36% of ex-employees are breaking the computer misuse act

Companies are failing to revoke access when IT workers leave

Over a third of IT workers have admitted to accessing corporate systems after they have left a company, potentially breaching the Computer Misuse Act.

According to a survey carried out by Vason Bourne on behalf of Protected Networks, 49 per cent of those surveyed said they had retained access to their former employer's network after leaving the company. Of these, 75 per cent admitted continuing to access the corporate systems, sometimes repeatedly over the course of up to a year.

Furthermore, 57 per cent of businesses involved in the survey noticed that former IT employees still had access, but failed to take action to cut them off.

Keith Maskell, country manager at Protected Networks, criticised the "astonishingly liberal attitude of UK businesses to managing access to data on the corporate network" saying that this lax attitude creates "a serious vulnerability that can be exploited later by hackers".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

While this failure to properly manage access rights is a serious oversight on the part of businesses, those still accessing their ex-employer's systems may be breaking the law.

Frank Jennings, a lawyer and partner at Wallace LLP, told IT Pro: "The Computer Misuse Act 1990 ... prohibits unauthorised access to any program or data held in any computer and anyone convicted of this could be liable to pay a fine and could face up to two years in prison.

"If someone accesses their former employer's system with the knowledge or help of their new employer, that could give rise to liability for the new employer under the CMA."

Mark Taylor, a partner with law firm Osborne Clarke, agreed.

"Any criminal liability under the Act would sit primarily sits with the relevant individuals (and not their past employer)," Taylor said.

"However, if an individual is using such access for the benefit of a new employer or at their new employer's behest, then liability may also attach to them. Consequently, new employers should be careful that they are not encouraging or facilitating such access."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/policy-legislation/computer-misuse-act/354600/computer-misuse-act-putting-critical-uk
Computer Misuse Act

Computer Misuse Act 'putting critical UK infrastructure at risk'

22 Jan 2020
Visit/security/29068/is-your-company-taking-enough-accountability-on-cybersecurity
Security

Are you taking enough accountability on cyber security?

18 Dec 2019
Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/back-up/29084/how-to-enhance-your-backup-strategy
backup

How to enhance your backup strategy

10 Oct 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020