Free Guide
16 Questions You MUST Ask Before Hiring Any IT Company
“The Great Resignation” is impacting employers all over the world as employees make shifts in their lives and careers in the wake of the global pandemic. Many people had the opportunity to put some thought into what they wanted their working lives to look like, and many of them determined that they were ready for career transitions, or even retirement. Others used the rare opportunity afforded by additional unemployment compensation or resources to look for a better job. Plus, many folks discovered that their priorities and what they value in an employer changed because of the pandemic. However it came about, The Great Resignation has been hitting organizations in every industry and bringing some unexpected security risks with it.
When an employee leaves a company, they take institutional knowledge with them, but they may also take something more concrete: data. An estimated 45% of employees download, save, or send work-related files before they leave their job. This happens most frequently in the tech, financial services, business consulting, and management sectors. It might be expected that some employees in departments like design would want to take portfolio samples with them, but employees in other departments also take proprietary data with them when they go like customer lists, project plans, internal reports, blueprints, or formulas. Employees are most likely to steal data like intellectual property within 90 days of their resignation, the case in 70% of insider intellectual property thefts taking place in that window.
Many companies aren’t careful about removing access and permissions from departing employee accounts, and that is a major security blunder. In a 2021 study, researchers determined that after their employment ended, many former workers still had access to the systems, tools, and solutions that they used at their former job including old email accounts (35%), work-related materials on a personal account (35%), social media (31%), software accounts (31%) or shared files or documents (31%). Many also retained access to things like accounts with a third-party system (29%), another employee’s account (27%), a backend system (25%), and the company’s financial information (14%).
Altogether, 83% of former employees surveyed said they continued to access accounts at their previous place of employment even after leaving the company. That’s way too much easily mitigated risk, and for many companies, the first step on the road to an expensive, damaging data breach. This is a shockingly widespread problem. A stunning 89% of workers in a study reported they were able to access sensitive company data well after they left. While many employees won’t use that access, more than half of insider data theft incidents are caused by employees who were able to access a company’s sensitive data after they no longer worked there. Failure to remove the access that former employees have to data and applications is a security vulnerability that no company can tolerate. Employers in the UK are most likely to remove employee access – 67% of UK employees reported retaining their access versus 87% in the U.S. and 88% in Ireland.
Unfortunately, not every employee leaves a company on good terms, and that can also lead to security complications. Vengeance against an employer from disgruntled former employees is a major danger. Over 90% of malicious insider incidents are preceded by employee termination or layoff, and if that employee still has a valid access credential, they can wreak havoc quickly. Malicious insiders have many motivations for seeking to damage their former employers, from making a quick profit by selling data or access credentials to simple vengeance. Whatever their motivation, failing to eliminate access to company assets makes it really easy for a malicious former employee to do big damage fast – and 56% of employees use their continued digital access after their departure to harm their former employer.
Former employees also create another security risk: password compromise. An employee doesn’t even have to take malicious action to cause their employer password-related security trouble. Password reuse, recycling, and sharing are enormous security threats in and of themselves, exposing businesses to credential compromise risk. In a 2021 survey, 82% of workers admitted sometimes reusing the same passwords and credentials as they’d used in old accounts. Part of that impetus is that everyone has too many passwords to keep track of these days, and we’ve all got password-protected accounts that we haven’t used in years. Forbes magazine reports that 70% of consumers say that they have over 10 password-protected online accounts, and 30% say that they have “too many to count”.
Of course, if that former employee is inclined to malicious action, valid access credentials for their former employer’s networks or data is a precious and highly profitable commodity. Stolen legitimate network credentials go for an estimated $3,000 to $120,000 depending on the company and level of privilege on the account. Vengeful former employees who retain access to systems and networks at their old jobs can take more direct damaging actions too, like using their old company’s resources to facilitate crypto mining and deploying ransomware or other malware.
It’s essential that organizations protect themselves from the danger presented by former employees by adding a security component to their offboarding process. Research shows that in most companies, offboarding is handled by a supervisor (33%) or HR (31%) though in some cases, it fell to a coworker (13%). Disturbingly, only half of the employees are asked to return company devices only about 40% reported returning security keys or tokens and being required to wipe personal information or documents from company devices. Employees are sometimes unaware that they shouldn’t take data with them when they go; more than 40% of organizations don’t have a formal policy that forbids staff from taking work data with them when they leave.
As employers get serious about bringing employees back to the office full-time, the next phase of The Great Resignation is certain to kick off. Most people simply do not want to return to the office 5 days per week, and they don’t intend to stay with companies that require it. 58% of workers in a survey said that they would leave their positions and seek alternative employment if they were not able to continue hybrid working at a minimum in their current role, giving rise to even more offboarding security risks for organizations to handle. Companies must take action to add a security check to their offboarding procedures or risk disaster.
Fuente: Agente ID