UK SMBs Failing to Manage Ex-Employee Risk

The vast majority of SMB employees hang onto log-in credentials for key business applications after they leave, or are allowed to store work files in personal cloud storage accounts, making them difficult to retrieve, according to a new study.

Osterman Research interviewed hundreds of UK knowledge workers to compile the 2014 Intermedia SMB Rogue Access Study.

It found that 89% of SMB staff maintain access to sensitive corporate apps like Salesforce or SharePoint; 45% retain access to “confidential” or “highly confidential” data; and 68% store work files in private cloud accounts.

A further 60% said they were not asked for their cloud log-ins on leaving the company.

What’s more, the risk of corporate data being exposed to former employees is not just theoretical. The research revealed that 49% of respondents logged into a work account after leaving.

Apart from the risk of sensitive customer data or corporate IP being leaked to a competitor, the research also shows many SMBs are failing on regulatory compliance.

There’s also a risk of former employees deleting vital information stored in their personal accounts once they leave – either accidentally or deliberately – or exposing data if they’re hacked, said Intermedia.

The firm’s three point plan to mitigate these risks involves firstly implementing detailed access management policies and a rigorous system of checks for leaving employees.

Intermedia also urged SMBs to invest in corporate cloud storage services which are more user friendly, so that employees don’t feel the need to resort to personal accounts.

Finally, the vendor suggested a single-sign on portal for access to all apps would help firms better manage employee access.

Some 116,000 Brits were made redundant from March-May 2014, according to the Office of National Statistics, highlighting the potential scale of the problem.

For those who managed their log-ins through online service LastPass there was bad news on Tuesday when the platform went down for much of the day.

LastPass claimed the incident was caused by a faulty datacenter, but experts argued that the outage highlights the need for firms to do their due diligence on cloud providers, and to have a back-up plan in the event of failure.

What’s Hot on Infosecurity Magazine?