Only four out of ten SMEs are sure that access to company data in the cloud is also no longer possible
Former employees can pose an additional IT security risk for SMEs in Germany, as the current Kaspersky SMB Cyber Resilience Report shows . This is because only 41 percent of all company managers surveyed can rule out the possibility that former employees still have access to company data stored in the cloud, and only 46 percent are sure that ex-employees can really no longer use the accounts in the company.
While during the Corona pandemic almost half of all companies placed the highest value on retaining their staff , a third (29 percent) of SMEs in Germany are now thinking about cutting jobs to reduce costs, as the current Kaspersky study shows. In contrast, only 13 percent of the SMEs surveyed in Germany want to cut back on cybersecurity.
However, former employees pose a cybersecurity risk if their access to the network is not blocked after they leave the company. In Germany, about half (46 per cent) of SMEs cannot rule out the possibility that former employees still have access to digital resources. In this context, 44 percent of those surveyed worry that ex-employees could use company data such as customer lists for their own business. Another 42 per cent fear that information will migrate to new employers.
“Unauthorised access is a huge problem for all companies. If company data falls into the hands of competitors or is sold or deleted, it weakens the competitiveness of one’s own company,” explains Alexey Vovk, Head of Information Security at Kaspersky. “This problem becomes even greater when employees also actively use their own, so-called ‘shadow IT’, which has not been approved and is not controlled by the company’s IT department. When employees leave, such use must be brought under control. Otherwise, there are few ways to prevent/exclude former employees from accessing information on such applications.”
Kaspersky recommendations against unauthorised access and shadow IT
Both the number of employees with access to essential company data and the amount of data employees have access to should be kept to a minimum. The more employees have access, the greater the likelihood of data leakage and misuse.
Clear policies should be defined for access to corporate assets such as email boxes, shared file directories and online documents. Access must always be kept up to date and blocked accordingly when employees leave. The use of a security broker software helps to control and monitor cloud access and strengthens the company’s security policy.
Regularly create backups of essential company data that can be accessed quickly in an emergency.
There should be clear guidelines for the use of external services and resources so that all employees know which tools they may or may not use and why. Similarly, when software is changed, a precise procedure for its approval by the IT department or other responsible persons in the company must be defined.
Employees should use strong passwords – with a separate password for each service.
Conduct training such as Kaspersky Automated Security Awareness  to train employees to follow basic cyber security rules when handling passwords and emails.
Special security solutions such as Kaspersky Endpoint Security Cloud  make the cloud services used visible and protect them.
Further practical recommendations for action for corporate protection without additional costs are offered by “Kaspersky Cybersecurity on a Budget Hub”: https://www.kaspersky.com/blog/budget-cybersecurity/
Further results of the latest Kaspersky SMB Cyber Resilience Report are available at https://www.kaspersky.com/blog/smb-cyber-resilience-report-2022/.