Businesses leave themselves open to potential data breaches through their ex-employees by failing to disable their access to the corporate network, according to a new study by OneLogin.
Over half (58%) of ex-employees are still able to access all corporate applications after leaving the business.
Furthermore, this is a proven risk, with 24% of businesses being subject to data breaches carried out by former employees.
The UK-based report, based on responses from more than 600 IT decision-makers, revealed that half these respondents were not using automated deprovisioning technology to disable employees’ access.
The fact that the majority (92%) of businesses attempt to manually sever access may explain why a month after leaving the business, 28% of employees are still able to log onto corporate applications.
Alvaro Hoyos, chief information security officer at OneLogin, said: “Our study suggests that many businesses are burying their heads in the sand when it comes to this basic, but significant, threat to valuable data, revenue and brand image.”
This study follows OneLogin’s recent acknowledgement that it is unable to guarantee the security of encrypted data compromised by a cybercriminal, with regard to the security incident on May 31.
The report stated: “We know that a threat actor used one of our AWS keys to gain access to our AWS platform”, and made reference to an “ongoing investigation” with “an independent security firm to determine how the unauthorized access happened”.
Hoyos suggested that the upcoming General Data Protection Regulation (GDPR) might put the necessary pressure on businesses, stating: “With [GDPR] in mind, businesses should proactively seek to close any open doors that could provide rogue ex-employees with opportunities to access and exploit corporate data.
“The first step is acknowledging the problem, which businesses now have done by confessing they are aware of the issue. They now need to take steps to fix this issue by utilising the available tools”.
