Does your business have the proper process in place for onboarding new employees, modifying employee access, or terminating access when an employee leaves a company? In this TNtv Alert, Sales Director, Chris Montgomery reviews the results of a survey of IT professionals from Ivanti, and he discusses how to ensure your process is streamlined and completed in a timely manner.
My name is Chris Montgomery and welcome to this TN Alert a recent survey of IT professionals conducted by it firm, Ivanti has revealed access rights digital resources are not always terminated promptly when employees change roles or leave the company.
The latter is especially disconcerting as there is a high risk of data theft and sabotage of company systems by former employees. There have been many reported cases of former employees taken sensitive data to new employers and conducting malicious attacks and cases of termination.
What they found is that while the policies and procedures have been established to cover the entire process, there are typically issues with onboarding new employees, modifying permissions, and terminating access rights. Regarding new employee onboards. It was found that 85 percent of employees said they did not have access to all the resources they needed to complete their job duties when they first joined the company. This was corroborated by those surveyed with 38% saying it takes an average of two to four days to fully onboard new hires and 27% saying it takes more than a week. A larger concern from a security and compliance perspective is the modification of access rights to data and resources and even though legislation, such as HIPAA calls for prompt changes to be made to prevent unauthorized data access, access right changes are slow to be applied, if they are applied at all.
This is supported by the fact that only 55 percent of respondents were confident that access to unnecessary resources was removed when an employee’s role in the organization changed. It was also found that over 25 percent of IT professionals say its typically takes over a week to fully remove or disable an employee when they leave the company and only half we're confident that access to critical systems and data had been blocked for the most recent employee to leave the organization. Taking a step further, when asked if they knew someone who still had access to a former employer systems or data over fifty percent said yes. This presents a significant risk, including but not limited to data leakage, cyber attacks through an unmanaged account, and malicious data theft.
When asked about the reasons for the onboarding amending and off-boarding issues, the main issue was poorly defined processes with other reasons including issues with automation or lack of resources. Some ways to prevent this include speaking with your IT provider and making sure you have a plan for both on-boarding and off-boarding your employees to ensure there's a level of accountability and documentation around this process. This would include documentation on standard new user workstation requirements, as well as a process to disable or delete users when they leave the organization. The best way you can address these concerns is to partner with professional IT provider that can supply this documentation and information, as well as best practices for new user on-boarding and off-boarding.
If you would like more information on how ThrottleNet can address challenges around on-boarding new users or removing those that have left the organization check us out at ThrottleNet.com or call us today.