What do you take with you when you leave your job? According to a new report from Intermedia, an online shop for IT apps, the answer might include IT access, such as passwords to the corporate Twitter or Salesforce account, or confidential files stored in personal Dropbox accounts. Of those surveyed near half, 49 per cent, actually logged into ex-employer accounts after leaving the company; and a good two-thirds, 68pc, admitted to storing work files in personal cloud storage services.
Michael Gold, President of Intermedia, said: “Most small businesses think ‘IT security’ applies only to big businesses battling foreign hackers. This report should shock smaller businesses into realising that they need to protect their leads databases, financial information and social reputation from human error as well as from malicious activity.”
These risks have both technical and procedural causes, according to the firm. In fact, it’s claimed one of the weakest points identified in the report is the lack of formal ‘IT offboarding’ procedures: 60 per cent of respondents said they were NOT asked for their cloud log-ins when they left their companies.
Some 89pc of those surveyed retained access to Salesforce, PayPal, email, SharePoint or other sensitive corporate apps; and 45pc retained access to “confidential” or “highly confidential” data, it is claimed. Read the IT access report at http://ow.ly/Adsfj
The risks of ‘rogue access’
According to the firm, disgruntled ex-employees could steal money from PayPal, falsify financial details in Quickbooks, or post inappropriately on company social media. Well-intentioned ex-employees might purge important files from their personal cloud storage. And there are legal risks as well, such as the inability to complete eDiscovery or the failure to comply with regulatory obligations to protect sensitive data.
“I’ve heard a lot of stories about salespeople who export customer lists or users who wipe all their data,” says Felix Yanko, president ServNet Tech, an IT consultant and Intermedia partner. “For a small business particularly, ‘Rogue Access’ creates a huge risk: if something happens that affects their clients and they get sued, they usually go out of business.”
