With the current situation experienced by the labor market, it is essential for companies to take steps in order to maintain their security in face of the movements which may occur in their workforces.
Employees looking for a change of scene, suppliers who do not pay on time, debts impossible to pay off that force companies to go out of business. There are numerous reasons that may cause changes between the team members and companies should control what information is taken by those who are leaving and how much may be known by those arriving.
It seems that many companies don’t pay too much attention to this matter. There are few organizations that take the necessary precautions to prevent workers from taking with them information which belongs to the company or the passwords to access it. According to a study carried out by Osterman Research, 89% of the ex-employees keep the login and the password which gave them access to at least one of their former company’s services.
Of all the participants in the survey, 45% acknowledged that they continued to have access to sensitive or very sensitive confidential information and up to 49% claimed they had accessed some service after leaving the company. Therefore, organizations need to implement mechanisms and strategies that allow them to safeguard the privacy of their information from any changes in their workforce.
The most important thing is to take action before the employees leave. A basic requirement to avoid problems in the long term is to know all the accounts to which employees have access and, in addition, to register the credentials with which they can login to one service or another.
Without going any further, it would suffice to implement a single sign-on platform. A portal from which employees could access all the tools necessary to do their job, using their corporate email as user id. This way, if for any reason the employment relationship comes to an end, the organization will only have to delete that employee’s email to prevent the company’s information from falling into the hands of someone not related to the company.
In the event that the company has forgotten or discarded this first step, they will be able to establish a procedure which must be followed by the employees when they leave their jobs. In some cases security measures as simple as making sure ex-employees return the tools provided for their work, such as a computer, a smartphone or the card giving access to the office.
This is as far as the physical world is concerned. In terms of digital tools, companies must not forget to close any access their former employees might have to their corporate accounts. In addition, they must prevent them from entering, in any way, the services, applications and any other channels used by the company to enable its workers to operate as a team.
We must take into account a detail in this whole process: during the time a worker is part of the team and has the company’s trust, his actions cannot be controlled. That’s why, as the study of Intermedia exposed, 68% of the employees that took part in the survey claimed to have kept corporate information in one or another personal account in the cloud.
Employees who needed to check documents outside the office stored them in Dropbox, Google Drive or OneDrive. According to Michael Osterman, president of Osterman Research, “if an employee stores sensitive or confidential data in personal Dropbox or Google Drive accounts, then this data is potentially accessible by outsiders the day he or she becomes an ‘ex-employee’”.
For that reason, another recommendation is that organizations which can see their privacy compromised due to changes in their workforce should implement or hire their own cloud storage service. In this way, the company will always have access to that data and will prevent the employee who uploaded this information from accessing it if he leaves the team.
Furthermore, the management of the company should encourage employees to save the information there rather than leaving it on their computers, just in case on the last day, if they decide to erase everything they have stored, some sensitive information could disappear forever. In case they decide to act in this way, the company must also incorporate regular audits to check that everything goes as planned and all data is safe.
Following these recommendations, many companies could save themselves some headaches. With these guidelines they will not only prevent ex-employers from taking something that doesn’t belong to them, but also prevent the digital ghosts of people who one day worked for the company from continuing to swarm through those platforms and services to which one day they had access, sniffing around matters which no longer concern them.
The post 45% of ex-employees continue to have access to confidential corporate data appeared first on MediaCenter Panda Security.