Around 40% of former employees still have access to a former employer's networks.
Employees have used passwords from a former employer after leaving the company, with many still actively accessing old accounts long after their departure.
According to a survey, commissioned by Password Manager and reported by SC US, 40% still use those credentials. In 60% of cases, former staff were able to log in because the credentials had never been changed, while others gained access through current employees or by simply guessing the password.
The findings highlight a troubling trend: many workers admitted to sharing passwords from their current employer, with 27% saying they had done so with people outside the company.
Despite the severity of these actions, most former employees reported never being caught, and 15% said they were still accessing company systems.
Gunnar Kallstrom, PeopleTec offensive cyber analyst, said: “A part of the offboarding process, all company access should be revoked from the former employee. If this does not happen, the company exposes itself to unnecessary risk. Some of the risks that the company accepts are the possibility of a former employee committing sabotage against the company.”
Also, two percent of respondents admitted they used old credentials in an attempt to disrupt company operations.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
