Views: 3
Carol: Hi there. I’m with Emory Lindsey, one of the security team members here at MIS Solutions. He’s going to share with us why it’s important to remove old user accounts from your network. Thank you for joining me, Emory. Let’s start out by you telling me how a company should handle former employee accounts.
Emory: So your company should have a standardized offboarding process that includes notifying your IT provider. When an employee leaves or is terminated from the organization, your IT provider can then work to remove user accounts from all managed systems, including, but not limited to email, active directory, VPN, cloud services, and third-party apps. And finally, any accounts on systems not managed by your IT provider will need to be removed by the appropriate parties. And then finally, change the passwords of any accounts that need to remain enabled.
Carol: What about instances where a company needs to keep an email address active so that it can be monitored?
Emory: So, the best thing to do in that scenario is to delete that mailbox and assign the email address as an alias for a valid active account. Or alternatively, what you can do is convert that mailbox into a shared mailbox and then simply block sign-in to that shared mailbox because shared mailboxes ideally should not allow for user sign-in.
Carol: Okay. And what are some of the potential risks if those accounts remain active?
Emory: these accounts are a major security vulnerability. If the former employee’s credentials are still active, they or someone who gains access to those credentials could then login and access sensitive company data, emails, or internal systems.
This is especially dangerous if their account has privileges to financial data or other sensitive information. Also, cybercriminals often target inactive accounts because they are less likely to be maintained, making them easy entry points for data breaches, ransomware attacks, or even insiders.
Carol: Okay. All right. And can you give me an example of a security breach that was caused by an inactive account being compromised?
Emory: Certainly. So back in May of 2021, some of you may remember this, the Colonial Pipeline Company actually suffered a significant ransomware attack that led to widespread fuel shortages across the Eastern United States.
This breach actually occurred because of an inactive VPN account that lacked multi-factor authentication.
Carol: Okay. You mentioned removing user accounts from all systems on the network. What are some other best practices when it comes to off-boarding users?
Emory: to name a few, revoking physical access such as key cards and two-way access to the office building or data center, collecting company-owned devices such as mobile phones or laptops, and wiping any sensitive company data off of those, devices. And then some more proactive measures would be implementing Role-Based Access Control and exercising the Principle of Least Privilege so that users only have access to or the permissions necessary for their job.
This makes it easier to track and revoke access when needed. And then, finally, performing regular audits of user accounts, just to identify and remove any inactive accounts, is also a good measure.
Carol: Okay. All right. Thank you so much, Emory. I appreciate it. And if you are interested in learning how MIS solutions can help make your business more secure, get in touch with us today.
Share: