A new report reveals managing the employee exit process is as crucial as welcoming new hires
Offboarding strategies are in the spotlight after a new report found that some former employees can still access their old work accounts after leaving their employer.
A recent poll from PasswordManager.com revealed that 40% of full-time U.S. employees are using login credentials from a previous employer to access accounts, tools, and services.
Among them, 15% are still actively using these credentials to this day, while 40% said they had been doing so for a year.
According to the report, 53% of employees who access accounts from a former employer said they did so to save money, with 34% saying they were able to save $50 to $100 a month.
Six in 10 of these employees said they were able to access their former work accounts because their employer never changed the password.
The majority of these respondents said they had never been caught. In fact, 17% even said a former employer reached out to them because they forgot a password.
Poor offboarding risks
Gunnar Kallstrom, information systems and cybersecurity expert, warned organisations that they put themselves at risk for not properly offboarding an employee.
"As part of the offboarding process, all company access should be revoked from the former employee. If this does not happen, the company exposes itself to unnecessary risk," Kallstrom said in a statement.
One of the risks that he pointed out includes a former employee potentially "committing sabotage" to a company, which two per cent of the survey's respondents cited as their motivation.
In Singapore, an employee who was disgruntled after being terminated accessed and deleted the virtual servers of his former employer, leading to over two years of jail time.
"Some additional risks are data breaches, intellectual property theft, financial loss, disruption of operations, and reputational damage," Kallstrom said.
"As far as the risks to individuals, they include legal consequences, accidental misuse, and exposure to liability."
Credential sharing widespread
Meanwhile, the report indicates that the problem extends beyond inadequate offboarding practices, highlighting the prevalence of widespread credential sharing among employees.
More than a quarter of respondents (28%) who admitted to accessing their former work accounts said they were able to do so because a current employee shared the password with them.
The report further found that 27% of employees share their current employer's passwords with someone outside the organisation.
Of those who share passwords, 45% said they do so because the other person assists them with work, while 33% said it was to help someone save money.
"To curb credential sharing, companies should require employees to sign an Acceptable Use Policy and undergo regular security awareness training," Kallstrom said.
"Beyond that, it's critical for companies to implement Role-Based Access Controls, enforce robust Identity and Access Management protocols, apply multi-factor authentication, and clearly define and enforce access policies."
