Though it takes some work, failing to close old accounts can expose businesses to undue risk and vulnerability.
Recently, a study conducted by Courion Corp. found that 93 percent of organizations feel confident that their systems aren't at risk because of unused, or zombie accounts left to rot by ex-employees. However, in spite of this, the Lieberman Software study of 2014 found that over 13 percent of all former employees could still access their old professional system, utilizing the same credentials.
Even if the employee in question isn't malicious in nature, leaving old accounts open can lead to significant holes in security, particularly through applications that need constant updates and patches to remain effective. So how can you make sure that you close out old accounts in a way that is safe and secure?
The following information should help you prepare for closing accounts, and demolish zombie credentials before they can cause damage to your system.
Related Article: Dear BDC: How Do I Fire Someone?
Step One: Identify All Zombie Accounts
First of all, it's important to make sure you know exactly how many accounts you need to remove from your system. This means checking all of the machines that your former employee used to access their accounts.
Remove the personal memberships that the employee had within the "administrators" group, as this will minimize the chances of them gaining access to sensitive data.
To some degree, the best way to make a start in clearing out old employee accounts is to have that employee review the resources that they have used during their time as a staff member and grant access to email addresses and files by handing over the reins to that account.
However, remember that depending on the way that your relationship with an ex-employee may have ended, there is always the chance that they're not being completely honest with you about their opportunities for company access.
Step Two: Utilize Enterprise Password Management
Today, many businesses are forced to manage the struggle associated with coming up with frequent unique passwords.
Indeed, many recent data breaches have been a result of simple passwords, or re-used code and username combinations across numerous services.
One of the best ways to prevent zombie accounts from destroying your business is to make the most of enterprise password management software. Just as password managers are a great way for individual users to secure their passwords today, enterprise versions are the perfect way to manage and track employee accounts.
These solutions help enable the process of password management, with functionality for automatically resetting passwords when an employee leaves, storing company passwords, and adjusting access according to user authority levels. With enterprise password management, you can change an individual's access level, and remove their admin authority.
Related Article: Is Your Small Business Vulnerable to Security Threats?
Step Three: Lock Out Employees and Change Passwords
Companies often use enterprise password managers as a way to keep accounts more secure by creating complex, unique passwords that may even change from time to time.
However, when removing an employee from a technical system, password managers are even more beneficial, as they can show information regarding resources that previous employees have used. By looking through the places that your previous staff member has had access to, you can lock them out of each sensitive location–often by changing passwords manually, or one by one.
Step Three: Deactivate and Delete Any Unused Accounts and Apps
Once you've locked old employees out of their accounts and applications, delete, and deactivate them, to prevent them from being a potential security leak. Unused applications can be a serious threat, as they need updating and patching to remain secure. When applications and software go unused, they can develop vulnerabilities that hackers may use to expose sensitive information.
At the same time, a lot of services and sites have no specific data-retention policy, meaning that emails, uploads, and other info shared by your previous employee could stay on file for years to come—causing significant threats when future breaches occur.
Perhaps the best thing any company can do when learning how to close company accounts for former employees, is to recognize that they need to devote time and effort to keeping on top of those accounts. Though it takes some work, failing to close old accounts can expose businesses to undue risk and vulnerability.
Taking the steps listed above as a precaution can save you time and money in the future.