Access to data and systems by ex-employees? Half of SMEs in Germany cannot rule this out

October 10, 2022

Only four out of ten SMEs are sure that access to company data in the cloud is also no longer possible

Former employees can pose an additional IT security risk for SMEs in Germany, as the current Kaspersky SMB Cyber Resilience Report shows [1]. This is because only 41 percent of all company managers surveyed can rule out the possibility that former employees still have access to company data stored in the cloud, and only 46 percent are sure that ex-employees can really no longer use the accounts in the company.

While during the Corona pandemic almost half of all companies placed the highest value on retaining their staff [2], a third (29 percent) of SMEs in Germany are now thinking about cutting jobs to reduce costs, as the current Kaspersky study shows. In contrast, only 13 percent of the SMEs surveyed in Germany want to cut back on cybersecurity.

However, former employees pose a cybersecurity risk if their access to the network is not blocked after they leave the company. In Germany, about half (46 per cent) of SMEs cannot rule out the possibility that former employees still have access to digital resources. In this context, 44 percent of those surveyed worry that ex-employees could use company data such as customer lists for their own business. Another 42 per cent fear that information will migrate to new employers.

“Unauthorised access is a huge problem for all companies. If company data falls into the hands of competitors or is sold or deleted, it weakens the competitiveness of one’s own company,” explains Alexey Vovk, Head of Information Security at Kaspersky. “This problem becomes even greater when employees also actively use their own, so-called ‘shadow IT’, which has not been approved and is not controlled by the company’s IT department. When employees leave, such use must be brought under control. Otherwise, there are few ways to prevent/exclude former employees from accessing information on such applications.”

Kaspersky recommendations against unauthorised access and shadow IT
Both the number of employees with access to essential company data and the amount of data employees have access to should be kept to a minimum. The more employees have access, the greater the likelihood of data leakage and misuse.
Clear policies should be defined for access to corporate assets such as email boxes, shared file directories and online documents. Access must always be kept up to date and blocked accordingly when employees leave. The use of a security broker software helps to control and monitor cloud access and strengthens the company’s security policy.
Regularly create backups of essential company data that can be accessed quickly in an emergency.
There should be clear guidelines for the use of external services and resources so that all employees know which tools they may or may not use and why. Similarly, when software is changed, a precise procedure for its approval by the IT department or other responsible persons in the company must be defined.
Employees should use strong passwords – with a separate password for each service.
Conduct training such as Kaspersky Automated Security Awareness [3] to train employees to follow basic cyber security rules when handling passwords and emails.
Special security solutions such as Kaspersky Endpoint Security Cloud [4] make the cloud services used visible and protect them.
Further practical recommendations for action for corporate protection without additional costs are offered by “Kaspersky Cybersecurity on a Budget Hub”:

Further results of the latest Kaspersky SMB Cyber Resilience Report are available at


Related Articles

Bitkom awards 15 new smart schools

Bitkom awards 15 new smart schools

Total network grows to 116 pioneering schools for digital education Green Smart Schools also awarded for digitalisation and sustainability for the first time Digital school and teaching concepts, a fast and reliable digital infrastructure, teachers with digital...

One in two fears misuse of their personal data

One in two fears misuse of their personal data

ESET survey sheds light on internet users' biggest concerns and their protective measures Identity theft and misuse of personal data are the biggest concerns for almost half of internet users, according to a representative ESET survey. In second and third place come...

100 Years of Hyperinflation: the 100,000,000,000 Mark Banknote

100 Years of Hyperinflation: the 100,000,000,000 Mark Banknote

Extreme devaluation of money 100 years ago in the German Reich Highest banknote put into circulation was worth 100 trillion marks Fourfold increase in staff at the Reichsdruckerei, the predecessor of the Bundesdruckerei Additional land and buildings rented for the...

Share This