Former employees have become ‘application menace’

Pro
(Image: Stockfresh))

19 August 2014

Many smaller businesses employees retain alarming levels of access to critical business applications after they have stopped working for a company, a survey for cloud services firm Intermedia has claimed.

According to this research, 89% of former staff surveyed were still able to use their log-in to access popular applications such as Salesforce, PayPal, SharePoint, Facebook, Google Apps and even email.

In total, 45% reckoned this would allow them to access confidential or even highly confidential data, with 24% mentioning PayPal, an account opening up the possibility of financial abuse.

More to the point, 45% admitted having logged into a company account after leaving their employment, presumably without authorisation. Sixty-eight per cent also stored work files in a personal cloud, taking that data beyond the control of even the most assiduous IT department.

The survey sample size was 379.

So is this August ambulance chasing or the latest example of poor security management? The likelihood that employees leave businesses without having account credentials changed is highly plausible, not least because businesses now have to manage large numbers of them, sometimes at departmental rather than IT level. To the ones mentioned earlier must be added other common applications such as LinkedIn, Twitter, Office365, and WordPress.

Some of this depends on the type of firms the survey respondents worked for, their country of origin and how long access lasted. Carried out by Osterman Research for Intermedia, it was confirmed that the survey was of US and Canadian workers which means that the results do not necessarily hold for other countries. However, Intermedia is convinced of the issue’s universality.

“Most small businesses think ‘IT security’ applies only to big businesses battling foreign hackers,” said Intermedia president, Michael Gold. “This report should shock smaller businesses into realising that they need to protect their leads databases, financial information and social reputation from human error as well as from malicious activity.”

Responsibility for application de-commissioning remained confused, often split between different departments, he said. IT departments could become blind to the level of access.

 

John E Dunn, Computerworld UK

Read More:


Back to Top ↑

TechCentral.ie