Ex-employees still have access to company applications over a month after leaving

Many companies are leaving themselves open to malicious attacks from ex-employees, new research suggests.

A study of more than 600 UK-based IT decision makers found that more than half (58 per cent) of former workers still have access to all corporate applications.

Additionally, nearly a quarter (24 per cent) of UK businesses have experienced data breaches by ex-employees and part of the problem is the hassle of managing employee access.

The vast majority (92 per cent) of respondents said they spend up to an hour manually deprovisioning former employees from every corporate application, but half of respondents are not using automated deprovisioning technology to ensure an employee’s access to corporate applications stops the moment they leave the business.

This burden may explain why over a quarter (28 per cent) of ex-employee’s corporate accounts remain active for a month or more.

Alvaro Hoyos, chief information security officer at identity management provider OneLogin - which published the research, said the findings “should raise serious alarm bells” for business leaders.

“Many businesses are burying their heads in the sand when it comes to this basic, but significant, threat to valuable data, revenue and brand image,” commented Mr Hoyos.