SMEs: Do ex-employees still have access to data?

7 November 2022
| No comments
SMEs: Do ex-employees still have access to data?

Share post

Only half of the SMEs in Germany cannot rule out that ex-employees still have data access to systems in the company. When it comes to access to cloud data, only four out of ten SMEs are sure that ex-employees are locked out.

Former employees can pose an additional IT security risk for medium-sized companies or SMEs in Germany, like the current one Kaspersky SMB Cyber ​​Resilience Report indicates. Because only 41 percent of all company managers surveyed can rule out that former employees still have access to company data stored in the cloud, and only 46 percent are certain that ex-employees can really no longer use the accounts in the company.

Does the ex-employee really no longer have access to data?

While almost half of all companies attached great importance to retaining their staff during the corona pandemic, a third (29 percent) of SMEs in Germany are now considering cutting jobs to reduce costs, as the current Kaspersky study shows. On the other hand, only 13 percent of the medium-sized companies surveyed in Germany want to save on cyber security.

However, former employees pose a cyber security risk if their access to the network is not blocked after leaving the company. In Germany, around half (46 percent) of medium-sized companies cannot rule out that former employees still have access to digital resources. 44 percent of those surveyed are concerned that ex-employees could use company data such as customer lists for their own business. Another 42 percent fear that information will migrate to new employers.

Unauthorized access is a huge problem

"Unauthorized access is a huge problem for all companies. If company data gets into the hands of competitors or is sold or deleted, it weakens the company's competitiveness," explains Alexey Vovk, Head of Information Security at Kaspersky. “This problem becomes all the greater when employees also actively use their own, so-called 'shadow IT', which has not been approved and controlled by the company's IT department. When employees leave, such use must be brought under control. Otherwise, there is little opportunity to prevent/exclude former employees from accessing information about such applications.”

Recommendations against unauthorized access and shadow IT

  • Both the number of employees with access to essential company data and the amount of data to which employees have access should be kept as low as possible. The more employees have access, the greater the likelihood of data leakage and misuse.
  • Clear guidelines should be defined for access to company assets such as e-mail inboxes, shared file directories and online documents. The accesses must always be kept up to date and blocked accordingly when employees leave. The use of security broker software helps to control and monitor cloud access and strengthens the company's security policy.
  • Create regular backups of essential company data that can be accessed quickly in an emergency.
  • There should be clear guidelines for the use of external services and resources so that all employees know which tools they can and cannot use and why. Likewise, when software is converted, a precise procedure for its approval by the IT department or other responsible persons in the company must be defined.
  • Employees should use strong passwords - each service has its own password.
  • trainings like Kaspersky Automated Security Awareness carry out to train employees in complying with basic cyber security rules when handling passwords and e-mails.
  • Special security solutions such as Kaspersky Endpoint Security Cloud make the cloud services used visible and protect them.
More at Kaspersky.com

 

About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/

 

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

New wave of phishing: Attackers use Adobe InDesign

There is currently an increase in phishing attacks that abuse Adobe InDesign, a well-known and trusted document publishing system. ➡ Read more

Kaspersky, Stories
, , , , ,