In a recent survey of 379 former employees by Intermedia and Osterman Research found that 89% of them still had access to their former employers Salesforce, PayPal, email, SharePoint, Facebook, and other accounts, and 60% of them were not asked for their Internet logins when they quit, 45% retained access to confidential employer data, and 49% logged in to company accounts after leaving their employer.
And who knows what went out the door on that USB flash drive…
This points to a critical gap in company security policy. When an employee resigns, it it important to cancel their login credentials to the network, and resources such as VPNs and servers, and cloud based services that the employer may be using to run their business. It is also important to avoid using a single “shared” password that multiple employees use, as it becomes difficult or impossible to change these passwords when one employee leaves the firm.
This is an area where having a written policy that details what company assets need to be returned (keys, laptop, phone, etc.) and what user credentials need to be disabled, retired, or at least have the password changed.