23rd February 2016, London
Research by Ilex International shows enterprises taking up to a month to close dormant accounts leaving businesses open to cyber attacks.
Ilex International, a leading Identity and Access Management firm, is urging businesses to put strict security controls in place in preparation for a year ahead of mass staff migration. Research shows that over half (59 percent) of the UK workforce is actively looking for a new job in 2016 (1), thanks to the improving economy and employees increasingly feeling undervalued. The Ilex report, ‘Staff migration: The security impact to businesses’, emphasises the importance of controlling access to systems and sensitive data especially when employees leave.
The movement among the UK workforce could result in serious security implications for businesses. With 39 percent of large businesses taking up to a month to close dormant accounts, businesses are leaving the door open to opportunistic hackers and disgruntled former employees. Large businesses performed better than small and medium size businesses, with 58 percent removing access to data on or before the day of departure, compared to 56 percent of medium and 32 percent of small businesses.
Commenting on the changing economy and the impact this is having on the workforce Simon Hember, Group Business Development Director at Acumin Consulting – now part of the Red Snapper Group said, “As the economy picks up, we’re expecting big changes in the workforce this year. The IT sector alone is expected to see sixty-three percent of UK professionals looking to change jobs in 2016 (2). The movement in this department could result in increased security implications, with those responsible for controlling access to systems also in transition.”
Ilex International recommends five best practices for controlling account access and minimising the security risks of a shifting workforce:
- With employees and contractors constantly moving, it is crucial to shut down inactive accounts fast, along with removing any associated access rights. By closing dormant accounts, businesses are removing a possible entry point for cyber criminals.
- When it comes to security, there is no such thing as zero risk so it’s key for businesses to focus on protecting critical data. By being aware of what the most sensitive data is, companies can ensure it is available only on a need-to-know basis.
- Access to data should be closely tracked and audited to ensure only users who are meant to access critical data have permission to do so. Processes have to be in place if any anomalies occur.
- Companies should implement a strong Identity and Access Management solution. Identity and Access Management is the foundation of a secure system, enabling companies to easily identify and manage their user base and control who has access to their data.
- Companies can also minimise risks by educating employees on the importance of cyber security and the impact a breach can have. Lack of employee education was cited as a key reason for security breaches by 15 percent of respondents in the Breach Confidence Index. With the workforce constantly shifting, this has to be done on a regular basis in order to be efficient.
« Disgruntled employees or partners are unlikely to wait until a month after leaving to access confidential company information. Access is likely to be sought in a matter of days. The findings highlight the importance of having a system in place that helps close inactive accounts immediately. »Thierry Bettini, director of international strategy at Ilex International
Notes to editors
All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 530 IT decision makers. Fieldwork was undertaken from 6th – 12th August 2015. The survey was carried out online
1 Hays UK Salary and Recruiting Trends 2016: http://www.hays.co.ik/salary-guide/index.htm
2 Hays UK Salary and Recruiting Trends 2016: http://www.hays.co.uk/press-releases/it-sector-enjoys-large-salary-increases-in-2015—but-war-for-talent-to-intensify-pressure-on-employers-1532646