Stricter security controls needed as over half UK workforce search for new job
Ilex International has urged businesses to put strict security controls in place in preparation for the year, ahead of mass staff migration. Research shows that over half (59%) of the UK workforce is actively looking for a new job in 2016.
The company says its report, ‘Staff migration: The security impact to businesses’, emphasises the importance of controlling access to systems and sensitive data especially when employees leave.
The movement among the UK workforce could result in serious security implications for businesses, according to Ilex International. With 39% of large businesses taking up to a month to close dormant accounts, businesses are leaving the door open to opportunistic hackers and disgruntled former employees. Large businesses performed better than small and medium size businesses, with 58% removing access to data on or before the day of departure, compared to 56% of medium and 32% of small businesses.
Simon Hember, group business development director at Acumin Consulting, said, “As the economy picks up, we’re expecting big changes in the workforce this year. The IT sector alone is expected to see 63% of UK professionals looking to change jobs in 2016. The movement in this department could result in increased security implications, with those responsible for controlling access to systems also in transition.”
Ilex International recommends five best practices for controlling account access and minimising the security risks of a shifting workforce:
1. With employees and contractors constantly moving, it is crucial to shut down inactive accounts fast, along with removing any associated access rights. By closing dormant accounts, businesses are removing a possible entry point for cyber criminals.
2. When it comes to security, there is no such thing as zero risk so it’s key for businesses to focus on protecting critical data. By being aware of what the most sensitive data is, companies can ensure it is available only on a need-to-know basis.
3. Access to data should be closely tracked and audited to ensure only users who are meant to access critical data have permission to do so. Processes have to be in place if any anomalies occur.
4. Companies should implement a strong Identity and Access Management solution. Identity and Access Management is the foundation of a secure system, enabling companies to easily identify and manage their user base and control who has access to their data.
5. Companies can also minimise risks by educating employees on the importance of cyber security and the impact a breach can have. Lack of employee education was cited as a key reason for security breaches by 15% of respondents in the Breach Confidence Index. With the workforce constantly shifting, this has to be done on a regular basis in order to be efficient.
Thierry Bettini, director of international strategy at Ilex International, warned, “Disgruntled employees or partners are unlikely to wait until a month after leaving to access confidential company information. Access is likely to be sought in a matter of days.
“The findings highlight the importance of having a system in place that helps close inactive accounts immediately”.