Watch out! There is potential trouble with user’s accounts if your IT department or your outsourced supplier does not take adequate steps to control them.
Organisations need to double check that should someone leave the business that their access and user account is properly controlled and access is restricted or totally removed. For example, you may want emails sent to Les in Sales to be forwarded to other members of the Sales team. You definitely want any access for Les to be stopped, from logging in from another computer. Is Les now working in Sales for a competitor ?
The great concern in this climate of data awareness and paranoia, is that businesses are unaware of the gaping holes in their security.
In a recent study of 900 IT security professionals :
Only 14% reported that they had removed access for users immediately following their .
Of those asked only 9% were confident they had no dormant accounts.
More than 84% of these IT staff confessed it took a month or longer to actually get round to deal with removing those users details and remove any access.
Think about that last sentence –
How much damage might a disgruntled ex-employee do in a month? Realistically, how much damage in a single day ?
Whats the risk with user accounts you ask?
When someone exits the business that user should no longer have any access.
The problem – if their account and various forms of access and interaction are not closed off in a timely fashion, that there remains a gaping hole in your IT security armour.
In a typical IT Support day, our emphasis is on getting immediate restrictions in place, so a user no longer accesses emails or files. How many devices and forms of access did that user have, is there any form of audit ? What about email going to a phone ? Used to work from home, remote access ? In the space of only a couple of years, technology changes and so do the systems.
Access rights to critical data contained within user accounts needs to be controlled to ensure that after an employee leaves they can no longer gain access. This data is also potentially available to hackers for some time after.
Whenever our team deals with a client’s request to remove access, we invoke a checklist and ensure that total access is removed. If for whatever reason we suspect any issues, making the business owner aware means they have foresight on any potential issues.
This is why we have seen the emergence of two factor authentication, remote user access and defined user security policies.
Please contact us for more information.