Survey: Nearly 50% Of Former Employees Have Hacked Their Company Accounts
Experts predict cyberattacks against small businesses are expected to grow this year. That makes it an issue entrepreneurs need to be aware of and should take action to help combat.
This report reveals that 43% of such attacks focus on small businesses. Simultaneously, research shows that the concern is a big deal for several reasons. They include that breaches can become a very expensive problem for small and medium-sized businesses to fix without the resources of larger companies. It can also create a loss of productivity, hurt customer relationships, and even lead to business closure.
According to this, a surge in cybercrime is expected to boost spending on cybersecurity products and services to a whopping $1.75 trillion between 2021 and 2025.
And now, new details show that many companies do not take sufficient preventive measures to shield their establishments from former employees hacking their accounts.
Last month, a survey of 1,000 U.S. employees by PasswordManager.com found that 47% admitted using employers’ passwords after departing. Over 1 in 4 are using passwords to access paid subscriptions; only 1 in 7 declare they have been caught using former company passwords.
Some 10% say they used past employers’ passwords to disrupt company activities. And 56% reported they could access the accounts because passwords had not changed since their departure. Another 44% stated an existing employee provided them with the passwords.
Daniel Farber Huang, CEO of the EchoStream Group, a strategic consulting firm specializing in privacy issues, shared with Black Enterprise how small businesses, including Black businesses, can be especially vulnerable to misuse of passwords by ex-employees. The unauthorized activity can occur in many ways, including via email and subscriptions.
As such, he says business owners need to think about managing potential risks. For instance, if a former employee is using a former company’s paid service, they are, at a minimum, subject to incremental costs that the company incurs. If there are per-user license fees a former employee takes advantage of, then the company is impacted directly, even in insignificant amounts.
“Alternatively, if an ex-employee is maliciously trying to hurt the company, that’s a whole other scenario that can have frustrating, expensive, or even devastating impacts to business owners.”
He noted that employees at smaller companies commonly have a wide range of responsibilities, meaning a person may have access to multiple systems or information sources. He suggests that business owners at least should communicate clearly and in writing to their employees what proper standard of conduct the firm expects of everyone about cybersecurity, including the owner.
Huang added that companies must clarify what is considered proprietary information, how it should and should not be used, and what the employee’s responsibility is to handle it appropriately. “It’s best to present that to employees when they join the company to set expectations and explain it to existing staff. This behavior should be formalized in standard operating procedures.”
He explained one of the most important things managers can do to help avoid risks from ex-employees is not to create disgruntled employees in the first place if possible.
“Technology is one way to solve this problem, but many times I would say mutual respect and communication go even further in preventing difficult situations like these.”