Sometimes, hell has no fury like a fired employee. There have been instances where a disgruntled employee who was let go from a job, uses the access they still have on the company’s website or network to do damage. In fact, considering that nearly 58% of ex-employees still have access to their former IT department, it is amazing that more bad things don’t happen. However, according to OneLogin, around a quarter of businesses do experience data breach of some sort, from former employees. Whether it was intentional or not is beside the point. The bottom line is that people should not have access to information that they are not entitled to, whether employed or not.
This is why laws and regulations have been put into place. An example of this is the penalty that was put in place by General Data Protection Regulation or GDPR, by the European Union, to protect employers from stolen data. The fine has been set at 10 million euros or 2% of the companies revenue if they are caught using stolen data provided by a former employee. The law is set to come into effect next year. One of the reasons why this law is being put into place is because of an incident that happened to a company called OFCOM. They hired a person who brought along stolen data, which he got from his former employee, and was caught trying to pass it to his new employers.
The silver lining to all of this is that it does not need to be this way. However, it will take responsibility from the IT and HR department to accomplish anything. There are automated processes available where an employee’s account can be closed within minutes of his termination. This type of lockout capability has been around for some time. Now, companies just need to use it. What needs to be taken away from all this is that former employees rarely have a sense of loyalty towards their former employers. The onus is on the IT and HR department to make sure a former employee does not have access, by taking necessary steps.