With several hundreds of US citizens leaving their jobs every month, they carry with them previledge IT access to corporate apps such as Twitter accounts and confidential files stored in personal Dropbox accounts, a new report states.
Warning businesses about the staggering scale of the 'Rogue Access' problem, Osterman Research's latest study is a wake-up call for every business in the US.
According to the 2014 Intermedia SMB Rogue Access Study, about 89% of those surveyed held access to Salesforce, PayPal, email, SharePoint and other sensitive corporate apps.
Intermedia president Michael Gold said: "Most small businesses think 'IT security' applies only to big businesses battling foreign hackers.
"This report should shock smaller businesses into realising that they need to protect their leads databases, financial information and social reputation from human error as well as from malicious activity."
About 45% still gained access to 'confidential' or 'highly confidential' information, with 49% of them actually logged into ex-employer accounts upon departing the company and 68% of them confess to storing work files in personal cloud storage services.
Lack of formal 'IT offboarding' procedures has been found to be one of the weakest points, with 60% of respondents were NOT asked for their cloud logins upon leaving companies.
Using Rogue Access, annoyed ex-employees may pinch money from PayPal, forge financial details in Quickbooks, or post improperly on company social media.
Well-intentioned ex-employees might purge important files from their personal cloud storage. And there are legal risks as well, such as the inability to complete eDiscovery or the failure to comply with regulatory obligations to protect sensitive data.
This can be avoided by implementing strict access and user lifecycle management policies; offer business-grade cloud storage that's as easy to use as consumer-grade services and ultimately offer single sign-on portals to users.
Osterman Research president Michael Osterman said: "People want to work at home. They want files available when they're traveling.
"But when a company puts this functionality into place in an organic, uncoordinated way, there are real risks they may not have considered.
"This report provides direction for these companies to regain control over their cloud."
M86 Security is a global provider of web and e-mail security products. We are the only security company able to provide integrated, reliable and...
Established in 1957, BCS, The Chartered Institute for IT, promotes wider social and economic progress through the advancement of information...