While changes in staff are common, both employers and employees often struggle with following good cybersecurity practices when parting ways. According to the new research by Beyond Identity, this can cost companies everything as 56% of workers admit to using remaining account access to harm their ex-employer.
The offboarding process differs across organizations, with some putting less emphasis on securing digital information than others. Overall, 70% of survey participants were formally offboarded - 81% in the US and 64% in the UK.
Alarmingly, only 9% of those who were offboarded remembered having an IT specialist involved in the process. Most commonly, it was their boss (33%,) HR representative (31%,) or a co-worker (13%.)
Perhaps for this reason, the cybersecurity practices involved in the offboarding process were generally poorly followed or overlooked altogether. Only 50% of respondents said they had to return company devices, and 35% had to delete associated accounts. Similarly, the majority of employees did not take adequate precautions to erase their personal information, with only 40% deleting it from company devices.
As a result, upon leaving the organization, 83% of respondents ended up still having access to the digital assets of the company. Specifically, 35% had access to their email account and work-related materials, 31% - to company social media accounts, shared documents, and software, and 29% - to third-party system accounts.
While it might seem like most actions an employee can potentially take using this access are harmless, insider threats are a serious cyber risk. While many respondents (31%) said they used access to get the contact information of a fellow co-worker, an alarming 27% said they exploited their accounts to get their hands on company ideas. Similarly, 24% used their credentials to access financial information, passwords, and process-related documents.
Overall, more than 50% of respondents used remaining digital access to harm their former employer - this value rises to 70% for fired employees. As a result, business leaders reported having an employee unlawfully access their financial information (39%,) back end of the company website (36%,) or another worker’s email (33%.) Former employees also took company files (35%) and used a corporate account to access subscriptions (30%.)
It is crucial to take appropriate cybersecurity steps during the offboarding process for both sides. Employers should leave this in the hands of the IT department while employees should take care of their personal data stored on company devices.
More from CyberNews:
Subscribe to our newsletter