Do ex-employees still have access to your data?When an employee leaves, would you let them take their company-issued devices with them? These devices may be company property, but they also often contain a tonne of company data. You don’t want to risk a data breach by allowing ex-employees to walk out of the door with confidential… Read More
Do ex-employees still have access to your data?
When an employee leaves, would you let them take their company-issued devices with them?
These devices may be company property, but they also often contain a tonne of company data. You don’t want to risk a data breach by allowing ex-employees to walk out of the door with confidential information!
But what about a former employee’s personal devices?
Today, it’s common practice to perform work-related tasks on your personal smartphone, tablet, laptop and even your home computer. When an employee clears out their desk, do you really know how much confidential information is still stored on their personal devices? Or what corporate portals and cloud-based software they still have access to?
In this article, we’ll explore why ex-employees pose such a threat to your business, and the steps you can take to ensure that a single disgruntled former employee doesn’t have the power to completely destroy your company.
Ex-employee leaks your data? You may be legally responsible
If you have any ex-employees, then these former employees could still have access to your corporate data. In a poll of IT decision makers, researchers at identity management firm OneLogin found that almost half of respondents were aware that former employees still had access to their corporate apps, and all of the data contained within those applications.
In an ideal world, employees and employers always part on good terms, so you’ll never have to worry about a vindictive ex-employee using your data against you. Unfortunately, this isn’t always the case! Sometimes employers are forced to make redundancies, or an employee becomes bored with their job, feels unsupported in the workplace, or simply cannot get along with their co-workers.
If an employee leaves your business under unpleasant circumstances, then they may be tempted to leverage any confidential information they still have access to. If your private data becomes public, then it can have serious implications for your business, and may sometimes even have legal ramifications.
Back in 2014, Andrew Skelton was working as an IT auditor for UK supermarket Morrisons, when he was accused of using the company’s mailroom to buy and sell goods on eBay. In response to these accusations, Skelton stole the bank details and national insurance numbers of almost 100,000 Morrisons employees, and posted this data online.
The former IT auditor was sentenced to eight years in prison, but 5,518 former and current employees also filed a claim against Morrisons for breaches of the Data Protection Act (DPA), misuse of private information, and a breach of confidence.
Ultimately, the High Court decided that Morrisons was liable for the actions of their former employee, setting a worrying precedent for employers everywhere. If an ex-employee still has access to your corporate data, then you may be legally and financially liable for anything that person chooses to do with your data.
Deprovisioning: How to protect your corporate data
A single ex-employee can inflict serious damage on your business, and data breaches caused by ex-employees are common. In their 2019 Data Breach Investigations Report, Verizon found that ex-employees contribute significantly to the number of data breaches, with respondents blaming 15% of security incidents on misuse by authorised users.
To protect yourself against costly and reputation-damaging data breaches, it’s essential that you revoke an ex-employee’s access to corporate data and applications, by deprovisioning them.
Deprovisioning is the part of the employee life cycle where you remove an employee’s access rights to corporate accounts, authentication servers, network services, and any other relevant applications and systems. Successful deprovisioning is one of the most effective ways to protect your business against a malicious ex-employee: when OneLogin polled IT decision makers, 20% of respondents admitted that their failure to deprovision had contributed to data breaches within their organization.
In this section, we’ll be looking at the top reasons why so many businesses fail to deprovision successfully, and the steps you can take to avoid these pitfalls.
1. It’s impossible to track every employee’s access rights
Businesses are using more applications than ever before, and these applications aren’t always from the same provider. If your business uses a mix of third party applications from different providers, then it can be a challenge to track each employee’s access rights.
Every time an employee leaves your company, you’ll need to identify every single application that employee has access to, and then manually revoke their access on an app-by-app basis. Smaller businesses may struggle to find the resources necessary to manage such a time-consuming offboarding process, while larger enterprises with a high employee turnover may find themselves in a constant state of offboarding.
By replacing your mix of third party products with a single integrated platform, you can simplify the offboarding process, and greatly reduce the strain on your HR and IT departments.
If you opt for a modern, cloud-based platform, then you may even be able to revoke access to all your corporate apps from a centralized location.
If you’re using Office 365, then you can revoke an ex-employee’s access to the entire 365 platform, including all corporate apps, in just a few steps:
● Log into the Office 365 admin center.
● In the left-hand menu, navigate to “Users > Active users.”
● Find the user that you want to deprovision, and then select the checkbox next to their name.
● Choose “Reset password.”
● Enter a new password, and then click “Reset.”
● Click to select the user’s name, which should launch a new panel.
● In the new panel, select the “OneDrive” tab.
● Click “Initiate sign-out.”
Within the hour, this employee will be automatically logged out of their account and then prompted to log back in. Since you’ve changed their password, they’ll be unable to access any Office 365 applications - and none of the data contained within those applications.
2. Your employees are using unsanctioned apps
If you don’t provide your employees with the applications they need to be productive in the workplace, then they may be tempted to use unsanctioned apps.
If your employees are using applications that you know nothing about, then you’ll also have no idea where you corporate data is stored. In this scenario, it becomes impossible to revoke an ex-employee’s access to your corporate data.
