Limited Access Is The Centerpiece Of All Data Security Strategies

A recent survey of 1,000 professionals found 25 percent still had access to their former employer's online accounts.

To keep track of passwords, more than one-third of survey respondents said they write their passwords down on paper; 38 percent use a secure password manager; and nearly 30 percent do not store their passwords at all.

In addition, more than 40 percent of respondents said they have shared work passwords. Employees at organizations with 50 to 249 employees were the most likely to have done so.

Among those who shared work passwords, 66 percent shared them with coworkers. More than a third shared them with family or significant others. Email was the most common method for sharing passwords.

Many employees reuse their work account password for their personal accounts, with 26 percent using a work password for their personal email; more than 21 percent for their bank account; and nearly 18 percent for their social media accounts.

Nearly 73 percent of respondents said they thought their organization's password policy was "about right," although the other results of the survey suggest policies may need to be tightened.

However, the survey also found that employers should not make the process too difficult. Over 45 percent of respondents said that strict password policies hamper productivity.

Beyond Identity, a password-less security company, conducted the survey. Brandon Vigliarolo "1 in 4 employees say they still have access to accounts from past jobs, survey finds" techrepublic.com (Jul. 06, 2021). 

Commentary

Disgruntled and/or ex-employees who want to commit a crime can access and use the information to commit identity theft, or other wrongdoing, including uploading malware. Even ex-employees who have no intent to cause harm can cause harm if their credentials are compromised through carelessness.

A basic requirement of cybersecurity is to limit access to your cyber network. Limiting access includes preventing former employees from accessing the network no matter how they departed their employment.

The reasons (and logic) are compelling, including employers can face hefty penalties and fines if employee, customer, or client information is accessed in a data breach.

To reduce the risk, it is essential to revoke online access prior to an employee receiving notice of termination or immediately after an employee resigns and no longer needs access to the system. Moreover, you should routinely audit account access to confirm that only those who should have access do have access to the system.

Finally, your opinion is important to us. Please complete the opinion survey: