Why it’s vital to update your passwords for employee offboarding
Here’s a worrying statistic taken from an Intermedia report: nine out of 10 employees who leave companies still retain password for corporate applications, ranging from Facebook to Salesforce and PayPal.
It’s part of the circle of life. Plenty of stories like this hit the Enterprise AppsTech news desk (well, inbox), they duly get reported on, but seemingly nothing happens, as security firms continue to commission scaremongering surveys, the results of which get emailed to hard-working industry reporters, and the circle of life continues.
Well, see this as a call to action. If an employee leaves the company, of their own accord or not, always update your passwords. Social media, CRM tools, payment processing, you name it, you refresh it. The consequences could be damaging.
In 2012, data recovery firm Kroll Ontrack released a humorous list of fails and disasters from stories relayed to the company’s engineers during the course of the year. From a woman who accidentally gave her hard drive a spin in the washing machine to an oil rig worker whose iPad fell into the sea, the hard luck stories mostly caused merriment – except one.
A US employee who had just been fired from his job went to his nearest fast food restaurant, logged into the company’s Wi-Fi network which was both in range and still available to him, and began to delete every bit of company data he could. In this case, revenge was a dish best served with extra fries.
Kroll Ontrack was able to recover the data, and this case is admittedly an extreme example. But it seems lessons haven’t been learned.
Perhaps a few more stats from the Intermedia report will hammer the point home. Half of employees (49%) logged into a company account after they left the company. A similar number (45%) retained access to “confidential” or “highly confidential” data. Almost two thirds (60%) of employees were not asked for their cloud logins when they left their companies.
According to Intermedia, cloudy passwords are often forgotten about.
“In many companies, the responsibility for provisioning apps falls to different departments: email is provisioned by IT, payroll apps are provisioned by HR, and line-of-business apps are provisioned by department managers,” they wrote.
“With this approach, there is no clear responsibility for decommissioning and deprovisioning. The result: rampant rogue access.”
Sometimes it’s the employee who is partially at fault. Two thirds of employees (68%) surveyed admitted they stored work files in personal cloud storage. This sounds like the IT department and the CIO’s worst nightmare rolled into one once an employee leaves, but what’s the solution?
Prevention is better than cure. And even the most conscientious workers could get it wrong. “A well-intentioned employee could spend their last day deleting files or cancelling cloud accounts – and unwittingly destroy the value of all the work he or she did for you,” the report warns.
Intermedia has three pieces of advice for worried firms. Implement rigorous access management and IT offboarding processes; utilise a single sign-on portal to manage and control access; and deploy a cloud storage solution that’s more attractive than the current alternatives.
The last tip sounds pretty hard to implement, but the corporate file-sharing solution has to be so simple it hurts, according to Intermedia. “Users want to access and share their files across multiple devices and collaborators,” the report states. “Personal services like Dropbox and Google Docs make that absolutely simple.
“If your corporate tools require even marginally more effort – even if it’s just logging in to the VPN – then people will naturally gravitate to the simpler solution.”
Simplicity and security is therefore the key to avoid issues when employees leave your firm. Otherwise, just hope your office isn’t near a fast food store.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » Myth-busting mobile in the enterprise: Combining speed with sustainability in device rollout
- » More tales of woe for enterprise network security, report warns
- » How Walmart – among others – fell victim to recent customer phishing scams
- » Security executives want to push forward a password-free future, finds MobileIron
- » How the top PAM-mature enterprises are thwarting privileged credential breaches