Osterman
Research shares why your ex-employees could be your next big security threat
What happens when an employee leaves
your company? If you're like many small and medium-sized businesses, you'll
collect their laptops and IDs and then quickly work towards filling the newly
vacant position. But if you're not thinking about the IT access they're
bringing with them, then your company is at risk.
We sat down with Michael Osterman of
Osterman Research to shed some light on this issue. Below are a few highlights
from our conversation:
Q.
How big of an issue is this for organizations?
A. It's
a fairly serious one. And it's fairly under the radar. You don't see a lot
about this in the trade press. It's the kind of thing that people understand intellectually,
but they really haven't done much about, because this hasn't been a priority
for them.
I think this report is going to help
to shake some things up and hopefully, make people more aware of the kinds of
issues they face by not managing these applications well enough. This really is
one of the real implications of BYOD that a lot of organizations just have not
considered yet.
Q.
What are the ramifications of 'rogue access', particularly for SMB's?
A. First
and foremost, if you have sensitive or confidential data stored in Dropbox or
Google Drive or any of the other personal employee accounts, you potentially
run afoul of data breach notification laws. This data is now accessible by
someone in another company. That means, in many cases, you have violated the
data breach notification requirement that requires you to protect that consumer
financial data or protected health information from unauthorized parties. And
certainly, an ex-employee would be an unauthorized party.
Another implication is gaining
access to that data. If you ever have to go through e-discovery or some sort of
regulatory audit, or if you just want to bring it all back in house, it's much
more difficult to do because now you've got all this access in a variety of
repositories that other people in other companies also have access to.
And it means that you potentially
could have spoliation of data: that an employee could then delete your
information in their account. It might be information you need for a lawsuit or
just want to have in-house, and now you don't have it anymore simply because an
employee has intentionally or inadvertently deleted it.
Q. Why aren't SMB's doing more to address this
issue?
A. It's
not a really visible issue. For example, people will employ Dropbox or other
applications, because they want to work at home or have files available to them
while they are traveling and so forth. And in SMBs that don't really have an IT
department or a full-time IT person, someone might implement this IT technology
for the good of the company and the good of their own job.
Organizations really don't have
policies around this. They don't have best practices. They allow these things
to grow organically. And they're all done, in the vast majority of cases, for
good purposes. But the problem is they turn into this ugly, unwieldy monster
after a time that nobody really has control over.
Visit our website for more information and
view our IT product offerings & pricing
Join us on as we delve
into file sharing and learn how you can save big by
replacing your File Servers with ShareSync. and
explore the hidden costs to avoid. www.valiant-gs.com