Leaving Terminated Employee Accounts Active
I’ve been referencing a very important article about password habits that Keeper Security published in February 2021. It mentions that nearly one-third of employees surveyed admitted to using credentials from a former coworker. Personally, I chalk this up to the business and not the employees. When employees are terminated, whether they go on good or bad terms, they immediately go from being members of your team to outsiders who know a lot about your business. It is desperately important to make sure that these users’ access is revoked as quickly as possible. The best way to ensure this is to coordinate ahead of time with your IT team if the situation allows it.
There will always be exceptions, but the goal should be that the majority of the time someone leaves your organization, they leave with no access to any of your data. In the best of circumstances an employee who left on their own terms could accidentally access data that they should not, providing a way that data could potentially be lost. On the other side of the spectrum, a disgruntled ex-employee who isn’t happy about being let go could steal information and sell it, contact business partners or customers through their still-official work email and disparage your company and try to recruit them to a competitor, or any number of other things that could be detrimental to your business.
Regulated Sectors
If you work in a sector that is regulated, such as the medical profession (HIPAA), you could also have an obligation to remove the access of terminated employees. Soon we will be posting articles on some of the most relevant OCR rulings of the last few years, one of which has to do with a quarter million dollar fine and an unhappily unemployed person who decided to see if his credentials still worked at his old job a few days after being let go.
I highly recommend reading through the full article from Keeper Security and seeing all the statistics for yourself.
Thanks for taking the time to read my thoughts on securing passwords for your business. As always, if you feel like your organization needs help in this department, reach out to me! I’d love to discuss how Sterling Ideas could help your company thrive.