Friday afternoon, you shake your colleague’s hand one last time as they walk out the door, and with their exit, they transition from colleague to ex-colleague. The ex-employee has severed their relationship with the company – or have they?
A recent survey conducted by One Login shows us the gap between intent and action remains wide for many when it comes to removing former employees from the company’s network. For the survey, they interviewed 500 US-based IT department employees (who were non-managers) with “responsibility for the creation and deletion of employee logins in-house, and either manages logins, or is responsible for their creation”.
What they found surprises few of us. A full 48% of the respondents “are aware” of ex-employees who retain access to the corporate infrastructure or portions of it after they have left. Some for a day, others for a week, and, according to One Login, the longest period between departure and removal of access identified to them by a respondent was “months”.
Why should you care?
While the vast majority of ex-employees move on and never look back, there is an active minority who do reach back into their former place of work and wreak havoc.
This was the case of Navarro Security who had one of its former employees, using off-the-shelf tools, destroy their company files, redirect the company website to a competitor, and sow doubt among customers and colleagues.
Then there was the tale of the Dutch developer who maintained administrative access to his clients e-commerce websites, long after this contract work was concluded. Yes, his clients failed to remove him from access, which he used the access to install back doors and harvest data. He successfully compromised 20,000 email accounts of both individuals and companies.
Or the case of Verelox, who had an ex-IT admin reached in and caused the Dutch hosting company many moments of high anxiety. It appeared he had destroyed data and cleaned servers (apparently backups saved the company that day).
And the icing on the cake? The survey showed a full 20% of the respondents have experienced data breaches by ex-employees.
How does this happen?
Manual deprovisioning isn’t easy. Sometimes it can take up to an hour to conclude (70%), and the longer an employee has been with an organization, the harder it becomes to remove all the corporate access (66%). This investment of time and energy required for deprovisioning provides us with ample incentive to bring automation to the task.
We read with regularity how far too many companies have seen employees harvest intellectual property before they leave to take with them for their next gig. Why make it easy for them to reach back in and get what they forgot? Timely deprovisioning is key.
In a perfect world, centralized credential authority for employee access would be in place, with the ability to instantaneously terminate an individual’s access with the push of the big red button. Companies small and large benefit from having an SIEM (security information and event management) solution in place to show when that ex-employee attempts to return. No company is immune, as size has not role in the world access control.