Failure to secure the user accounts of former employees is putting organisations’ security at risk, warns One Identity.
In a study of 900 IT security professionals, only 14% said they removed access for users immediately upon a change in HR status and only 9% are confident they have no dormant accounts.
More than eight out of 10 (84%) confessed that it takes a month or longer to discover these dangerous open doors into the enterprise.
“Today, when employees leave an organisation or change roles within the same organisation, it’s more critical than ever that any access rights to the corporate
network, systems and data are revoked or modifed to match their new status,” said John Milburn, president and general manager of One Identity.
“The overwhelming lack of confidence that organisations are doing this in a timely manner means they are offering up a gaping security hole for former employees or hackers to exploit those identities and wreak havoc for hours, weeks or even months to come.”
Seven out of 10 respondents admitted they couldn’t be sure that user accounts of former employees are fully deactivated in a timely manner.