IS Decisions logo

IS Decisions Blog

Do your ex-employees still have access to company data?

Ex-employees often have open access to confidential data, long after they leave the company. That's a problem. Here's why, and how to fix it.

Updated November 1, 2023

Several years ago, we surveyed 2,000 desk-based workers in the U.K and the U.S. The results brought to light common insider threat scenarios. For example, at the time, we found that at least one in three ex-employees still have access to systems or data after they leave.

As recently as 2022, it looks like this figure unfortunately hasn't changed. This is a major security gap. Here's what to do to fix it.

Understanding your employees attitudes and behavior.

One of the most important steps of tackling internal security is understanding your own users, and their attitudes and behavior, in order to know the risks and mitigate against them.

This is what our report sets out to help you with. It helps you understand the different perceptions, attitudes and behavior that exist with regards to security in the workplace.

To build up a picture of this security risk from former employees, meet Mark, an ex-employee.

Ex-employee accessing company data

A lawyer at a major management consultancy, Mark is relatively new to the job. He worked at another consultancy up until a couple of months ago, and it was only a couple of weeks ago that his remote access to that company’s network was cut off.

Most of what he copied over onto his Dropbox folder is innocent enough. Document templates and things to help him in the new job. He did grab a few contract templates, and wrote down some of the former consultancy’s client names, thinking his new employers might find them of interest. And he definitely kept the spicy HR files on his former manager that the HR Director left in the copier one day. He doesn't really intend to do anything with at the moment. But if ever the time is right, who knows.

He’s not much more considerate of his new employer’s security. Their restrictive system makes remote work difficult, so he’s already given his password to his colleague, Rhea, in case he needs her to email him files when he’s out of the office.

Ex-employees access and the insider threat

The number of internal security breaches that IT professionals are aware of occurring in their business is shocking, but these findings suggest that they may not even be the complete picture.

The fact is that an ex-employee is more likely to have incentive to put this access to malicious use. Former employees are probably the greatest insider threat, yet the easiest to address; just make changing passwords and deactivating accounts a part of the termination process.

However business it seems are failing to do this, and worse still businesses in the industries you would most expect this to be standard procedure, IT and HR, are failing even more than the rest.

Eliminate all access after termination

From a review of 46 cases from the CERT Insider Threat Database, eliminating potential methods of access after termination was identified as one of four mitigation patterns of insider threat sabotage. It suggests that security breaches could have been prevented, detected earlier or responded to more effectively if the suggested solutions were implemented within an organization.

CERT case data indicates that many insiders who commit insider IT sabotage do so because of prior disgruntlement or because of their job termination. This kind of attack should not be possible if standard termination procedures are followed since all of the insider’s system access should be closed off.

Find out more about what the reality of internal security breaches looks like and follow 5 steps to alter user behavior.

Download the Free Report Now