Hacks Are Happening Because Ex-Employees Still Have Access

In a business world filled with threats, the last thing an enterprise need is to be its own worst enemy. Unfortunately, that is what is happening.

One in every five enterprises said failure to deprovision employees from corporate applications contributed to a data breach, while half of ex-employee’s accounts remained active for at least 24 hours after separating from the company, according to survey findings from OneLogin.

The survey’s 500 respondents were all IT decision-makers with some form of oversight or control on the company’s security standing. A quarter of respondents said their enterprise takes more than a week to fully deprovision a former employee’s access to company apps and other data, while another quarter of respondents said they don’t know how long ex-employees’s accounts remain active once the employee has left the company.

Much of the issues arise from cloud-based environments and third-party resources, with companies using solutions like Box or Google Docs for workflows, as an example.

In the survey, operations employees were the hardest to deprovision, followed by engineering and sales, HR, finance and customer support, and marketing.

In 2016, a former Expedia IT department member hacked his old employer’s senior executives and profited on stock trades based on insider information. How did that former employee get inside? With a company-issued laptop that was never returned or tracked by the company, according to CNNMoney.

The former employee, Jonathan Ly, made $331,000 before he was caught.

Some former employees are not into malicious behavior for money,but rather for revenge. Such was the case at paper manufacturer Georgia Pacific, which fired Systems Administrator Brian Johnson in 2014. Johnson took out his anger by creating a VPN connection to the companie's servers from his own home and then wreaked havoc for two weeks. The result was $1.1 million in damage. Johnson was prosecuted and jailed, as well as forced to pay restitution for the damages.

According to the survey, 41% of respondents are not using a security information and event management (SIEM) system, which would be used to monitor employee app usage to detect threats to the corporate network.

Enterprises have enough to worry about when it comes to securing devices being controlled by active employees. Not safeguarding against those who have left the company is a recipe for disaster and one that could be easily avoided. It would behoove enterprises to incorporate strong policies and best practices to ensure there is no malice once an employee separates from the company.

First, have a procedure in place, including an accurate record of all the internal applications and systems the employee has access to. Next, and this should go without saying, no two employees should have shared or identical sign-on credentials. Finally, for the data itself, be sure to have encryption protocols in place. Do not make the data easy to obtain, use, or disperse.  The best employees could still bring about the worst intentions.