According to a new report by PasswordManager.com, employers should not only worry about hackers but also about former employees who still have access to their accounts. The study revealed that 47% of 1,000 workers still use their former employer’s passwords even after leaving the company. The majority of them (58%) had not changed their passwords since they left, while 44% got their passwords from someone still working for the company, and 6.2% were able to guess it. More than half of the respondents (56.2%) used the passwords to access information for personal use, while 28% used them to access paid tools or subscriptions. The report also found that one in three respondents had been doing this for more than two years, and only 15% of them had been caught.

Daniel Farber Huang, Head of Privacy and Cybersecurity, warned former employees that the misuse of proprietary information could have legal implications. Employers should make their standards of care and conduct “100% clear” to employees, according to Huang. This should include authorized as well as unauthorized handling of intellectual property. Companies should create incentives for managing information properly and consider penalties or corrections for intentional or negligent use of information, including passwords and company accounts.

The report also highlighted poor cybersecurity among employers, despite recent attacks on major organizations worldwide. Huang attributed this lack of proper security to the cost factor and the need for a staff person to manage the ongoing process. Companies should value the importance of this role and not outsource it or pile it onto a junior staffer. Employers should provide clear guidelines for employees to follow and offer incentives for managing information properly.