A Third of Ex-Employees Accessing Company Data

Our latest research which surveyed 2,000 desk-based workers in the UK and US reveals at least one in three ex-employees are left with access to systems or data after leaving a company.

This finding explored in the report, ‘From Brutus to Snowden: a study of insider threat personas‘ highlights how employees in two of the world’s largest markets are being left with open access to confidential data long after departing.

Understanding your employees attitudes and behavior.

One of the most important steps of tackling internal security is understanding your own users, and their attitudes and behavior, in order to know the risks and mitigate against them.

This is what our report sets out to help you with. It helps you understand the different perceptions, attitudes and behavior that exist with regards to security in the workplace.

To build up a picture of this security risk from former employees, meet Mark, an ex-employee.

ex-employees accessing company data

A lawyer at a major management consultancy, Mark is relatively new to the job. He worked at another consultancy up until a couple of months ago, and it was only a couple of weeks ago that his remote access to that company’s network was cut off.

Most of what he copied over onto his Dropbox folder was fairly innocuous; document templates and things to help him in the new job. He did grab some of the former consultancy’s client contracts though, thinking his new employers might find them of interest. And a few interesting HR files on his former manager, which he didn’t really intend to do anything with at the moment. But if the will took him, he might do.

He’s not hugely more considerate of his new employer’s security, their restrictive system making remote working difficult, so he’s already given his password to his colleague Rhea in case he needs her to email him files when he’s out of the office.

Ex-employees access and the insider threat

The number of internal security breaches that IT professionals are aware of occurring in their business is shocking, but these findings suggest that they may not even be the complete picture.

The fact is that an ex-employee is more likely to have incentive to put this access to malicious use. Former employees are probably the greatest insider threat, yet the easiest to address; just make changing passwords and deactivating accounts a part of the termination process.

However business it seems are failing to do this, and worse still businesses in the industries you would most expect this to be standard procedure, IT and HR, are failing even more than the rest.

Eliminate potential methods of access after termination

From a review of 46 cases from the CERT Insider Threat Database, eliminating potential methods of access after termination was identified as one of four mitigation patterns of insider threat sabotage. It suggests that security breaches could have been prevented, detected earlier or responded to more effectively if the suggested solutions were implemented within an organization.

CERT case data indicates that many insiders who commit insider IT sabotage do so because of prior disgruntlement or because of their job termination. This kind of attack should not be possible if standard termination procedures are followed, since all of the insider’s system access should be closed off.


Download the report to find out more about what the reality of internal security breaches looks like and follow 5 steps to alter user behavior.

Download the Free Report Now

Share this post :


Chris Bunn is the Directeur Général Adjoint of IS Decisions, a global cybersecurity software company, specializing in access management and multi-factor authentication for Microsoft Active Directory environments and the cloud.