A Silent Threat Inside Every Organisation
When an employee leaves a company, attention often turns to handovers, exit interviews, and final paperwork. Yet, behind the scenes, many organisations overlook one crucial step – revoking digital access.
According to a recent study by KnowBe4 (https://apo-opa.co/46SOBcD), 89% of former employees still have valid logins after departure, while 45% retain access to sensitive company data. Nearly half admit to continuing to access systems post-exit, sometimes unintentionally.
This phenomenon, known as the “shadow employee”, is quietly becoming one of the most dangerous cybersecurity risks for modern organisations – particularly those using cloud-based tools and remote work systems.
Why Shadow Employees Are So Hard to Detect
“The shadow employee phenomenon is more common than many realise,” said Anna Collard, SVP of Content Strategy and Evangelist at KnowBe4 Africa (www.KnowBe4.com). She mentioned it often goes unnoticed because many companies focus more on onboarding than offboarding.
She explained that when HR and IT teams work in silos, credentials and third-party logins can slip through the cracks. “It shouldn’t be seen as just a technical issue; it’s a human one, too (https://apo-opa.co/3IwpyUX), where attention to digital hygiene and processes are lacking,” she added.
A 2023 case in the U.S. underscored the danger: a former IT consultant’s (https://apo-opa.co/46TXYc2) unused credentials led to a major data leak, exposing sensitive information and costing the company six figures in damages.
The High Cost of Rogue Access
Collard warns that retained access can expose organisations to three major risks:
- Operational risk: Disrupted workflows or unauthorised system changes.
- Reputational risk: Damaged trust following a breach by an ex-employee.
- Financial risk: Legal costs, regulatory fines, and revenue loss.
“Even if there’s no malicious intent, the mere presence of active credentials outside of an organisation’s control creates vulnerabilities that threat actors can exploit,” Collard said. “Especially through credential stuffing or phishing (https://apo-opa.co/46V077s).”
How to Prevent Shadow Access
Experts recommend turning offboarding into a security-driven process rather than a mere HR formality. Collard advises:
- Automate deprovisioning to revoke access in real time.
- Integrate Identity and Access Management (IAM) tools.
- Conduct regular access reviews to catch dormant accounts.
- Educate managers to monitor shadow IT or unapproved apps.
“Make line managers accountable for flagging all tools and systems used by exiting staff and track unofficial tools in your access control system,” she added. Untracked tools often become the biggest blind spots.
The HRM Report (https://apo-opa.co/46YnUn3) also found that “Shadow AI” – staff using generative AI tools without oversight – is rising across Africa. This trend adds another layer of exposure, reinforcing the need for robust digital governance during offboarding.
The Bottom Line: Offboarding Is Cybersecurity
“As the workplace becomes more hybrid and decentralised, organisations must rethink offboarding as a critical component of cybersecurity hygiene,” Collard concluded.
Former employees should never keep the digital keys to your kingdom.
