Ex-Employees Leaving with the Keys to Company Data
In July 2014 alone, 940,000 people in the Professional and Business Services industry left their jobs, according to the Bureau of Labor Statistics. The question is: How much power and access do those people still have over company data?
A study from Intermedia and Osterman Research found that 89 percent of former employees retained access (i.e. valid login and password) to sensitive corporate applications such as Salesforce, PayPal, and email, and 45 percent retained access to “confidential” or even “highly confidential” data after leaving the company. Almost half had logged into a company account after departing.
The problem is, the report notes, there is often no clear responsibility for decommissioning and deprovisioning access. Email might be overseen by IT, while payroll apps reside in HR and business apps are provisioned by department managers. Sixty percent of respondents were not asked for their cloud logins prior to leaving their former companies, possibly because no one knew which department should ask.
Rogue access also creates loopholes through which data can escape an enterprise, possibly fostering legal quagmires, including trying to track down sensitive information on employees’ or former employees’ personal devices in order to fulfill an eDiscovery request. Consider that 68 percent of former employees surveyed stored work files in personal cloud storage, and 88 percent retained access to the file sharing services they used at their old job.
The report suggests that enterprises implement rigorous access management and IT offboarding processes; deploying a cloud storage service that is easier and more useful than vulnerable third-party solutions; and utilize single sign-on portals to manage access.