Majority doing this for 'personal use,' survey reveals
Hackers aren't the only people who employers should be worried about these days, after a new report found that former employees are still accessing the accounts of their previous organisation.
Findings from PasswordManager.com found that 47% of 1,000 US workers are still using their employers' passwords even after leaving the company.
How did they do it? More than half (58%) said this is because the passwords had not changed since they left the company, 44% said someone still working for the company shared it with them, while 6.2% said they were able to guess it.
Why are they using it?
More than half of the respondents (56.2%) said they opened their previous employers' accounts to access information that they can use personally, according to the report.
It also found that 28% are using their former employers' passwords to access their paid tools or subscriptions. A quarter (25.27%) of these employees said doing so saves them between $150 and $200 monthly. Others are saving:
- $50 to $100 (20.64%)
- $100 to $150 (18.86%)
- $200 to $250 (12.81%)
- More than $300 (8.9%)
Meanwhile, other reasons for opening former employer's account include:
- Connecting with former clients or customers (43.1%)
- Helping with another job (39.1%)
- Disrupt company activities (9.7%)
The report found that one in three respondents said they have been doing this for over two years. However, only 15% of them had been caught.
Daniel Farber Huang, Head of Privacy and Cybersecurity, warned former employees that misusing proprietary information could have legal implications.
"Even if no legal action is ultimately taken, nobody wants to be threatened by a corporation – it's just not worth the hassle and frustration. And I'm describing a non-malicious violation here. If someone were actually trying to inflict damage or loss on a former company, that's a whole other scenario that can get ugly and litigious fast, and rightfully so," Huang said.
How can employers prevent this?
Employers should make their standards of care and conduct "100% clear" to employees, according to Huang. This should include information that is authorised, as well as the unauthorised handling of intellectual property.
"Importantly, companies should create incentives for managing information properly and also consider penalties or corrections for intentional or negligent use of information, including passwords and company accounts," Huang said.
"This can be spelled out in both new hire onboarding documents as well as communications with current employees, so everyone understands what is considered standard of care."
The findings also indicate poor cybersecurity among employers, even amid recent attacks on major organisations across the world. Huang attributed this lack of proper security to "cost factor."
"The other aspect is having a staff person to manage the on-going process," Huang said. "Let's face it, most employees probably would not be jumping up and volunteering to be the official password wrangler. It’s too important of a role to simply outsource or pile onto a junior staffer, however, and companies should value the importance of the role accordingly."