Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Study Shows Almost 50% of Employees Access Ex-Employers Applications After Leaving

July 18, 2017

Dark Reading reported on a new study that should wake up a lot of businesses. Twenty percent of businesses have experienced data breaches from former employees according to OneLogin's new "Curse of the Ex-Employees" report. The data was assembled from 500 interviews among IT employees who are at least partially responsible for security and make decisions about hardware, software, and cloud-based services. Half of them say that ex-employee accounts are still active more than a day after the employee has left. What's worse is that 20% of the companies take longer than a month to disable the access.

Are you kidding me? Your termination process should include killing remote access to the account as a minimum. It may take a little bit of time to change the IDs and passwords if the employee was deeply engrained in the organization, especially if they are an IT employee. First off, you shouldn't be using ANY employee access credentials as a service account. Employee login credentials should not be tied to any critical processes so that you can kill access very quickly.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com