Businesses need to be more efficient at dealing with ex-employee login details

A new piece of research has once again highlighted the dangers of employees leaving a company, and yet still having access to the firm's systems via their old password.

The survey, entitled State of the Corporate Perimeter and published by Centrify, encompassed 400 IT decision-makers in both the UK and the US, and found that 32 per cent of those in the UK said it would be "easy" for an ex-staff member to login to the company network with their old details.

That was at least better than the result in the US, where 53 per cent of respondents said it would be easy for an ex-employee to do so.

49 per cent indicated that employees or contractors who had left had their login removed on the same day, but half admitted that it can take up to a week or even longer to perform this task.

There's also the question of exactly how much access an employee might have to corporate data, with 40 per cent of the IT decision-makers who worked for larger companies (with 500 or more staff members), and 50 per cent of those who were employed by smaller firms saying that over 10 per cent of staff members have privileged access to data.

In other words, those employees could be able use their login to siphon off highly sensitive data after leaving the company, and indeed potentially be the cause of a major data breach.

As to the prevalence of security breaches, 45 per cent of firms in the UK, and 55 per cent in the US, admitted they’d suffered one in the past – and a quarter of businesses in the UK suspected that attempts had been made in the last week.

Barry Scott, CTO EMEA at Centrify, commented: “Giving employees elevated access to privileged accounts and the organisation’s most critical data, applications systems and network devices is essentially giving them the ‘keys to the kingdom’. It’s the equivalent of providing the front door key to your house – and you’d be very, very careful who you gave that to.

“The challenge is that modern enterprises have their infrastructure both on-premises and in the cloud, they have a mobile workforce and IT users may be their own employees, temporary contractors or from external companies.

“Privileged accounts are a very attractive target for hackers. It’s surprising that experienced IT decision makers like this are admitting that their organisations need to do a better job of monitoring who has access to their data, despite high profile incidents like Sony, JP Morgan and Target and the knowledge that breaches can potentially cost them millions of pounds.”