Major corporations face a significant cybersecurity risk, as they take up to a month to close inactive accounts, exposing themselves to potential threats for nearly a whole month.
In a recent survey, it was revealed that a significant number of large British businesses are slow to close dormant accounts of former employees, potentially increasing the risk of security breaches. More than a third (39%) of these businesses take between a few days and a month to terminate access, with 5% waiting up to a week.
The increasing number of temporary workers could exacerbate this issue, as the risk of security breaches rises with each additional employee. However, it's encouraging to note that only 32% of businesses lack appropriate policies and procedures to deal with insider threats.
On the other hand, small businesses seem to be even more lax in this regard, with immediate termination on or before the day of departure being less common (56%). Shutting down inactive accounts of former employees and contractors more quickly can help to control unwanted access to confidential data.
Despite the increasing cost of cyber security breaches, only 11% of the businesses surveyed in 2016 expected a data security breach. This number rose to 30% among large businesses, but surprisingly, only 6% of small businesses shared this concern.
The cost of cyber security breaches to the UK economy has roughly tripled over the last year, amounting to between £20 billion and 30 billion per year. Major companies in the United Kingdom that specifically implement rapid termination of access rights for former employees upon departure are not detailed in the available public data. However, adoption of strict data protection and access control measures consistent with GDPR compliance is common among large corporations, including firms like The Sage Group and Halma.
Thierry Bettini, director of international strategy at Ilex International, warned that disgruntled employees or partners are unlikely to wait a month to access confidential company information. A quarter (24%) of respondents from large businesses terminated access to dormant accounts 'a few days after departure', while 8% confessed to only removing access within a month.
Bettini emphasizes the need for greater awareness of the likelihood and consequences of security breaches. He also highlighted TalkTalk's latest incident, along with other mega breaches, as a wake-up call for businesses.
While minimizing risk of a security breach involves removing any associated access to confidential data, 40% of businesses have no systems in place to address the concern of insider threats. This underscores the need for businesses to prioritize data security and implement swift and effective measures to protect their sensitive information.
