As high-profile ex-employee Dominic Cummings rages a very public war with his former boss, a new study has revealed that employers in the UK are exposing themselves to unnecessary security risks from ex-staff members.
According to the survey by Digital ID , the UK’s leading access control and security provider, just over a third of employers surveyed (mainly SMEs) (34%) admitted to never changing sensitive login and password details. Including for emails, cloud systems, building entry access codes and social media accounts. A further 23% said they only changed them once a year, even if there was a high turnover of staff.
A worrying statistic given that 1 in 5 of the past employees surveyed admitted to having tried to access old accounts to see if they could.
Only 45% of the employers interviewed said they had procedures in place to ensure all equipment, including staff ID badges, were returned when a person left the company.
And a quarter of the employees surveyed admitted to taking sensitive information like contact details, dates, price lists and plans for new products with them when they left a job.
“Our research indicates that lots of companies are leaving themselves wide open to all kinds of security breaches,” said Adam Bennett of Digital ID, the company behind the research.
“The UK has watched on aghast at Boris Johnson’s former aide Dominic Cummings’ attempts to take down his ex-boss. And celebrated in equal measure when a former HSBC cleaner posted a resignation letter shaming her boss for unfair treatment on social media, only for it to go viral.
“What these situations illustrate is that for many businesses, especially SMEs with inadequate security systems and HR procedures in place, ex-employees can pose a very real threat. Especially if they leave on bad terms.
“Nobody likes to think that a relationship will turn sour when they start out, but a quick internet search will reveal plenty of cases of rogue employees causing all kinds of havoc. And in the age of social media, crises can very quickly escalate. In many instances, it’s completely avoidable with the introduction of some simple security procedures.”
How to protect a business from an ex-employee
According to Digital ID, cyber security, access control, staff ID and visitor ID cards are the main security processes SMEs should review.
Adam Bennett shares some steps that employees can do to protect themselves.
- Start as you mean to go on – “Protection against an ex-employee actually starts from the moment you hire them. Contracts should be watertight with a confidentiality clause included. It’s wise to get proper legal advice on contracts of employment ahead anything being signed.”
- Get password savvy – “It’s really surprising how many companies have never changed their passwords and passcodes. We’d recommend this is done quarterly and at the very earliest convenience after a staff member leaves. It can be a pain, especially if there is a high staff turnover, but it certainly needs to be done more than once a year otherwise companies are leaving themselves open to security breaches.”
- Shut down access – “When an employee leaves the company, no matter how amicable, access control cards and credentials should be blocked immediately. Sounds like common sense, but again you’d be surprised how many employers don’t take this very simple action. Access cards can be set by a system administrator to work up until the employees’ last day, and this can be done way ahead of them actually leaving. It ensures there will be no issues once the employee has left.”
- Keep track of tech – “Tag and track staff equipment using systems such as MyTAG, which allows companies to monitor and track assets such as computer equipment and other expensive items. It’s great for protection and lets you know who is accountable for what at all times. So, for example, a disgruntled staff member who has “forgotten” about that really expensive piece of equipment can easily be tracked.”
- Allow them to air their views – “There is of course a HR side to managing an employee leaving. If somebody has a vendetta, it’s usually because they weren’t given adequate opportunity to air grievances during their employment. An exit interview is a formal way for them to ‘let off steam’ but in a professional setting. Any issues should then be dealt with appropriately. It’s wise for senior staff to also be trained in conflict resolution. Very often when employees leave on bad terms the issue could have been settled in a more positive way earlier in the chain of events.”
- Keep tabs on your online presence – “Finally, no matter how well managed their exit, some employees simply want revenge and it’s not unusual for that to take place publicly on social media channels or forums. Having in place, proper monitoring to watch out for mentions of your company name will help you to manage your reputation and deal with defamation in a timely manner.”