Many employees can access millions of company files on their first day

News
By published

Problem is often further compounded by poor active directory hygiene

Representational image of data security
(Image credit: Kingston)

On average, new employees can access about six million corporate documents on their first day on the job, a new report has claimed.

Based on an analysis of four billion files across 50 different organizations, cybersecurity vendor Varonis found a huge overexposure problem of data in the manufacturing industry.

“Manufacturers hold sensitive, and incredibly valuable data that puts them at risk. And as we saw with WannaCry, DarkSide and so many other attacks, ransomware can stop production lines and halt businesses. All too often, information is overexposed and under protected,” said Matt Lock, technical director, Varonis.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

In the report Varonis argues that overexposed and under-protected data can cause all sorts of problems; from employees copying, sharing, and deleting sensitive information, to inadvertently leaking them to cybercriminals who then use it to gain a foothold onto the corporate network.

Limit access and impact

Varonis discovered that on average every employee can access about a fifth of the files in an organization. The number rises to a quarter for mid- and small-sized businesses.

Worryingly, four in ten organizations have 1,000+ sensitive files open to every employee. In fact, on average over 27,000 sensitive files, such as those with financial details, or trade secrets, or business plans, are open to everyone.

The study also revealed poor active directory hygiene with more than half (56%) of the surveyed companies having over 500 accounts with passwords that never expire, while 44% had over 1000 ghost users.

Based on their findings, Varonis believes that companies need to proactively take charge of data access in order to limit the damage attackers can do.

“Companies need to ask themselves three questions to better prepare for an attack: Do you know where your important data is stored? Do you know that only the right people have access to it? Do you know that they’re using data correctly? If you don’t know the answers to these three questions, you won’t be able to identify the early stages of a cyberattack,” asserts Lock.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Hacker Typing
Racing against time on a menacing caldera: survey finds majority of organizations take days to tackle critical vulnerabilities, each of them a potential open goal for cybercriminals
cybersecurity
How dark data could be your company's downfall
Security padlock and circuit board to protect data
Foh&Boh data leak leaves millions of CVs exposed - KFS, Taco Bell, Nordstrom applicants at risk
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
A hacker typing on a MacBook laptop with code on the screen.
If your business data appears on the dark web, get ready to face a cyberattack
Concept art representing cybersecurity principles
How to combat exfiltration-based extortion attacks
Latest in Pro
Racks of servers inside a data center.
Modernizing data centers: an efficient path forward
Dr. Peter Zhou, President of Huawei Data Storage Product Line
Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Wix automation
The world's leading website builder aims to save businesses time with new tool
Hands typing on a keyboard surrounded by security icons
The psychology of scams: how cybercriminals are exploiting the human brain
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
The TikTok logo appears on a smartphone screen with the United States flag in the background
Oracle could still end up running TikTok
Latest in News
Man using iMessage on an iPhone
Apple will finally enable encrypted RCS messages between iOS and Android, and it's about time
Jason Sudeikis&#039; Ted Lasso pointing at someone in Ted Lasso season 2
Believe it, baby: Ted Lasso season 4 is officially in development for Apple TV+ and Jason Sudeikis will reprise his role as the titular soccer coach
Quordle on a smartphone held in a hand
Quordle hints and answers for Saturday, March 15 (game #1146)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Saturday, March 15 (game #377)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Saturday, March 15 (game #643)
Wix automation
The world's leading website builder aims to save businesses time with new tool
More about pro
Dr. Peter Zhou, President of Huawei Data Storage Product Line

Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Wix automation

The world's leading website builder aims to save businesses time with new tool
A character riding their horse through the Japanese landscape of in Rise of the Ronin

Another day, another dreadful PC port - Rise of the Ronin joins the list of woeful PC launches with even an Nvidia RTX 4090 succumbing to stutters
See more latest
Most Popular
A character riding their horse through the Japanese landscape of in Rise of the Ronin
Another day, another dreadful PC port - Rise of the Ronin joins the list of woeful PC launches with even an Nvidia RTX 4090 succumbing to stutters
Android 16 logo on a phone
Android 16 Beta 3 has arrived – here are the 4 features I think will be the most useful
Man using iMessage on an iPhone
Apple will finally enable encrypted RCS messages between iOS and Android, and it's about time
Wix automation
The world's leading website builder aims to save businesses time with new tool
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Saturday, March 15 (game #377)
A collage of Moana in Moana 2, Michelle in The Electric State, and Moiraine in The Wheel of Time season 3
7 new movies and TV shows to stream on Netflix, Prime Video, Max, and more this weekend (March 14)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Saturday, March 15 (game #643)
Quordle on a smartphone held in a hand
Quordle hints and answers for Saturday, March 15 (game #1146)
China
Volt Typhoon threat group had access to American utility networks for the best part of a year