New research published by IS Decisions this week suggests that more than a third of former employees still have access to company data and/or systems after they have left an organisation with nearly 10% of employees polled admitting they had used their access/data rights after they had left an employer.
The finding of the report suggest that to many businesses have a culture of “out of sight, out of mind” where employee data access is concerned – a worrying trend given such attitudes can drastically increase the scope for data loss.
The report makes five main recommendations, including better education on security among management; restricting concurrent access to systems; considering harsh penalties for transgressions; restricting network access to departments at certain times; and making the process of securely delegating work (and access to systems) a lot easier.
While these recommendations will certainly help tackle the issue we believe that it should also include an effective DLP strategy that covers not only types of data and where it is stored, but also which employees have permission to access it, from new joiners to contractors and those leaving the company. Organisations should be conducting regular audits to maintain best practice, and where applicable, revoke employee access. The potential risks that organisations expose themselves to by not considering employee permissions and access points can’t be understated – and neglecting to deploy vigilant post-termination processes can leave companies wide open.