UK businesses risk cyberattack by leaving dormant accounts open

UK businesses are waiting too long before terminating dormant accounts, according to the latest research, leaving themselves at the risk of a cyberattack.

A YouGov poll found that while 58 per cent of IT decision makers at large businesses terminated employee accounts on or before the day of departure, 39 per cent took between a few days and a month before acting.

Read more: UK computer takeover scam preys on data breach fears

Terminating orphan accounts quickly is crucial, as it means that they cannot be used to instigate a cyberattack, whether that’s by a disgruntled former employee, a partner or hacker unconnected to the business. Broken down into more detail the YouGov results make worrying reading for UK businesses of all sizes.

24 per cent of large businesses terminated account access “a few days” after employee departure, five per cent waited a week, and eight per cent only prevented access after a month. Small and medium businesses are slower to react, on average, perhaps lacking a dedicated IT team to close dormant accounts. Just 56 per cent of medium-sized businesses closed accounts on or before the day of departure, while this figure falls to 32 per cent for small firms.

Thierry Bettini, director of international strategy at access management firm Ilex International, believes that acting swiftly is key, particularly with nearly a third of data breaches in 2014 were caused by employees, either accidentally or maliciously.

“Disgruntled employees or partners are unlikely to wait until a month after leaving to access confidential company information. Access is likely to be sought in a matter of days”, he said. “The findings highlight the importance of closing inactive accounts down straight away, rather than waiting around”.

Read more: Account management issues are putting businesses at risk

Given that many businesses are likely to take on temporary or contract workers over the Christmas period, businesses need to more stringent than ever regarding the closure of dormant accounts.