News & Vacancies

Welcome to the Microtechs information portal. Here you can see the latest news and read through our current vacancies.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Login
    Login Login form

The Haunting Presence Of An Ex-Employee

Posted by on in Latest Microtechs news posts
  • Font size: Larger Smaller
  • Hits: 132
  • 0 Comments
  • Subscribe to this entry
  • Print

b2ap3_thumbnail_a-ghost-story.jpg

BY CLAIRE FLETCHER –  via Network Communication News

Expanding on our article on data breaches from ex-employees, Alvaro Hoyos, CISO at OneLogin discusses how businesses can solve the issue.

From recruiting the most talented employees, to ensuring accounts are in order and providing staff with the latest technological innovations, businesses across the globe work tirelessly every day to strive for success. Lurking behind every policy, best practice and guideline, however, is a world that often gets neglected. What happens when someone leaves the company?

Of course, in an ideal world, businesses recruit a capable replacement, tie up any loose ends on a project they were previously working on, and of course, throw a leaving party to ensure both the employee and business can part ways on the best of terms.  Sadly, we do not live in an ideal world and, on occasion, an employee’s departure isn’t quite so clean cut and can cause issues months after they have left the company. This begs the question, are organisations doing everything in their power to make sure a soon-to-be ex (employee) does not walk out the door with access to everything the business holds dear?

Former employees are not always your friends

We have all seen the hugely damaging actions that former employees can inflict upon businesses. One such example is a huge data breach experienced by OFCOM, when they discovered that a former employee had downloaded and shared over six years’ worth of data with their new employer, which happened to be a major broadcaster.

Luckily for OFCOM, the broadcaster in question chose not to exploit the data and alerted OFCOM to the stolen information. Shockingly, the latest research from OneLogin shows that despite the threat of former employees, more than half (58%) still have access to the corporate network once they have left an organisation and almost a quarter of businesses (24%) experience data breaches due to the action of ex-employees.

The OFCOM data breach could have been catastrophic if it had have been used by a competitor, not to mention the potential damage to brand reputation. Similarly, businesses must also consider that when the European Union’s General Data Protection Regulation (GDPR) comes into effect in 2018, UK firms could face a penalty of up to 2% of their annual worldwide revenue, or €10 million, whichever is higher, enoughto leave an organisation with financial difficulties. Of course, there are scenarios where organisations have not been as lucky as OFCOM.

In fact, Marriott Hotels experienced the full force of a disgruntled former employee in 2016. According to court documents, a former Marriott employee was fired from the company in August 2016, and was told not to access the company’s internal systems.

However, despite this warning, the former employee accessed Marriott’s reservation system from the comfort of their home, slashing room rates down from $159-$499 to $12-$59. This particular breach cost Marriott $50,000. Mariott, however, isn’t the only organisation to have left themselves open to disgruntled ex-employees. In fact, 28% of former employee’s accounts remain active for longer than a month.

HR & IT must collaborate and take accountability

A former employees’ word is not enough. HR and IT must work together to avoid situations such as this and it doesn’t have to be difficult or time intensive. Automated processes can be used to deprovision all access to corporate accounts within minutes of an employee’s contract being terminated to protect valuable corporate data. There are tools available to ensure that once an employee has logged off for the final time they are locked out from that moment onwards.

OneLogin’s research revealed that only half of UK businesses use automated de-provisioning technology to ensure this happens. In addition, 45 per cent of businesses don’t use a Security and Information Manager (SIEM) to check for application use by former employees, leaving vital corporate data exposed to potential leaks. Businesses revoke a former employees’ means of physically getting into the office, so it is essential that their digital access is also revoked on departure.

Stick to the solution

It is crucial that businesses wake up and acknowledge that former employees exploiting corporate access is a problem and yes, it could happen to any company. It is clearly not enough to rely on the goodwill of ex-employees, however trustworthy they may appear to be. With so much at stake, are organisations really willing to leave the key to the business’ most precious assets in their hands? Quite frankly, there is no reason to.

Some employees leaving an organisation don’t have many loyalties to their previous employer, no matter how amicable their departure was, meaning security risks are highly likely. Therefore, it is imperative that deprovisioning employees’ corporate access on their last day is an absolute priority. Companies need to use the right tools to ensure this happens. These include:

Automated syncing of HR directories such as Workday, UltiPro, and Namely, which are the source of truth for employee status, and IT directories such as Active Directory and LDAP, which often control access to applications.

Automated deprovisioning of employees from applications that have an application programming interface (API) for user management. Most “birth right” applications that are widely used in companies, such as Office365 and G Suite, have these APIs.

Automatic checklist generation for IT admins, to ensure that they manually deprovision all ex-employees from all apps. Most applications don’t yet have an automated deprovisioning API and require manual intervention from IT.

Application access events sent to SIEM systems, to double-check that no ex-employees are accessing applications.

IT and HR can work collaboratively to fully deprovision all employees. If these steps are carried out correctly, a business can be safe in the knowledge that precautionary measures have been taken to protect confidential data from a departing employee.

http://networkcommunicationsnews.co.uk/2017/08/haunting-presence-ex-employee/

Microtechs 24/7/365 White label Technical Helpdesk

In today's world, a rock solid IT infrastructure is key to every successful business. At Microtechs we have the experience and resource to ensure your company has the support it needs 24 hours a day, 7 days a week, 365 days a year. We are able to provide an immediate response from our state of the art Technical Operations Centre which is based in the heart of Surrey.

With our rapidly expanding team, all specifically trained, working 24/7/365, we are able to provide excellent customer service and technical support. All of our services are available completely white labelled, ensuring a seamless extension to your company.

Through our services you are able to extend your hours to 24/7 or simply use us as an over flow assistant during office hours. This is all tailored to your business needs.  

How does Outsourcing your helpdesk benefit your business?

1.       It reduces your staffing costs. Why hire another member of staff, if you can outsource all of your calls for less? We are normally between 25-50% cheaper than an in-house option.

2.       It expands your opening hours. We have a technical operations centre which is open 24/7/365.

3.       It will improve your customer experience. Are you taking multiple calls from clients, but can’t get back to them as quick as you would like? Well now you have a team of 30 staff taking your support calls for you. Have an important meetings? No problem, your helpdesk has your back.

We work with over 60 IT & Telecoms Businesses who trust us to deal day to day with their clients.

Feel free to call our friendly solutions team, who will be happy to discuss further and help tailor a solution to you.

 

Call us now on 01483 407417

0

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest
Guest Tuesday, 19 September 2017

DID YOU KNOW?

We help over 14,000 customers a month through our IT support centre in Guildford, Surrey

Microtechs monitor over 10,000 servers, access points and routers 24 hours a day, 7 days a week and answer well over 14,000 support calls a month.

Each and every client is just as important to us, whether you have 1 or 5000 computers or users. Our exceptional team provides the highest level of service to every single caller.

 

CONTACT US

Our business truly is 24/7, We operate entirely out of this office using our own staff.

Microtechs Head Office

Microtechs Ltd
Sussex House
11 The Pines
Broad Street
Guildford
GU3 3BH  

T: +44 (0) 1483 407400
Einfo@microtechs.co.uk

Alternatively, please use our Contact Us Form

 

WE'RE TWEETING

OUR COMPANY

Our Commitment to you

We are family run with all of our business based within the UK. We will only ever use UK staff and offices to provide our products and services to you.

Microtechs provide a variety of outsourcing solutions for individuals and businesses, whether its for 24/7 Helpdesk Services, Nationwide Engineer Coverage or IT Support.

button