British businesses aren’t keeping themselves protected against data attacks, according to a new study. Identity management provider OneLogin has revealed that former employees are a major yet silent security risk, with many IT supervisors aware that ex-workers can still access the corporate network.
More than half of workers who leave a company don’t lose their login privileges, meaning that sensitive and private documents are under threat. 28% of all corporate accounts are still active for over a month after an employee leaves their firm and while this doesn’t mean all companies will suffer a data breach, around a quarter of UK businesses have admitted to being exploited by ex-employees.
“The sheer level of data breaches revealed by our study, coupled with the revelation that many businesses are failing to put simple processes in place to promptly deprovision ex-employees, should raise serious alarm bells for business leaders,” said Alvaro Hoyos, Chief Information Security Officer at OneLogin. “Our study suggests that many businesses are burying their heads in the sand when it comes to this basic, but significant, threat to valuable data, revenue and brand image.”
The European Union’s General Data Protection Regulation is expected to come into effect in 2018, which will not only make data protection a legal requirement for businesses, but also leave firms with fines of up to £17.5 million. A big problem for businesses, according to OneLogin, is that 50% of respondents admitted to not using automated systems to cut off ex-employees, leading to procedures taking up to an hour to effectively remove a user.
“Tools such as automated de-provisioning and SIEM (Security Information and Event Managers) will help close those doors with ease and speed, while also enabling businesses to manage and monitor all use of corporate applications,” continued Hoyos.
“The first step is acknowledging the problem, which businesses now have done by confessing they are aware of the issue, they now need to take steps to fix this issue by utilising the available tools.”