- A fifth of workers have sold company information in exchange for money.
- Many also use company money for fraudulent activities.
- Training is not enough: protections must be implemented
New research from Cifas aims to quantify insider threats by highlighting how normalized workplace fraud has become, including the sale of confidential company data for money.
One in five (18%) admit to having sold company login credentials for money, which could be the riskiest behavior seen by the company and proof that cyber protection against external attacks alone is no longer enough.
But selling company information is not the only risk, as workers are also likely to engage in other dubious activities that could cost companies money and security.
Internal fraud is a growing risk for companies
About a quarter believe it is acceptable to work for another competing company secretly (24%) and believe expense fraud is justifiable (24%), and 13% know someone who has used company funds for gambling or betting.
In fact, entering a company can often be favored in an immoral way: around a fifth (19%) know someone who has used false job references to get hired.
“These findings are not isolated incidents,” explained CEO Mike Haley. “They reflect a broader change in workplace behaviors when faced with the opportunity to commit fraud.”
Cifas highlighted the importance of employee wellbeing and company culture to eliminate fraud and instil loyalty. “Giving them the right training not only strengthens organizational resilience, but also allows people to recognize and challenge risky behaviors before they escalate,” explained Director of Learning and Public Sector, Rachael Tiffen.
While training can go some way to sharing risks with workers, companies must also take some responsibility by employing insider threat monitoring, stronger identity verification, and stronger background checks.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
