In a world that has had to become obsessed with data security, it's amazing how many companies are lax when it comes to terminating network access for departing employees. Take a look at these numbers from a recent survey.
I once worked for a company that had a strict policy on employee exits. When an employee was let go, he or she was physically escorted from the building minutes after receiving the news. This action supposedly served two purposes: one that the employee wouldn't have time to go back and copy important company data, and the other that the employee wouldn't go on some kind of shooting rampage.
But the same company that took those extra precautions ironically could take days to remove an ex-employee's permissions from the network.
Admittedly, it's a pain for network administrators to deactivate access to systems. In fact, in a recent blog on ComputerWorld, Mark Hall quotes a recent survey funded by Symark International, Inc. and conducted by eMediaUSA that reveals how lax some companies are in doing so:
The 850-plus responses to the poll showed these results:
27% of the organizations admitted that they had more than 20 orphaned accounts still active.
8% acknowledged that 100 or more ex-workers still had live accounts.
15% of those polled said those accounts had been accessed at least once after the individual had been terminated.
What's worse is that 42% say they don't even know how many orphaned accounts exist and don't know if they're still being used. Only 39% of the respondents said all accounts are closed upon an individual's termination and 12% said took a month or longer to do so.
One would hope that companies are a little more diligent with exiting IT workers, not because they're less trustworthy, but because they have deeper access to systems.
What's been your experience? Have you found you still have network access after you've been let go?