50% of Ex-Employees Can Still Access Corporate Apps

[infscrtyrisk]

Researchers at identity management firm OneLogin polled 500 IT decision makers to learn about how they provision and deprovision, or terminate, staff login information in-house. Results indicate most aren't doing enough to protect against the threat of ex-employees.

Twenty percent of respondents report their failure to deprovision employees from corporate applications has contributed to a data breach at their organization. Of those, 47% say more than 10% of all data breaches have been the result of ex-employees.

Nearly half of respondents are aware of former employees who can still access enterprise applications following their departure. Half of ex-employees' accounts remain active for longer than a day after they leave. One-quarter of respondents take longer than one week to deprovision former employees, and one-quarter don't know how long accounts remain active after workers leave.

More at https://www.darkreading.com/vulnera...29672?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

I'd like to see a MyBB poll on this, where peeps tell us whether they can still access ex-employees corporate applications, or not.

 

[ScottulusMaximus]

Yip, I can still access the CCTV, NAS with every document the company has and main company email.

 

[EasyUp Web Hosting]

Yip, I can still access the CCTV, NAS with every document the company has and main company email.

Same here.

 

[SauRoNZA]

Yup...still have loads of access for both previous companies.

Worse still still have lots of access at third party customers too.