Unsanctioned applications pose a huge security risk to businesses of all sizes, and spanning all industries - including the NHS. Recently, NHS doctors were discovered sharing private patient information via WhatsApp. While this was already a major security risk, it also increased the chances of an ex-employee leaking, stealing or selling confidential patient information. Even if the NHS managed to revoke an ex-employee’s access to all their corporate applications, that ex-employee would still have access to every piece of patient information they’d shared via WhatsApp.
To prevent your employees from using unsanctioned apps, you must provide them with easy access to all the applications they need to be productive in the workplace. Only when you have control over every application that contains your corporate data, can you hope to prevent ex-employees from continuing to access your data.
3. Your staff are busy, and deprovisioning isn’t a priority
Deprovisioning ex-employees is one of those essential bits of admin that’s easy to overlook.
In their poll of IT decision makers, OneLogin found that 25% of respondents took longer than a week to deprovision ex-employees, while a further 25% had no idea how long their ex-employee accounts remained active.
While your staff may have full, busy workloads, the longer they take to deprovision ex-employees, the greater the risk of a data breach.
To ensure decommissioning happens quickly and efficiently, you should have a clear company policy that details the steps that must be taken, from the time an employee hands in their resignation, until the moment they walk out the door. It’s also important to define who’s responsible for each step in the decommissioning process, as any uncertainty and confusion can increase the time it takes to deprovision former employees.
Even with these policies in place, heavy workloads can still make deprovisioning a task that’s pushed to the bottom of the pile. If you suspect your staff are struggling, then you may be able to reduce their workload through automation.
At Systems Assurance, we’re big fans of using Microsoft Flow to automate time-consuming and repetitive tasks. Want to free up a tonne of time, so your staff can focus on the work that really matters? Each of our Microsoft Flow tutorials show you how to implement a complete, automated workflow within your workplace:Automatically Track Your business Expenses
Want to learn more about Microsoft Flow, or any of the other Office 365 applications? You can book a free, one-on-one consultation with one of our specialist engineers, who’ll be happy to discuss your businesses’ unique requirements.
Claim Your One Month FREE Trial of Microsoft 365 E5 Today.
Speak to a member of our team today 0114 292 2911 or email firstname.lastname@example.org if you need any assistance.
Share this article on social media
If you found this article useful, please share it on social media.
Subscribe to our blog...
We will only use your email to send you new blog posts.
Misplaced Mobile Devices Could be Putting Your Business at RiskToday many employees store confidential corporate data and applications on their smartphones, tablets, laptops, or all of the above, regardless of whether these mobile devices are personal or company-issued. Whether it’s a company laptop that occasionally moves between the office and the employee’s home, or a personal… Read More
Cloud deployment models define where your data is stored and how you access it. How do you get at it and from where do your applications run. It also depends on how much of your own infrastructure you want or need to manage. There are 3 types, lets talk about them… Public Cloud This is… Read More
In this article, we’re going to look at how Dynamics 365 works in further detail and review what it brings to the sales and customer service worlds – (the two leading modules are Sales and Customer Service).Customer relationship management (CRM) is a core part of modern business for two major reasons. Firstly, churn (losing customers)… Read More
Today, new companies are likely to take advantage of cloud resources from the outset to lower cost and provide flexibility as they grow — but what about businesses with legacy on-premise systems?In this article, we’re first going to recap the major benefits of moving to the cloud, considering the technical merits and the broader implications… Read More
First released in 2013, Slack soon proved a game-changer for colleague communication. Never before had there been such a slick tool for standardising vital office exchanges and making them accessible from anywhere. But then came the 2017 release of Microsoft Teams, an alternative rooted in the Microsoft ecosystem, and companies suddenly had options.As a platform… Read More
Even the holdouts need to adapt eventually, and the time has come for companies to move on. After all, official Microsoft support for Windows 7 will end at the beginning of 2020, and upgrading to Windows 10 is relatively simple with the free upgrade path provided through Microsoft 365.The Windows 10 Upgrade: Essential for SecurityReleased… Read More
Top 5 Cloud Computing Myths Debunked – What the Cloud Isn’tCloud computing adoption levels are soaring, with Gartner predicting that more than $1 trillion in IT spending will be affected by the shift to the cloud by 2020. Despite its popularity, there’s still plenty of misconceptions surrounding the cloud, which can make businesses reluctant to migrate… Read More
Expensive and unnecessary: Debunking the top 7 digital transformation myths According to the Worldwide Semiannual Digital Transformation Spending Guide, the worldwide spending on technologies and services that enable digital transformation is expected to reach $2.3 trillion in 2023. At Systems Assurance, we’re seeing more and more businesses contact us about digital transformation – but we’re also… Read More
BYOD is Putting Your Business at Risk: 6 Ways to Keep Your Data SafeAccording to the Global Information Security Survey, 88% of organizations feel they’re losing control over their data, and with the rise of BYOD (Bring Your Own Device) it’s easy to see why! In the worst case scenario, your employees may be walking around… Read More