Ex-user credentials haunting your network?

Tuesday, September 29th, 2015

insider_threat“Joe” left two weeks ago. Are his user credentials still appearing active? Maybe because IT is backed up on “offboarding?” Or, maybe they don’t even know he is gone yet!

According to a survey done by Lieberman Software, “More than 13% can still access a previous employers’ systems using their old credentials.” This means the information that “Joe” had access to as a privileged employee, is still available…to him…right now…from outside the company. And most likely, many have that access for a rather long period of time. “Almost 25% work in organizations that do not change their service and process account passwords within 90 days,” stated the Lieberman Software survey. In the days of paper, it didn’t seem to matter that an old employee’s name still showed as a project manager on a document. Nowadays, this can not only cause confusion, it can pose serious risks to the company’s data, network, and reputation. Most employees or contractors do not pose a threat, but it is that one that you may miss that will have access to material with devastating consequences. Kentucky.com reported the following example in 2014 on the sentencing of an ex-contractor gaining access to Toyota’s systems:  “…caused considerable downtime or loss of functionality with a number of systems, affecting Toyotasupplier.com the most, according to court documents. Several Toyotasupplier.com and internal applications did not work properly or shut down for hours, according to the affidavit.”

Many companies are so busy with other tasks and decisions, the simple cleanup of the obvious things go unnoticed. We all have so many different access points to so many different applications today, that keeping track ourselves is overwhelming, but IT has to keep track of everyone’s access. Communication is the number one task to protect a company from data loss or threat risk. Tell IT–they can’t purge the system and protect the company if they are not kept informed. Today, IT is one of the most important departments for the functionality, security… lifeblood…of an organization. They should be first on the list. With access to comprehensive monitoring and reporting tools, IT can run a investigative query on demand.

What needs to be done to help protect your privileged information and network no matter where your data is located? The following should be at the top of the list:

  1. Make sure your internal process of employee onboarding and offboarding has IT included at all levels.
  2. Make sure your corporate policy is understood and signed off on when an employee is hired and again when discharged.
  3. Confirm that this policy clearly informs all employees that their actions, while using company devices, are logged, monitored, and audited.
  4. Verify that all users, including contractors, have their own, unique login credentials.
  5. Validate that your IT procedures include all levels of employee information access, especially privileged accounts.
  6. Make certain a corporate policy for discharging an employee has immediate impact on any access for that employee, even one day could be detrimental.
  7. Do not forget about social media. Many view this as a harmless side effect of today’s business world. It is not harmless. A disgruntled employee can do serious damage to a company’s reputation through this ever-increasing communication channel. Access to the company’s social media needs to be regulated just like any proprietary corporate network.

Lastly, audit…audit…audit. Use a comprehensive monitoring tool with detailed, drill-down capability to analyze data on any activity. It is always good practice to regularly screen for activity on users who are no longer with the company. Investigate any missed credentials and correct the issue before data loss, malware intrusion, or simple unethical behavior, such as accessing and posting on the company social media sites, happens. This is the only way to ensure that all avenues were covered. Today, monitoring, filtering, and reporting solutions are no longer a luxury–they are a requirement.

Wavecrest Computing has been the recognized leader in Web Security for over 19 years with CyBlock and Cyfin Solutions. These scalable filtering and forensic reporting analysis products are designed to enable organizations to successfully address Internet abuse, legal liability, shadow IT, workforce productivity, and Web security threats.