The latest analysis contracted by OneLogin has exposed that several organizations aren’t doing sufficient to avoid data breaches by ex-workers.
Access to applications and computer systems is a necessity while hiring, but several companies are not blocking access to systems swiftly when workers leave the firm, even though ex-workers pose a substantial data safety risk.
When a worker is fired or else leaves the firm, obstructing access to email accounts and networks is among the most basic safety measures, however, all too often the procedure is postponed.
600 IT workers who had some duty for security in their company were questioned for the analysis and roughly half of respondents stated they didn’t instantly end ex-workers’ network access privileges. 58% stated it takes more than a day to erase ex-workers’ login authorizations.
A quarter of responders stated it can require up to a week to obstruct access, whereas more than one in five responders said it can require up to a month to deprive ex-workers. That provides them sufficient time to access to systems and thieve information. Nearly half of responders were conscious of ex-workers who even now had access to firm systems, whereas 44% of responders lacked certainty that ex-workers had been deleted from their computer networks.
Depriving ex-workers might be a labor-intensive job and IT divisions are under substantial time constraint. It’s all too simple to delay the task and focus on other more urgent matters. Automated provisioning technology can decrease the time load and improve safety, however, many companies carry on to perform the job by hand. Whether manual or automatic, depriving must take place swiftly – as soon as the person is fired or employment ends.
How grave is the danger from ex-workers? 20% of responders stated they had faced at least one data breach by an ex-worker, while roughly half of those persons stated more than 1 in 10 data breaches faced by their company was because of an ex-worker.
For healthcare companies, ex-workers are a big danger. There have been many cases of workers changing firms and when they leave they take patient lists with them. If access isn’t obstructed, nothing can stop data being thieved.
Additionally, if policies aren’t launched to include depriving workers or if those policies aren’t exactly adhered to, companies are at danger of getting a HIPAA infringement fine – See Administrative Safeguards § 164.308 (3)(ii)(B).