The ex-employee menace: 89% retain access to Salesforce, QuickBooks & other sensitive corporate apps
Intermedia’s 2014 SMB Rogue Access Study explores the security threat posed by former employees.
This data comes from the 2014 Intermedia SMB Rogue Access Study, which was released today. Based on a survey of knowledge workers performed by Osterman Research, this study quantifies the staggering scope of the “Rogue Access” problem. And it presents a wake–up call for every business in the country.
Read the Rogue Access report at https://ow.ly/A4JtO. Some of the more shocking findings include:
- 89% of those surveyed retained access to Salesforce, PayPal, email, SharePoint or other sensitive corporate apps
- 45% retained access to “confidential” or “highly confidential” data
- 49% actually logged into ex–employer accounts after leaving the company
- 68% admitted to storing work files in personal cloud storage services
“Most small businesses think ‘IT security’ applies only to big businesses battling foreign hackers,” says Michael Gold, President of Intermedia. “This report should shock smaller businesses into realizing that they need to protect their leads databases, financial information and social reputation from human error as well as from malicious activity.”
These risks have both technical and procedural causes. In fact, one of the weakest points identified in the report is the lack of formal “IT offboarding” procedures: 60% of respondents said they were NOT asked for their cloud logins when they left their companies.
From lost data to compliance failures: the wide–ranging risks of Rogue Access
The risks of Rogue Access are endless. Disgruntled ex–employees could steal money from PayPal, falsify financial details in Quickbooks, or post inappropriately on company social media. Well–intentioned ex–employees might purge important files from their personal cloud storage. And there are legal risks as well, such as the inability to complete eDiscovery or the failure to comply with regulatory obligations to protect sensitive data.
“I’ve heard a lot of stories about sales people who export customer lists or users who wipe all their data,” says Felix Yanko, president of Pittsburgh–based ServNet Tech, an IT consultant and Intermedia partner. “For a small business particularly, ‘Rogue Access’ creates a huge risk: if something happens that affects their clients and they get sued, they usually go out of business.”
Three solutions to the Rogue Access challenge
To help businesses regain control over access to their IT apps, Intermedia’s report presents three solutions:
- First, companies should implement strict access and user lifecycle management policies, including a stringent IT offboarding checklist. Intermedia has developed a collection of best practices as well as an IT offboarding checklist, and made them free to download.
- Second, companies should offer business–grade cloud storage that’s as easy to use as consumer–grade services. This makes it less likely that employees will use personal services that lack high levels of IT control and protection.
- Finally, companies should provide users with single sign–on portals. SSO portals are a fast–trending IT tool for a reason: they give users a single point of entry into the cloud, which makes it much easier for IT to manage and track access.
“People want to work at home. They want files available when they’re traveling. But when a company puts this functionality into place in an organic, uncoordinated way, there are real risks they may not have considered,” says Michael Osterman, President of Osterman Research. “This report provides direction for these companies to regain control over their cloud.”
For more information—including a downloadable list of IT access best practices and an IT offboarding checklist—read Intermedia’s Rogue Access report at https://ow.ly/A4JtO. You can also follow @intermedia_net on Twitter or participate in the conversation at #StopRogueAccess.
Intermedia is the world’s largest one–stop shop for cloud business applications. Its Office in the Cloud™ suite integrates all of the essential IT services that SMBs need to do business, including email, voice, file sync and share, single sign–on, security, mobility, archiving and more.
Intermedia’s services thwart the ex–employee menace by making it simple to revoke access to the entire cloud footprint with just one click. All of its services are integrated, secure, mobile–ready and managed from a single control panel. And they all offer enterprise–grade security, 99.999% availability and 24/7 phone support with hold times of less than 60 seconds.
Intermedia’s 600 employees work relentlessly to provide its 60,000 customers, 1 million users and 5,000 active partners with a Worry–free Experience™. Learn more at Intermedia.net.
# # #