Only half of the SMEs in Germany cannot rule out that ex-employees still have data access to systems in the company. When it comes to access to cloud data, only four out of ten SMEs are sure that ex-employees are locked out.
Former employees can pose an additional IT security risk for medium-sized companies or SMEs in Germany, like the current one Kaspersky SMB Cyber Resilience Report indicates. Because only 41 percent of all company managers surveyed can rule out that former employees still have access to company data stored in the cloud, and only 46 percent are certain that ex-employees can really no longer use the accounts in the company.
Does the ex-employee really no longer have access to data?
While almost half of all companies attached great importance to retaining their staff during the corona pandemic, a third (29 percent) of SMEs in Germany are now considering cutting jobs to reduce costs, as the current Kaspersky study shows. On the other hand, only 13 percent of the medium-sized companies surveyed in Germany want to save on cyber security.
However, former employees pose a cyber security risk if their access to the network is not blocked after leaving the company. In Germany, around half (46 percent) of medium-sized companies cannot rule out that former employees still have access to digital resources. 44 percent of those surveyed are concerned that ex-employees could use company data such as customer lists for their own business. Another 42 percent fear that information will migrate to new employers.
Unauthorized access is a huge problem
"Unauthorized access is a huge problem for all companies. If company data gets into the hands of competitors or is sold or deleted, it weakens the company's competitiveness," explains Alexey Vovk, Head of Information Security at Kaspersky. “This problem becomes all the greater when employees also actively use their own, so-called 'shadow IT', which has not been approved and controlled by the company's IT department. When employees leave, such use must be brought under control. Otherwise, there is little opportunity to prevent/exclude former employees from accessing information about such applications.”
Recommendations against unauthorized access and shadow IT
- Both the number of employees with access to essential company data and the amount of data to which employees have access should be kept as low as possible. The more employees have access, the greater the likelihood of data leakage and misuse.
- Clear guidelines should be defined for access to company assets such as e-mail inboxes, shared file directories and online documents. The accesses must always be kept up to date and blocked accordingly when employees leave. The use of security broker software helps to control and monitor cloud access and strengthens the company's security policy.
- Create regular backups of essential company data that can be accessed quickly in an emergency.
- There should be clear guidelines for the use of external services and resources so that all employees know which tools they can and cannot use and why. Likewise, when software is converted, a precise procedure for its approval by the IT department or other responsible persons in the company must be defined.
- Employees should use strong passwords - each service has its own password.
- trainings like Kaspersky Automated Security Awareness carry out to train employees in complying with basic cyber security rules when handling passwords and e-mails.
- Special security solutions such as Kaspersky Endpoint Security Cloud make the cloud services used visible and protect them.
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/