While tools have been implemented to properly secure Secrets Management, our scans still come up with user ids and passwords stored out in various chats and collaboration tools. We have definitely noted an insider threat risk/issue, and see the way forward as: a) first violation - assign mandatory training/CBT and discussion with manager b) second violation - dismissal?
Our logic on leniency may be: if the stores are 2+years ago, there may be an argument that our organization lacked a fully fledged secrets management tool, or it wasn't effectively communicated. However, if a scan pulls it up from 2 days or 2 weeks ago, we'd have a hard time understanding why two enterprise solutions could not have been utilized.
What are other companies/organizations doing? Any recommendations on training, awareness and enforcement?