A new report from Intermedia and Osterman Research found a disturbing set of trends: 89 per cent of employees retained passwords after they left work, and a substantial number used them for accessing company files, reputation and even money.
They found 45 per cent retained access to confidential or highly confidential files, as recorded in a survey; 68 per cent were storing workfiles in personal storage websites – and 24 per cent still have access to the company’s Paypal account, though there was no figure on how many might still use it.
While this presents obvious risk in the form of theft of data and actual money, there is also the potential for naive file deletion from employers, or even intentional from disgruntled redundancies. Ex-employees are also very likely to place less security over their passwords than a company might, and thus this important passwords are more vulnerable to hackers.
“If an employee stores sensitive or confidential data in personal Dropbox or Google Drive accounts, then this data is potentially accessible by outsiders the day the person becomes an ‘ex-employee’,” says Michael Osterman, president of Osterman Research. “In many cases, this runs afoul of data breach notification laws.”
Intermedia, a cloud services provider, suggests that passwords be taken from employees during an exit interview and then changed for the relevant accounts.
Businesses can also implement rigorous access management and IT offboarding processes, and utilise a single sign-in procedure to cut down time spent offboarding and employee.
Share this story