Study: Insider Threat Caused by Workers Using Former Employers’ Passwords

PasswordManager has written an article discussing a survey of 1000 U.S. workers the site conducted to better understand employee password hygiene after leaving their company. According to the report, 47 percent of respondents still used their employers’ passwords after leaving the company; 56 percent of which did so for their personal use. However, 10 percent said they utilized those passwords in order to disrupt the company – including the incident that occurred in Kansas at the Post Rock Rural Water District in 2019. Less impactfully, but more common, 28 percent of respondents used those passwords to access paid tools or subscriptions.

This survey is a clear demonstration of why having proper offboarding procedures for employees is critical to any utility in protecting against insider threats. As stated in WaterISAC’s 15 Cybersecurity Fundamentals, offboarding procedures “should include an audit process to identify disabled and deleted accounts and to confirm comprehensive access deprovisioning due to role transfers. The procedure should also incorporate a method to identify any shared accounts, like system administrator, development environment, application, and vendor accounts.” From recruitment through separation, it’s important to establish clear physical and electronic access control policies, employ tools and resources to identify anomalous behaviors, and increase training and awareness activities across the organization to reduce the risk of an insider threat when employees leave. Read more at PasswordManager.