Sacked staff turn to sabotage
IT departments that fail to revoke access rights to critical systemsrisk exposing their firms to security breaches by former employees,according to new research.
Link: Scrutinise staff to protect against fraud
More than half the UK workforce would be prepared to seek revenge on former employers by exploiting continued access to corporate systems if they were unhappy at losing their job, according to research by software vendor Novell.
Security experts said this shows the importance of having good policies in place to deal with staff leaving and to provide legal protection.
Half of those questioned said they would continue to access the corporate IT network and 55% would continue to use their company laptop if it was not taken back, according to the research. More worryingly, 6% said they would delete important files and four percent would let a virus loose in the corporate email system.
Sixty-seven percent said they would be prepared to take sensitive information that would help in their next job, and 38% said they would steal company leads. Fifty-eight percent would continue to use company mobile phones if they were not taken back. It is estimated that this practice costs UK industry more than £1m a week.
According to the Department of Trade and Industry, not even a third of UKfirms have the security policies necessary to ensure that staff access tocompany resources is terminated when they leave.
‘If an employee has permission to access a customer database, user policies must be worded very carefully,’ said Neil Barrett, technical director of security specialist Information Risk Management. ‘If access is properly specified the employee would no longer have the right to read the records, let alone take or change them.’