A concerning number of organizations are failing to properly offboard employees, particularly in regards to passwords. In March, a survey conducted by PasswordManager.com of 1,000 US workers who had access to company passwords at their previous jobs found that 47% of respondents admitted to using them after leaving the company. Security teams should be revoking access to all employee accounts, such as email, cloud applications, and internal tools, after employees leave.
For accounts or services where multiple employees share passwords, those passwords should be changed to ensure former employees no longer have access. The survey found that 58% of respondents were still able to use their former company’s passwords after they left. Disturbingly, one in three respondents said they had been using the passwords for over two years, highlighting the need for organizations to be aware of who is accessing their accounts and services. “Ideally, the company creates standard operating procedures or consistent schedules of updating passwords based on criticality,” says Daniel Farber Huang, Head of Privacy and Cybersecurity at PasswordManager.com.
Go to Source
Author: Dark Reading Staff, Dark Reading
