The long goodbye: Ex-employees with network access pose major security risk

One of the things that any cybersecurity professional is taught, especially if they are going for a certification like the CISSP, is how to keep information secure from employees. This is especially the case if an employee is leaving a company. Basic security protocol states that all access, from logins to entry badges, must be universally revoked. Unfortunately, some corporations do not follow proper exit procedures to protect their data from ex-employees, and it appears the problem is worse than previously thought.

According to a report from OneLogin, a massive amount of companies still allow (most likely due to negligence) ex-employees access to various applications. The report is derived from a study OneLogin performed with “500 U.S.-based IT decision makers” in which each individual worked “in a corporate IT department where they have some-level of responsibility over the company’s IT security.”

The findings of the quantitative survey were alarming, to put it mildly. It was found that roughly 44 percent of IT professionals surveyed believed that their companies had not revoked access to the network from ex-employees. Directly correlating with this is the revelation that “according to 20 percent of the respondents, failure to deprovision employees from corporate applications has contributed to a data breach at their organization.”

The fact that the most basic protocols are being ignored shows just how poorly trained IT divisions in major companies are. We wonder how massive security breaches occur, especially when it involves the most sensitive data, but this study without a doubt shows the truth behind these breaches. An insider with access is the most dangerous to your company’s security, more than any malware or phishing email.

So how do we respond as a cybersecurity community to these revelations? OneLogin suggests a security information and event management (SIEM) system, which they expand on in the below quote:

A SIEM solution can help monitor employee app. usage to detect threats to the corporate network. Integrating a SIEM solution with the company’s identity and access management system can help enforce login policies across their entire application portfolio to provide businesses another layer of security.

Whatever the process is, upper management at any company, especially at a major corporation with major economic influence, must closely evaluate the deprovision protocols they follow.

Photo credit: Pixabay

3 thoughts on “The long goodbye: Ex-employees with network access pose major security risk”

  1. “findings of the quantitative survey were alarming, to put it mildly. It was found that roughly 44 percent of IT professionals surveyed believed that their companies had not revoked access to the network from ex-employees”

    Where the proof Belief is the state of mind.

  2. The problem of offboarding an ex-employee is magnified when trying to offboard a former IT admin. Admins use accounts not necessarily tied to a real person. To approach admin offboarding there should be some automation in place that would discover privileged accounts and manages them in a central place. We have built a solution that automates it (https://www.xtontech.com) so we are familiar with the situation too. However, even this automation does not replace an administrative offboarding workflow advocating by this article.

    1. Derek Kortepeter

      The problem is definitely multiplied tenfold when dealing with a privileged account like an IT admin. Thanks for pointing out how multi-faceted this issue is.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top