Skip navigation



Digital security consultancy @stake reveals that the current wave of hi-tech redundancies is
opening-up another vulnerability that puts UK businesses at risk

UK businesses are failing to take adequate security precautions against disgruntled
ex-employees using company IT equipment and inside knowledge to commit digital sabotage.
With a greater percentage of business being conducted over the Internet, more workers
handling affairs from remote offices and an increasing amount of important company
information stored on company servers, organisations are vulnerable to misuse of their
digital information or resources by former staff. To help companies avoid financial loss and
immeasurable embarrassment caused by these actions, digital security consultancy @stake
(www.atstake.com) has created a set of guidelines that should limit this new risk.

@stake stresses that vulnerable companies may unwittingly enable ex-employees to expose
commercially sensitive information, such as pay structures, business plans and valuable
product information or simply allow unrestricted access to IT resources at the company's
expense. Even ex-employees with no technical expertise, armed with just an Internet-ready
PC, can profit from their former employer's lax security policy. Failure to disable
passwords and accounts, relaxed rules for the return of company laptops and the exploitation
of ex-colleagues' multiple-user accounts are all identified as potential security holes by
the experts at @stake.

Sandra Baccari Edler, Senior Research Analyst at IDC commented, "One of the most often
over-looked and under-estimated risks to the security of any company is, quite simply, its
people. Securing a company is an on-going process that only succeeds when individuals in the
organisation embrace the security policies that are set out for them. Because most companies
struggle to maintain a proper level of security with existing employees, the tendency to
overlook the potential threat posed by ex-employees can be quite strong."

Royal Hansen, practice director Europe @stake commented, "It's no secret that, in the past,
companies may find that a few pens, folders or even a laptop may go missing as an employee is
shown the door. Today, we are increasingly finding that, as well as physically clearing
their desk of its contents, employees are emptying their former company's documents,
databases and spreadsheets of confidential data, long after they have left their company car
keys behind."

"Companies can greatly reduce this threat by taking a few sensible steps, such as ensuring
accounts are shut-off as soon as a member of the company leaves and making regular checks on
their network perimeter to log all connections. These simple measures should deny access to
the majority of non-technical ex-employees who may be tempted to use company resources and
subscriptions at great expense to the company."

Hansen continued, "Most importantly, this vulnerability highlights that IT security is
predominately a people issue, rather than a product issue. Costly security measures will do
little to prevent the risk of ex-employee's compromising confidential data, compared to
having an agreed policy in place that can be implemented as soon as an employee leaves a
company. We have outlined a set of realistic measures that should help companies protect data
and resources from disgruntled individuals."

@stake's guidelines to limiting the threat from disgruntled ex-employees

Patrol your perimeter - Companies should regularly make security checks on their network
perimeter, building a log of all the connections. Armed with this knowledge, as soon as a
member of personnel leaves, the company can identify the holes in the network that need to be
closed-off.

Roll-call of company equipment - Laptops owned by the company give employees an excellent
tool to start their attack. A regular stock-take of all IT equipment and the member of staff
borrowing the equipment will make it easier for a company to identify the equipment to
re-call after staff cutbacks.

Check for unofficial accounts - Employees may have set-up their own accounts, other than
those allocated by the company, which may go unnoticed when the employee leaves. A regular
inspection will alert the company to any new accounts.

Terminate user accounts - Companies should have a routine of simply turning-off access to a
user's account once they are no longer employed.

Disable passwords - Companies should have a policy of expiring the passwords of employees
immediately after departure.

Careless talk costs - There should be a realistic policy in place to ensure employees do not
pass-on updated passwords to ex-colleagues or allow them to share a multi-user account.
Companies should ration multi-user accounts to situations where business benefits outweigh
security risks.

Work together - The IT manager should work with other relevant departments, such as Human
Resources, to ensure the smooth implementation of a planned IT security procedure.

-ends-

About @stake:

@stake works where business and technology intersect, because that is where security is most
powerful. The firm integrates technical and business expertise to build security solutions
that look beyond the network to the security of applications and data, and future business
goals.

@stake couples vertical industry expertise in three areas-- financial services, communication
service providers and e-markets-- with pioneering research, to design and build strategic
security solutions that enable the electronic business initiatives of its Global 2000
clients. Amidst other providers for whom security services are a way to sell products or
drive the sale of broader service offerings, @stake stands out with its dedicated focus on
security consulting services and the unmatched calibre of its people.

@stake security consultants and research scientists built their expertise at premier
organisations including the L0pht, Cerberus Information Security, DERA, the National Security
Agency, Axent, BBN, Deloitte & Touche, Open Market and RSA. @stake matches its unparalleled
security talent with equally strong vertical industry and business expertise drawn from
Sapient, Cambridge Technology Partners, Arthur Andersen, Fleet, Fidelity, Exodus, Nortel and
Interpath.

For further information go to: http://www.atstake.com

Contact Brodeur Bfour
Matthew Ward
mward@brodeurbfour.com
Tel:+44 (0) 1753 448875

Lena Ahmed
lahmed@brodeurbfour.com
Tel:+44 (0) 1753 448861

IDC
Sandra baccari edler, senior research analyst IDC Amsterdam, Netherlands
s.edler@idcresearch.nl
Direct office tel: +31 (0) 20 408.9532
http://emea.idc.com or http://www.idc.com
______________________________________________________________________


Click on the link below to see this news release as it appears on the Brodeur
News Room website and obtain full contact details.
http://www.brodeurnewsroom.com/asp/release.asp?rid=1564&cid=...
______________________________________________________________________


Click the link below to login and update your company and subject preferences,
or personal details.
http://www.brodeurnewsroom.com/asp/login.asp
______________________________________________________________________


Click on the link below to have your login details re-sent to you.
http://www.brodeurnewsroom.com/asp/forgot.asp
______________________________________________________________________

This press release was distributed by ResponseSource Press Release Wire on behalf of Pleon in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.