IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Business leaders concerned ex-employees can access corporate data
Fri, 3rd Sep 2021
FYI, this story is more than a year old

Almost half of business leaders are concerned ex-employees know passwords that grant access to corporate data, new research has found.

Offboarding employees securely is a key problem for business leaders, with 40% concerned that employees who leave a company retain knowledge of passwords that grant access to corporate data.

This is according to new research by identity and access management company My1Login, which found few organisations are implementing access management solutions that work with all applications, meaning most lack the ability to revoke access to all corporate data as soon as an employee leaves.

Previous employees with access to corporate data via login credentials pose a considerable threat to businesses, increasing their risk of data breaches. Adopting an access management and Single Sign-On (SSO) solution – which gives employees a passwordless experience – is one way for organisations to improve the security of offboarding.

However, My1Login's survey of 1000 employees and 1000 business leaders found that while just over half (51%) of business leaders use an SSO solution, only 20% of business leaders report using an SSO solution that works with all applications, indicating that a large proportion of SSO solutions fail to integrate with all web applications.

Furthermore, over a quarter (27%) of business leaders say their employees need to log into other applications that fall outside of SSO. Thus, many SSO solutions in place still require employees to create passwords for some applications, meaning the risk an SSO solution is designed to remove is still prevalent.

My1Login's survey also found that 84% of employees are frustrated by password requirements while 63% of business leaders believe employees have too many passwords to remember. Shifting away from a reliance on passwords altogether would therefore benefit existing employees' productivity as well as improving organisations' security.

“Offboarding is a blind spot in organisations' cyber security defences, with many failing to realise, or act on, the threat posed by employees leaving a company with knowledge of business passwords that protect sensitive and confidential data," says Mike Newman, CEO at My1Login.

"The risks surrounding offboarding have been heightened during the pandemic as organisations have adopted remote and hybrid working practices, meaning offboarding can take longer and businesses have less direct control over the process due to the increasing proliferation of cloud apps," he says.

“It is only through eliminating the need for employees to remember passwords that the risks associated with offboarding can be mitigated," Newman says.

"Giving employees a passwordless experience – as offered by SSOs that work with all applications – not only addresses cyber security risks, but it also saves employees and organisations time, as the ‘logging in' process becomes more streamlined and efficient," he says.

"As hybrid working becomes standard practice, it's crucial organisations revisit the security of processes such as offboarding to ensure the right tools are in place to reduce the risk of cyber-attack.