Former Employees and Network Security

Network security is critical to the success of your business. However, what if one of your biggest security risks were your former employees? Today, businesses rely on more than just Microsoft Word and an email address; they operate using several application platforms, while connected to local and remote networks constantly transmitting data across networks.

The more applications and platforms are introduced; the more vital it is that there are security protocols in place to guarantee proper access to the necessary accounts. When an employee leaves your organization, you probably have your IT staff change the former employee’s password and likely disable their computer account and mailbox, but does that cover everything? What about the bank account this employee used to submit deposits for the business? What about the website portal for your line of business application?

Employees who have worked at a company for several years have access to many sensitive systems. The best practice is to keep accurate records of all your business and data accounts, including up to date records of who has access to them. Having this information is extremely useful with both new and former employees. It’s also a good item to add for discussion during an exit interview.

Research was recently conducted by Intermedia and Osterman Research to quantify how many former employees retained access to business accounts after they left an organization:

  • 89% of former employees retained access to Salesforce, PayPal, email, SharePoint, Facebook and other sensitive corporate applications.
  • 49% logged into an account after leaving the company they worked for.
  • 60% were not asked for their credentials or logins when they left.
  • 68% stored company data in personal accounts, and retained this data after leaving.

These statistics are alarming and should encourage every company to dust off their exit interview process and tighten up their monitoring of business accounts and access to data. Every company should have a checklist of tasks that are immediately accomplished when an employee leaves that includes:

  • Disabling their account
  • Changing their password
  • Disabling any access to email, data, files both externally and internally
  • Changing the passwords to any shared or company accounts they had access to

Coordinate with your IT Department or IT Services Provider to formulate this list and ensure that all your company’s accounts are accounted for. They can help to cover any gaps and ensure that former employees’ access is terminated the same day that they leave.

To read more about the research conducted, visit the link below for a full report: