In-depth

Let's play IT security Buzzword Bingo

A report into the threats employees pose to data security has Davey Winder up in arms this week...

Exit doors

Many years ago I'd amuse myself by playing a game called Buzzword Bingo. Each week someone in my IT security professional network of friends would distribute a bingo card laid out with the most outrageous ITSec lingo of the time.

If a press release, research document or even telephone conversation with a client included any of those words, I'd cross them off. Prizes, generally beer-shaped ones, were awarded for four corners or a line.

If I were still playing today, I would be well on my way to a full house this week, having overheard phrases such as offboarding, deprovisioning, rogue access, exit interviews and user lifecycle management. Can you tell what I've been researching yet?

No, I'm not surprised. So let me help you by revealing all. The reason for this myriad of management speak is a report which looked at the threat to enterprise data from former employees.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The problem is one that could hit smaller businesses hardest, as they are less likely to have the same kind of rigorous controls in place when it comes to changing application logins.

According to the survey by Osterman Research (commissioned by hosting firm Intermedia), 89 per cent of employees retained access to applications such as PayPal and Salesforce after leaving an organisation, which was described by the Intermedia spokesperson who contacted me as "posing a big threat".

Well, you don't say? Furthermore, over half of those ex-employees actually logged in after leaving the firm.

Am I allowed to say WTF at this point? Seriously, it's enough to make me think there's almost no point being an IT security consultant any longer if enterprises are making this kind of rookie error. Of course, I say almost as I am kept in business courtesy of this ridiculous lack of secure thinking. What's really amazing is these organisations are going out of business for the same reason.

Offboarding may be a silly word, and one that sounds like it has something to do with spooks interviewing suspected terrorists, but it describes a very serious weapon in the enterprise security armoury: access revocation.

When the organisations questioned admitted the number of ex-employees retaining access to confidential information was 45 per cent, you get an idea of just how important an exit interview can be.

Advertisement - Article continues below

Yep, the admin guys should be revoking access rights as a matter of course, that goes without saying, but it does seem that a reminder to departing employees about the legality of popping back in for a nosey, or to store data, as 68 per cent were doing, might be in order as well.

The problem is one that could hit smaller businesses hardest, as they are less likely to have the same kind of rigorous controls in place when it comes to changing application logins.

Some 60 per cent of respondents said they were not asked for cloud logins when they left their companies. It's not like these people even have to be malicious to do damage, just storing something inappropriate on company servers could be enough.

C'mon people, get with the offboarding exit interview user lifecycle program. House!

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/29068/is-your-company-taking-enough-accountability-on-cybersecurity
Security

Are you taking enough accountability on cyber security?

18 Dec 2019
Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/back-up/29084/how-to-enhance-your-backup-strategy
backup

How to enhance your backup strategy

10 Oct 2019
Visit/data-loss-prevention/28864/data-recovery-why-is-it-so-important
data recovery

Data recovery: Why is it so important?

9 Oct 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020