Over a third of IT workers have admitted to accessing corporate systems after they have left a company, potentially breaching the Computer Misuse Act.
According to a survey carried out by Vason Bourne on behalf of Protected Networks, 49 per cent of those surveyed said they had retained access to their former employer's network after leaving the company. Of these, 75 per cent admitted continuing to access the corporate systems, sometimes repeatedly over the course of up to a year.
Furthermore, 57 per cent of businesses involved in the survey noticed that former IT employees still had access, but failed to take action to cut them off.
Keith Maskell, country manager at Protected Networks, criticised the "astonishingly liberal attitude of UK businesses to managing access to data on the corporate network" saying that this lax attitude creates "a serious vulnerability that can be exploited later by hackers".
While this failure to properly manage access rights is a serious oversight on the part of businesses, those still accessing their ex-employer's systems may be breaking the law.
Frank Jennings, a lawyer and partner at Wallace LLP, told IT Pro: "The Computer Misuse Act 1990 ... prohibits unauthorised access to any program or data held in any computer and anyone convicted of this could be liable to pay a fine and could face up to two years in prison.
"If someone accesses their former employer's system with the knowledge or help of their new employer, that could give rise to liability for the new employer under the CMA."
Mark Taylor, a partner with law firm Osborne Clarke, agreed.
"Any criminal liability under the Act would sit primarily sits with the relevant individuals (and not their past employer)," Taylor said.
"However, if an individual is using such access for the benefit of a new employer or at their new employer's behest, then liability may also attach to them. Consequently, new employers should be careful that they are not encouraging or facilitating such access."
-
AI is helping bad bots take over the internetNews Automated bot traffic has surpassed human activity for the first time in a decade, according to Imperva
-
Two years on from its Series B round, Hack the Box is targeting further growthNews Hack the Box has grown significantly in the last two years, and it shows no signs of slowing down
-
Nintendo hacker forced to pay company 25-30% of earnings for lifeNews Gary Bowser pled guilty to hacking charges in 2021
-
Computer Misuse Act 'putting critical UK infrastructure at risk'News The 30 year-old legislation also prevents cyber security professionals from doing their jobs, it's claimed
-
237 police officers disciplined over computer misuseNews FOI request reveals UK forces failing basic IT best practices
-
Ex-Yahoo employee admits trawling through user accounts for explicit contentNews More than 6,000 users compromised as defendant also accessed iCloud, Facebook and Gmail accounts
-
Almost 100 HMRC staff disciplined over computer misuse, FOI revealsNews Staff dismissed over misuse of emails, computer equipment and social media
-
Six-month sentence handed for data abuse in landmark ICO prosecutionNews Data regulator hints seeking tougher punishment was an effort to change behaviour in how personal data is held and processed
-
NCSC unveils new cyber attack classification systemNews The framework categorises everything from individual hacks up to national cyber emergencies
-
British 'hacker' Lauri Love wins High Court appeal against US extraditionNews Love is now expected to stand trial in the UK on charges of US hacking
