Ex-Employees’ Access Can Leave Businesses Vulnerable

What does a typical person take with him when he leaves his job? A new report by Intermedia says that it’s not just their personal belongings, but also their official passwords, corporate social media login details, and confidential files stored in the cloud.


Photo: KieferPix / Shutterstock

These findings are revealed in the 2014 SMB Rogue Access Study by Intermedia. This report is based on the survey conducted by Osterman Research, and the study tries to quantify the extent of the rogue access problem faced by many companies. The findings present a wake-up call for businesses all over the world.

According to the survey, almost 89 percent of ex-employees were able to use their old login details to access applications like PayPal, Salesforce, Facebook, SharePoint, and Google Apps, and some of them could still open the company email.

Of all the surveyed employees, 45 percent agreed that this allows them to access and use confidential company data, and 25 percent said that they could use these details to open PayPal, leading to possible financial abuse.

Almost 45 percent of ex-employees said that they managed to log into their company accounts even after leaving their jobs, and 68 percent agreed that they had stored work-related documents in their personal cloud, making that data beyond the control of their IT departments.

Intermedia did not mention the number of people involved in the survey or their locations.

Michael Gold, the president of Intermedia, said, “Most small businesses think ‘IT security’ applies only to big businesses battling foreign hackers. This report should shock smaller businesses into realizing that they need to protect their leads databases, financial information and social reputation from human error as well as from malicious activity.”

These threats are created due to slack procedural and technical processes. In fact, as highlighted by the report, one of the major reasons of these risks is the lack of a formal offboarding process. Almost 60 percent of respondents confirmed that their companies did not ask for their cloud login details when they left.

Rogue access presents a number of risks – from compliance failures to lost data.

A disgruntled former employee can easily change the financial information in Quickbooks, steal money from the company’s PayPal, or post inappropriate comments on the company’s official social media channels. They can also delete important information from the company’s database.

Some actions can land the company in legal trouble. The most common risks that rogue access can cause are stolen secrets, lost data, regulatory compliance failures, data breaches, eDiscovery problems, self-offboarding gone wrong, out-and-out sabotage, and hacker field days.

According to the Labour Market Statistical Bulletin of UK, it was found that almost 116,000 people left their jobs from March to May 2014. If even a small percentage of them were involved in rogue access, it could mean a lot of data theft.

Michael Osterman, the president of Osterman Research, said, “People want to work at home. They want files available when they’re traveling. But when a company puts this functionality into place in an organic, uncoordinated way, there are real risks they may not have considered. This report provides direction for these companies to regain control over their cloud.”

The report also discussed the growing trend of BYOD (Bring Your Own Device) and its sequel, Bring Your Own App.

With this trend, employees are free to create project plans on Google Docs instead of their corporate Qualtrics accounts. This makes the team more productive; however, it also opens up large security holes. When employees store the official data in their own accounts, the IT department can never be sure of where the corporate data is kept.

The worst offenders in this problem are shared services and personal file syncing. If corporate documents are stored in personal Google Docs or Dropbox accounts, the company wouldn’t be able to secure or wipe them.

The report by Intermedia suggested three main solutions for the rogue access problem:

Strict access rules

Companies should have strict policies regarding data access and user management. They should also include a standardized offboarding protocol. Intermedia has created an offboarding checklist, which is free to download.

Business grade cloud storage

Businesses should offer corporate grade cloud storage that is user-friendly and easy to use. With such services, employees will be discouraged to use personal services that don’t offer the extra features, security, and control.

Single sign-on portals

Companies should provide SSOs (single sign-on portals) to their employees. These portals give each user a separate point to enter the cloud, making the IT processes much easier to manage and audit.

Security and simplicity are thus the keys to avoid issues when an employee leaves your company. Without the proper safety methods, rogue access can be a big problem.