPoint which surveyed 1000 employees.To be fair, according to IBD, $82,000 was the average selling price although the lowest came in at just $55. This is a substantial increase over previous studies in the US and UK where people on the street were willing to give up their passwords for a candy bar or Starbucks card. Still, it is sobering as a business person to realize that 1 in 5 employees could potentially be bought, giving up their password to access business resources.
Even strong and complex passwords can be hacked by someone using brute force with enough time and computing power. But why would a hacker bother if 1 in 5 would agree to sell? Depending on what the employee had access to, even the high price of $82,000 might seem cheap for a much larger payoff.
According to the Social Security Administration, the average US wage is just over $46,000 so on average, an employee could nearly double his or her annual income simply by selling their password. Sobering isn’t it?
Two factor authentication is very inexpensive today and while not completely foolproof, can offer an extra layer of protection beyond a simple password. Small businesses can enjoy two factor authentication from companies such as Duo for as little as $1 per employee per month which is affordable for any business.
Would you spend $1 per month to protect your business from the 20% of rouge employees by adding an extra layer of protection in front of access to your critical assets?