News Stay informed about the latest enterprise technology news and product updates.

Failing to sever network ties can lead to 'leftover access'

Enterprises often fail to terminate access, privileges for ex-employees in a timely manner.

The next time you hand out pink slips, remember to immediately terminate all network access and pat down your employees for their corporate credit cards, passkeys and anything else they were planning to take with them.

Approximately 520,000 U.S. workers last year took advantage of benefits from former employers after they left their jobs, according to a new survey commissioned by the New York-based consulting firm Accenture. Thirty percent said they had access to the business information at their former company -- access they were not entitled to.

A total of 1,000 U.S. adults were randomly selected and interviewed by telephone, according to Accenture. Roughly 10% of those surveyed tapped their e-mail accounts and employees-only areas of corporate Web sites after their employment ended. They also checked their old voicemail, used subscriptions to expensive online databanks like Lexis-Nexis, and made charges to their corporate credit cards.

Security executives call this phenomenon "leftover access." When each new hire is given as many as a dozen accounts for accessing their company's networks, an Accenture consultant said, tracking them all becomes nearly impossible.

Back in the good ol' days, managers dreaded the day employees left with their Rolodexes, which were filled with valuable sales contacts. Corporate espionage was typically limited to dumpster-diving.

But now managers can develop ulcers thinking about the e-mails and competitive data workers are burning onto CD-ROMs, as well as the still-active usernames and passwords, credit card numbers and FedEx account numbers being used by ex-workers and former business associates.

"In this world we have distributed offices, vendors and customers," said David Black, a senior manager working in Accenture's Security Technologies practice. "It's become very difficult for companies to keep track of all of these individual assets, which they may not have seen as high value."

The survey, which was conducted for Accenture by Taylor Nelson Sofres, plc., doesn't estimate the cost of leftover access. Nor does it determine which industrial sectors are more susceptible to theft by former employees.

But the number of consultants in Accenture's Security Technologies practice has doubled in the past year, in part because companies are recognizing the threat, said Black.

Mid-sized companies in particular must also strengthen their human resources practices, from new hires to exit interviews, said Don Phin, a West Palm Beach, Fla.-based workforce risk management consultant.

"Small companies have very tight, family cultures," said Phin. "And large companies have the cash and the well-established employment practices to track individuals more closely."

But those (mid-sized) companies that still have one foot in the family culture often don't treat their employees as a security risk until it's too late," said Phin. "Those companies are walking around with their chests out. But it's only because they haven't been hit yet."

Dig Deeper on IPv6 security and network protocols security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.