Search
Close this search box.

At mercy of data breaches from ex-employees

A new study reveals that a large proportion of businesses fail to adequately protect their networks from the potential threat posed by ex-employees. Comment from Alvaro Hoyos, Chief Information Security Officer at OneLogin.
Cryptocurrency

A new study reveals that a large proportion of businesses fail to adequately protect their networks from the potential threat posed by ex-employees. Comment from Alvaro Hoyos, Chief Information Security Officer at OneLogin.

The study by study by OneLogin, an identity management provider, disclosed that IT decision makers are aware that over half (58 percent) of former employees still can access the corporate network. Also, nearly a quarter (24 percent) of UK businesses have experienced data breaches by ex-employees. The study, which surveyed more than 600 UK-based IT decision-makers with influence over their business’s IT security, highlighted the flaws in the security processes within many companies. Nearly all (92 percent) of respondents admitted to spending up to an hour on manually deprovisioning former employees from every corporate application. Half (50 percent) of respondents are not using automated deprovisioning technology to ensure an employee’s access to corporate applications stops the moment they leave the business. This deprovisioning burden may explain why over a quarter (28 percent) of ex-employee’s corporate accounts remain active for a month or more.

Also, the study revealed 45 percent of businesses don’t use a Security Information and Event Manager (SIEM) to audit for application usage by former employees, leaving vital corporate data exposed to potential leaks. “The sheer level of data breaches revealed by our study, coupled with the revelation that many businesses are failing to put simple processes in place to promptly deprovision ex-employees, should raise serious alarm bells for business leaders,” said Alvaro Hoyos, Chief Information Security Officer at OneLogin. “Our study suggests that many businesses are burying their heads in the sand when it comes to this basic, but significant, threat to valuable data, revenue and brand image. There should be no excuse for this negligence, which will be brought further into the spotlight when the European Union’s General Data Protection Regulation (GDPR) comes into effect in 2018. GDPR makes data protection a legal requirement for organisations, which could face fines of up to €20 million or 4 percent of their annual turnover, depending on which is higher.”

“With this in mind, businesses should proactively seek to close any open doors that could provide rogue ex-employees with opportunities to access and exploit corporate data. Tools such as automated de-provisioning and SIEM will help close those doors with ease and speed, while also enabling businesses to manage and monitor all use of corporate applications. The first step is acknowledging the problem, which businesses now have done by confessing they are aware of the issue, they now need to take steps to fix this issue by utilising the available tools,” concludes Hoyos.

Read more

Latest News

Read More

A Four-Day Working Week in the Construction Industry?

29 March 2024

Newsletter

Receive the latest HR news and strategic content

Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

Latest HR Jobs

University of Warwick – WMGSalary: £23,144 to £25,138 per annum

The Open University – People ServicesSalary: £57,696 to £64,914 + up to £8,000 per annum MRP supplement*

Cardiff UniversitySalary: Competitive

University of Oxford – Oxford Department of International DevelopmentSalary: £28,759 to £33,966 (Grade 5)

Read the latest digital issue of theHRDIRECTOR for FREE

Read the latest digital issue of theHRDIRECTOR for FREE