OneLogin: ‘Ex-employees pose threat to businesses’

A new OneLogin study reveals that many businesses fail to protect their networks from potential threats caused by ex-employees.

The cloud identity platform surveyed over 600 participants within the IT security sector, who highlighted security process issues within UK businesses

The results showed that 28% of ex-employees accounts remain active for over a month when leaving a business; 92% of participants said they spend up to an hour on manually deprovisioning former employees from corporate applications; with 50% saying that they don’t use automated deprovisioning technologies to ensure employees’ access is cancelled when leaving.

Vital corporate data is also exposed to potential leaks, with 45% of businesses admitting that they don’t use a Security Information and Event Manager to inspect application usage by former employees.

‘Businesses are failing to put simple processes in place’

Alvaro Hoyos, Chief Information Security Officer at OneLogin, said: “The sheer level of data breaches revealed by our study, coupled with the revelation that many businesses are failing to put simple processes in place to promptly deprovision ex-employees, should raise serious alarm bells for business leaders.

“Our study suggests that many businesses are burying their heads in the sand when it comes to this basic, but significant, threat to valuable data, revenue and brand image. There should be no excuse for this negligence, which will be brought further into the spotlight when the European Union’s General Data Protection Regulation (GDPR) comes into effect in 2018. GDPR makes data protection a legal requirement for organisations, which could face fines of up to US€20million or 4% of their annual turnover, depending on which is higher.”

Hoyos also concluded that businesses should monitor all corporate applications by acknowledging the issues and taking steps to fix the issues by utilising available tools.

Written from press release by Leah Alger