This is a story that I can relate to. Recently, I was able to access data for a former employer from several years ago (with their knowledge). I felt very confused as they had normally be good about this sort of thing but, in this case it was an abject failure.
So, why does this sort of thing happen so often?
From Dark Reading:
As part of cost-saving measures, many of these companies are now allowing more employees to work remotely, yet failing to update their security controls. In fact, 90 percent of companies that responded employ virtual workers who do business beyond the four walls of the traditional office. Almost half of the respondents (41 percent) said they have increased their use of virtual workers over the past 12 months, providing more complex security issues that need to be addressed.
Still many companies continue to use basic passwords and new-employee set-up policies that make it easy to introduce vulnerabilities. Additionally, remote access is often managed by multiple internal groups within a company, resulting in 21 percent of responding companies admitting that they hadn’t even changed employees’ passwords after they were terminated.
Exit procedures for companies need to be enforced. I’ve been in firms that did an excellent job of it and at least one that had suspect results.
What are your corporate exits procedures?
Are they working?