A new study by OneLogin has revealed that a large proportion of businesses fail to adequately protect their networks from the potential threat posed by ex-employees.
The firm surveyed more than 600 IT decision-makers in the UK and found respondents were aware that over half (58%) of former employees are still able to access corporate networks even after they’ve left a company. This is particularly concerning when you consider that OneLogin also discovered that almost a quarter (24%) of UK companies have suffered data breaches by former members of staff.
The study highlighted flaws in the security processes implemented by organizations when an employee leaves too. Almost all (92%) of those polled admitted to spending up to an hour on manually deprovisioning past workers from every corporate application. Whilst 50% were not using automated deprovisioning technology to ensure an employee’s access to corporate applications stops the moment they leave the business – this could explain why over a quarter of ex-employee’s corporate accounts remain active for a month or more.
“Our study suggests that many businesses are burying their heads in the sand when it comes to this basic, but significant, threat to valuable data, revenue and brand image,” said Alvaro Hoyos, chief information security officer at OneLogin.
“With this in mind, businesses should proactively seek to close any open doors that could provide rogue ex-employees with opportunities to access and exploit corporate data. Tools such as automated de-provisioning and SIEM will help close those doors with ease and speed, while also enabling businesses to manage and monitor all use of corporate applications.”
Speaking to Infosecurity, Steve Durbin, managing director, Information Security Forum Limited, explained that companies are becoming increasingly more aware of the issue but face challenges when it comes to handling it, as it requires an approach that combines both process and people skills with technology as a back up to effectively manage.
“Content management, identity and access management systems all have a role to play in monitoring activity but cultivating a culture of trust is likely to be the single most valuable management step in safeguarding an organization’s information assets,” he added. “How you treat your employees while they are with you will determine their mind set and approach once they have decided to leave.”