What IT security experts say about “Rogue Access”
You’ve probably heard the statistics from our “Rogue Access” report: 89% of ex-employees retained access to at least one cloud app from a previous job.
Our first reaction when we saw these numbers? Our jaws dropped.
Then, once we collected ourselves, we realized that needed to talk to some experts to give us context. So we reached out to a few of our partners who specialize in IT security to get their thoughts—and hear their horror stories.
Felix Yanko, President of ServNET Technologies
“I’ve definitely heard a lot of stories around salespeople who export their customer lists. Or tech people that have FTP access and download company files and make copies.
“Definitely, I’ve seen employees that delete data, and that’s the concern: they go in and delete and wipe all the data that is on their drive. There was a time when somebody went into our system afterward and changed some things, but we couldn’t prove it and couldn’t see who it was.
“We had a situation with a client where an employee was let go, and the company leadership claimed that the employee hacked back into the company’s system, but I think the real story was that the company information wasn’t properly secured. No company wants to admit that it’s happened to them.”
Eric Aguado, COO and Partner at ThrottleNet Inc.
“We actually had one of our own happened here internally. Shortly after one of our engineers was terminated, that person found employment at another competitor here in town. And that individual actually used remote access software to gain access to our telephony server.
“From there, they proceeded to listen in on phone calls, record phone calls and even redirect extensions. They’d retrieve voice mails as well as other sensitive information. We were lucky that they were unable to gain access beyond this one server, at least that’s what we were able to determine. To be honest, we will likely never know the full extent of the breach.”
Chris Sousa, Vice President of Enterprise Design at Dataprise, Inc.
“We’ve certainly heard horror stories from prospective customers about outgoing IT personnel and what they’ve done when they left. Those IT personnel still have access. They log in. They shut down a server. They delete data before they leave. We’ve also seen salespeople that leave and take customers with them.
“We were in a sales meeting last week, and one of the big topics that came up was how to protect Social Security numbers and that kind of thing. And the prospective customer was really concerned about liability on their side if there was a data breach, how much they would have to pay out because of that breach, what our liability insurance was, etc.”