Everyone can picture that one “petty revenge” employee who should have been let go years earlier. But when they finally are given the boot, is their account properly locked afterwards. Half the time, a new study indicates, it is not. And according to 20 percent of the respondents in the study, that failure in handling an ex-employee wound up leading to a data breach at the organization in question.
Revenge of the Ex-Employee
The news comes from identity management provider OneLogin, which commissioned Arlington Research to run 500 online interviews on a nationally representative sample of experienced non-managers and above who work in their company’s IT department decision-makers for hardware, software and cloud-based services. Across the board, the issue of ex-employee accounts was a concern.
“According to 20 percent of the respondents,” the survey says, “failure to deprovision employees from corporate applications has contributed to a data breach at their organization. The research found that nearly half (48 percent) of respondents are aware of former employees who still have access to corporate applications, with 50 percent of IT decision-makers ex-employee’s accounts remaining active once they have left the company for longer than a day.
A quarter (25 percent) of respondents take more than a week to deprovision a former employee and a quarter (25 percent) don’t know how long accounts remain active once the employee has left the company.”
What to Do About It
IT employees need to be aware of this security problem and should respond by tightening protocols. As with many other security concerns, staying proactive is key to solving the problem.
“The bottom-line is that companies aren’t following very basic but essential security measures around employee provisioning and deprovisioning,” said Alvaro Hoyos, the chief information security officer at OneLogin, in the company's press release. “This should be a cause for concern among business leaders, especially considering how many data breaches are caused by ex-employees.”
Past studies have indicated that business leader remain unaware of the dangers they face: CEOs in particular, TechCo has reported in the past, are a problem: 75 percent admit that they “use applications and programs that are not approved by their IT department,” even while 91 percent acknowledge the security risk this poses.