Trainee effect is a serious safety problem
According to the recent study "IT Security and Data Protection 2015", the German economy suffers millions of euros in damage every year due to authorizations that are inadvertently not revoked.
The so-called Trainee effect has become a serious security problem for the German economy. This is the conclusion of the current study "IT Security and Data Protection 2015" by the National Initiative for Information and Internet Security (NIFIS). According to the survey, 77% of domestic companies share this view. This causes millions of euros in damage to the German economy every year (50% agreement). Trainees are given access to numerous sensitive company data in the course of their training in various departments. Authorizations are often inadvertently not revoked, even if the trainees have already left the company again. This can lead to data misuse and corresponding economic damage. This is called the trainee effect. The effect, which can be devastating for the security of a company, is usually the result of inadequate identity and access management.
Trainee effect is underestimated in many cases
According to the NIFIS study, less than half (44%) of companies are aware of the trainee effect as a security problem. After all, 19% of German businesses still see the issue as negligible. According to NIFIS Chairman Thomas Lapp, a lawyer, many companies still need to rethink this: "The trainee effect is a security problem that is often underestimated. Therefore, it is important for companies to prevent worse in the future." Lapp advises introducing the company's own guidelines for the assignment of rights. "A procedure must be established with which access rights can be presented transparently and withdrawn again without major effort," emphasizes the NIFIS chairman. In addition, the need-to-know principle must apply. This means that employees can only access the data they need for their work.
Trainee effect continues to gain ground
According to the NIFIS study, the trainee effect has increased in recent years (65%). And the trend is upwards: almost three quarters (74%) of the companies also expect an increase in importance in the next few years. "The PRISM and follow-up scandals have made German businesses more aware of IT security and data protection. In contrast, companies often still greatly underestimate the internal threat posed by their own employees," adds Lapp. Accordingly, 88% of the companies see the trainee effect as a good example of how companies are careless with their own data. "After all, the `apprentice effect` also applies figuratively, and even more so, to employees who leave the company," Thomas Lapp urgently advises companies to "take a thorough look at their procedures when employees leave from an IT security perspective and adapt them if necessary." As a basis, the NIFIS chairman recommends professional identity and access management. "Identity and access management should not only be an issue for departing employees and trainees, but should be part of the basic security equipment of every company," says Lapp.
NIFIS press release
