More than a third (39%) of large British businesses take between a few days and a month to close dormant accounts of former employees, research has revealed.
Doing so leaves them more open to a cyber attack, according to Ilex International, which conducted the study with YouGov.
A quarter (24%) of respondents from large businesses terminated access to dormant accounts ‘a few days after departure’, 5% waited up to a week and 3% within a fortnight, while 8% confessed to only removing access within a month.
Immediate termination on or before the day of departure is even worse for small and medium size businesses, bringing the total number of respondents following this best practice down to 32% and 56% respectively.
>See also: UK is the most prepared country for cyber attacks
“Disgruntled employees or partners are unlikely to wait until a month after leaving to access confidential company information,” warned Thierry Bettini, director of international strategy at Ilex International. “Access is likely to be sought in a matter of days. The findings highlight the importance of closing inactive accounts down straight away, rather than waiting around.”
According to the Ministry of Defence, the cost of cyber security breaches to the UK economy roughly tripled over the last year, amounting to between £20 billion and 30 billion per year.
Despite this figure expected to grow further, the research found that only 11% of the businesses surveyed expect a data security breach in 2016.
Large businesses were the most wary, with 30% expecting a breach, compared to 24% of medium-sized businesses and only 6% of small businesses.
“With the number of temporary workers expected to increase over the coming months, especially for retailers gearing up for Christmas, hiding from the truth is not an option,” said Bettini. “The research emphasises the need for greater awareness of the likelihood and consequences of security breach.
“TalkTalk’s latest incident, along with other mega breaches should be a wake-up call for businesses to be more effective in protecting sensitive information.
“Shutting down inactive accounts of former employees and contractors more quickly and removing any associated access can help to control unwanted access to confidential data and minimise risk of a security breach.”
>See also: 7 ways cyber attacks will evolve
According to the Online Alliance Trust, almost one-third of data breaches in 2014 were caused either accidentally or maliciously by employees.
Research published by the Sans Institute in April 2015 showed that while insider threats are a key concern for security professionals, 40% of businesses have no systems in place to address this concern, while 32% lack appropriate policies and procedures to deal with insider threats.