Sailpoint recently released its 2016 Market Pulse Survey, which examined employees’ roles in IT security. The results should terrify employers. The report can be downloaded here.

This report echos a theme I’ve been repeating here often: employees can be the biggest threat to your trade secrets. Consider the following findings:

• 65% of respondents admitted using a single password across applications
• One in three shared passwords with co-workers
• More than 40% still had access to corporate network accounts from their prior job

And most disturbing:

• 20% worldwide, and 27% in the U.S., would sell their corporate password to an outsider, often for less than $1,000
• 26% admitted uploading sensitive information to the cloud with the intent to share outside the company

Some of these issues can be addressed through proper training regarding password hygiene and protection of proprietary information. But it’s more difficult to address malicious insiders who want to sell access to your system or disclose your trade secrets.

The malicious-insider problem requires proactive thinking. Consult with your IT team or an outside expert to implement solutions that monitor system usage and alert to irregular activity. Work with HR and management to identify employees who are dissatisfied with their jobs, or otherwise showing signs of higher risk. And make sure that each employee only has access to the proprietary information necessary for that employee’s job.

Also, restrictive covenants and non-disclosure agreements can both deter this type of wrongdoing and allow for more effective enforcement if misappropriation occurs. Consult with an attorney who specializes in trade-secrets law to determine what types of contracts and other legal protections are best suited to protect your company.