A new survey amongst IT decision makers in UK businesses with one thousand or more employees reveals that 49 per cent of respondents admit to retaining access to their employer’s network, often for many months after leaving the company.
The survey commissioned by Protected Networks, highlights the poor track record of businesses in removing access rights for employees that have left the business. The survey finds that three quarters of the 49 per cent who retained access, had used their permissions to access their former employer’s network – some admitting to doing so on multiple occasions and for up to a year.
The relaxed attitude of businesses to closing off network access to former IT employees is further evidenced by the fact that just 57 per cent of businesses that noticed the fact still failed to remove access rights.
Keith Maskell, Country Manager at Protected Networks commented: “The findings reveal an astonishingly liberal attitude of UK businesses to managing access to data on the corporate network, particularly if we bear in mind that this may potentially include granting access to valuable data like intellectual property, credit card data or sensitive private data about employees or clients”. He added: “Perhaps in some cases companies do not consider that their ex-employees are a threat, or administration staff are too overloaded to make systems changes on time, but in fact this common failure to remove data access rights creates a serious security vulnerability that can be exploited later by hackers, if not by the ex-employees themselves”.
65 per cent of those with access to their former employer’s network retained access at a ‘user’ level whilst 22 per cent held ‘administrator’ level access rights, giving them the ability to control or escalate access to network resources for both themselves and others. A convincing majority (83 per cent) of IT respondents to the survey agreed that network access rights should be easier to manage and better monitored (80 per cent) and 76 per cent said that that network access rights should be given a higher priority and focus of attention.
According to Maskell: “The findings bear out the evidence we see on a daily basis of back doors being left open to ex-employees, or to employees who have moved on to new projects. The main reasons for this common failure are the very significant time, cost and resources required to manage complex access permissions structures.
Legislation like PCI DSS has for some time now highlighted the need for close controls, but the substantial fines being levied by the EU Data Protection Regulations for the loss of personally identifiable data is likely to make this an even bigger priority for companies in the future.”
Image source: Shutterstock/Arcady