Many firms turn a blind eye to top data threat: ex-employees

Register now

Despite increasing cyber security awareness at companies of all sizes, many businesses are not doing enough to guard against security threats brought on by ex-employees, according to a new study from identity management provider OneLogin.

The company surveyed 500 U.S.-based IT decision makers, and 20 percent of the respondents said failure to deprovision employees from corporate applications has contributed to a data breach at their organization.

The research found that nearly half (48 percent) of respondents are aware of former employees who still have access to corporate applications, with 50 percent saying ex-employee’s accounts remain active once they have left the company for longer than a day.

One quarter (25 percent) of respondents take more than a week to deprovision a former employee and the same percentage said they don’t know how long accounts remain active once the employee has left the company.

The study finds close to half (44 percent) of respondents lack confidence that former employees have been removed from corporate networks at all.

“The bottom-line is that companies aren’t following very basic but essential security measures around employee provisioning and deprovisioning,” said Alvaro Hoyos, chief information security officer at OneLogin. “This should be a cause for concern among business leaders, especially considering how many data breaches are caused by ex-employees.”

For reprint and licensing requests for this article, click here.