Do Your Former Employees Pose a Data Security Risk?

People who terminate their employment usually do so in order to leave the company for good. However, in our digital age, leaving is often more complicated. In recent years, various surveys have investigated whether and how former employees gain access to the digital environment of their former employer. The results are alarming and show that there is a need for action in many companies.

  #Security Awareness   #Security Risk Assessment   #Security Strategy Architecture  
Markus Kaegi
+41 58 510 16 98

Past employees who roam in the digital spheres of their former employers do not always result in spectacular hacks or data theft. Nevertheless, there is a significant security risk. In some cases, such unauthorized digital forays have led to global headlines. For example, in the case of the American SunTrust Banks; the company lost the personal data of one and a half million customers three years ago.[i] The perpetrator: a disgruntled former employee. Into the same category belonged the culprit who deleted the servers of a Dutch Internet provider after accessing their customer database[ii]. A former IT administrator of the American IC manufacturer Allegro also caused great damage - due to his previous position he was able to delete data in the financial department, so that the company's annual report could not be compiled in due time[iii].


24 percent retain a password after termination

The latest study on offboarding by security firm Beyond Identity shows[iv] that in 1000 companies surveyed (in the Anglo-Saxon world) 83 percent of respondents still access their accounts at their former employer after leaving a company. 24 percent of respondents admitted to intentionally retaining a password after leaving the company. As a result, nearly three-quarters of employers said they have already been negatively impacted by such activity. In an earlier survey of 500 IT decision-makers by security firm OneLogin, just half said they were “very confident” that their former employees would not have access to their company's IT systems. And 20 percent of the companies surveyed admitted that their company's data security had been breached by former employees[v]. This is not surprising when the disengagement process of these employees is taken into account. The Beyond Identity study determined that in ten percent of all cases, it was a colleague who carried out the exit formalities. Only nine percent of respondents had an IT specialist involved in the exit process. Only half of respondents were asked to return company devices upon leaving; more than half never returned their digital keys, and only one-third deleted their employee accounts.


Trust, but verify

The reasons for protecting company data from employees who no longer have anything to do with the company are evident - quite apart from the fact that it can have catastrophic consequences for a company if, for example, its customer data is stolen. After all, data protection is the responsibility of every company.

So how can you protect your data in such a situation? Of course, for starters, it is useful (although not always easy) to hire only trustworthy people. Therefore, the motto «trust, but verify» applies here as well.


Access only for those who need it

Create access rules and grant data access only to those employees who need it for their work. Inform new employees in your company that they must hand over all devices and delete access data in case they exit the company. A confidentiality agreement that remains in effect after leaving the company can also be part of the employment contract. On the technical side, it's easy to set up a system that tracks all employees' user access to company data and lets you deactivate it in an emergency. In any case, if an employee leaves the company, relevant accounts should be deactivated as soon as possible. In case of a dismissal, it may make sense to perform this deactivation even before the official termination. It is important to tick off these data protection aspects in a final discussion. This includes an IT manager identifying and deactivating the various existing access points and also ensuring that all company devices are handed in.  


Cybersecurity is an integrated discipline

Risk factors described above, as well as the fact that hybrid workforces today are able to access resources from anywhere, call for a new approach to identity and access management[vi]. SecurID, the identity platform from global identity specialist RSA, can help you adopt best practices for granting access and account privileges. SecurID MFA offers a full range of modern authentication methods for secure access to data and applications as well as resources in the cloud. Multifactor authentication is critical to reduce the risk of access-based attacks[vii]. SecurID and UMB can help you achieve this goal. UMB is an RSA Secureworld Titanium Partner. At UMB, we view cybersecurity as an integrated discipline across the IT landscape and understand the challenges of a rapidly changing world. At UMB, cybersecurity is not viewed in isolation, but as part of IT, workplace and digitization concepts. Please contact us if you would like to know more.


[i] SunTrust Banks ex-employee may have stolen 1.5 million customer records | ZDNet

[ii] Dutch web host Verelox suffers huge outage after ex-employee deletes all customer data (

[iii] IT administrator set 'time bomb' malware to torpedo ex-employer's year-end audit (

[iv] Survey: The Great Resignation’s Impact on Company Security | Beyond Identity

[v] Why ex-employees may be your company's biggest cyberthreat | TechRepublic

[vi] Identity Management: What You Know. What You Have. Who You Are. (

[vii] Resources (