A recent report from UK fraud prevention service Cifas reveals that 13% of UK employees - around one in eight - have either sold their company login details to a former colleague, or know someone who has, in the past 12 months.
► Selling on logon details is increasingly ‘becoming normalised’
► Highlights the need for strong identity, access, and governance controls
The Workplace Fraud Trends report also found that 13% of workers believe selling access to company systems is ‘justifiable’, although 75% said the behaviour was completely unjustified. Among senior leaders, attitudes were more concerning. Almost one third of senior manager (32%) and over a third of directors (36%) said the behaviour was justifiable. The figure rose to 43% among C-Suite executives and 81% for business owners.
While alarming, the findings underline critical importance of multi-factor authentication, continuous monitoring for suspicious activity, and clearly defined security polices to reduce insider risk.
Commenting on the findings, Joby Carpenter, fraud and emerging threats lead at the anti-financial crime company, ACAMS, said: ‘These findings point to an unsettling reality: for a meaningful minority of staff, selling company logins is no longer beyond the line – and that should concern every employer. Cifas’ survey suggests insider risk is not only persistent, but in some settings it’s becoming normalised. For firms, this underlines the need to treat insider threat as a core fraud and financial crime issue, supported by strong culture, proportionate controls, targeted training, and effective access governance.’
TD SYNNEX’s security practice offers a wide range of solutions and services that enable Partners to deliver multi-layered protection, alongside training and security policy management, helping customers reduce risk and strengthen their overall security posture.
