Access to data and systems by ex-employees? Half of SMEs in Germany cannot rule this out

October 10, 2022

Only four out of ten SMEs are sure that access to company data in the cloud is also no longer possible

Former employees can pose an additional IT security risk for SMEs in Germany, as the current Kaspersky SMB Cyber Resilience Report shows [1]. This is because only 41 percent of all company managers surveyed can rule out the possibility that former employees still have access to company data stored in the cloud, and only 46 percent are sure that ex-employees can really no longer use the accounts in the company.

While during the Corona pandemic almost half of all companies placed the highest value on retaining their staff [2], a third (29 percent) of SMEs in Germany are now thinking about cutting jobs to reduce costs, as the current Kaspersky study shows. In contrast, only 13 percent of the SMEs surveyed in Germany want to cut back on cybersecurity.

However, former employees pose a cybersecurity risk if their access to the network is not blocked after they leave the company. In Germany, about half (46 per cent) of SMEs cannot rule out the possibility that former employees still have access to digital resources. In this context, 44 percent of those surveyed worry that ex-employees could use company data such as customer lists for their own business. Another 42 per cent fear that information will migrate to new employers.

“Unauthorised access is a huge problem for all companies. If company data falls into the hands of competitors or is sold or deleted, it weakens the competitiveness of one’s own company,” explains Alexey Vovk, Head of Information Security at Kaspersky. “This problem becomes even greater when employees also actively use their own, so-called ‘shadow IT’, which has not been approved and is not controlled by the company’s IT department. When employees leave, such use must be brought under control. Otherwise, there are few ways to prevent/exclude former employees from accessing information on such applications.”

Kaspersky recommendations against unauthorised access and shadow IT
Both the number of employees with access to essential company data and the amount of data employees have access to should be kept to a minimum. The more employees have access, the greater the likelihood of data leakage and misuse.
Clear policies should be defined for access to corporate assets such as email boxes, shared file directories and online documents. Access must always be kept up to date and blocked accordingly when employees leave. The use of a security broker software helps to control and monitor cloud access and strengthens the company’s security policy.
Regularly create backups of essential company data that can be accessed quickly in an emergency.
There should be clear guidelines for the use of external services and resources so that all employees know which tools they may or may not use and why. Similarly, when software is changed, a precise procedure for its approval by the IT department or other responsible persons in the company must be defined.
Employees should use strong passwords – with a separate password for each service.
Conduct training such as Kaspersky Automated Security Awareness [3] to train employees to follow basic cyber security rules when handling passwords and emails.
Special security solutions such as Kaspersky Endpoint Security Cloud [4] make the cloud services used visible and protect them.
Further practical recommendations for action for corporate protection without additional costs are offered by “Kaspersky Cybersecurity on a Budget Hub”: https://www.kaspersky.com/blog/budget-cybersecurity/

Further results of the latest Kaspersky SMB Cyber Resilience Report are available at https://www.kaspersky.com/blog/smb-cyber-resilience-report-2022/.

[1] https://www.kaspersky.com/blog/smb-cyber-resilience-report-2022/
[2] https://www.kaspersky.com/about/press-releases/2021_backbone-of-the-business-amid-the-pandemic-43-of-smb-leaders-chose-to-keep-people-working-at-any-cost
[3] https://asap.kaspersky.com/de
[4] https://www.kaspersky.de/small-to-medium-business-security/cloud

Genetec

Related Articles

Belgium becomes football world champion, at least digitally

> The big digital check for the World Cup by nexum AG> Germany in 3rd place behind the Netherlands, but ahead of England, France and Spain In the next four weeks, the sporting world champion will be determined among the best football teams. But already today a winner...

Every fifth German open to e-prescription

Every fifth German open to e-prescription

Seniors over 65, however, are in favour of the completely analogue or predominantly analogue variantOne in five Germans would want to redeem a doctor's prescription exclusively digitally in future. Another 21 per cent would choose the digital option for the most part....

Stupid pupils cost the economy around 700 billion euros

Stupid pupils cost the economy around 700 billion euros

According to the ifo study, two-thirds of young people globally do not achieve basic skills Two-thirds of young people worldwide do not achieve basic skills that should be taught in school. This is according to a new study by the Ifo Institute (https://ifo.de). In...