Data Security and Ex-Employees
A new study has revealed that businesses are failing to block ex-employees from accessing the company’s data. More than 50 per cent of former employees can still get hold of information from organisational networks, even after they have left the corporation. It’s clear that business owners and leaders are not protecting vital and often confidential data. Such data security breaches by ex-employees have been experienced by almost one-quarter of UK businesses.
The study was undertaken by data management company OneLogin, which specialises in identity management, and responses were gathered from more than 600 influential business personnel with a remit for IT security. It emerged that many companies have flawed security systems and the vast majority are still using manual processes to change the provision for individual access to corporate data. In fact, 50 per cent of survey respondents admitted they were not using automated systems, and many said they were spending up to an hour on manual processes instead.
Does it matter?
An employee’s access to corporate applications should stop as soon as he or she leaves a business. That is because corporate data in the hands of a competitor or that is leaked can be damaging to both ongoing and future business. The fact is it’s possible to put in place relatively simple processes to protect confidential data. Unfortunately, many businesses seem to ignore the potential threat to data security, as well as brand image and revenue details. Instead, almost 30 per cent of former employees’ accounts are still active for at least a month after they depart. Remember that restricting access to data is just as important as restricting access to hazardous areas.
Unscrupulous ex-employees who still have access to your organisation’s corporate data are being handed the opportunity on a plate to exploit it. That is unnecessary, as there are a range of tools, such as automated ‘de-provisioning’, that will help you to block unwanted access easily and quickly. It’s within your power to monitor and manage employees’ and ex-employees’ use of corporate applications without resorting to manual processes.
You may also want to pause and think about your organisation’s policy regarding BYOD (bring your own device) to work. With the advent of cloud technology, businesses can now set up systems that make document and data accessible to employees working from home. This might well turn out to be a safer option, as long as the remote server is secure than allowing workers to bring their own laptops or other devices to the workplace.
Data protection legislation
In 2018, the European Union plans to introduce a General Data Protection Regulation (GDPR), which will make data protection by your business a legal requirement. Organisations could face fines of up to four per cent of their turnover or €20m (£18.1m), whichever is higher. Instead of risking a hefty fine, check out some of the Security Information and Event Manager (SIEM) software services and products. These deliver analyses of any security alerts that may be generated by intruders seeking access to applications or network hardware.