Implementing and maintaining sufficient security for an organisation’s computer network is a timely, costly and ever evolving issue. Much can be done to ensure both the restriction of physical access to an organisation’s hardware and, more significantly, remote access to its computer systems. There are various ways to help ensure that those who shouldn’t have access are kept out, but how do you prevent an attack from someone who’s left the organisation and may still have access to information that you are unaware of?
Taking the keys with them
There’s a danger that when an employee leaves an organisation they take more than just their belongings with them. A joint study conducted by Intermedia and Osterman Research concluded that, as many as 89% of employees leaving their jobs retain access to at least one business application. Similarly, a survey conducted by Centrify found that as many as 50% of surveyed IT decision makers (ITDMs) say it can take up to a week or more to remove access to sensitive systems. Whether the employee is disgruntled on leaving or not — personal information, intellectual property, and business accounts are attractive and potentially lucrative targets to an individual with easy access to them.
Cloud storage and business applications are increasingly widespread, providing employees with access to larger amounts of information. From the end-user, to the network or systems administrator, the ability to work remotely and problem solve whilst offsite is key to an organisation’s efficiency. However, the greater the privileges, the greater the risk.
How to mitigate the risk to your organisation
It’s vital to have a complete understanding and awareness of employee accounts, their assigned privileges and what they can access. Uncontrolled distribution of login details and account or password sharing is the equivalent of a password on a ‘post-it’ note. At the basic level, an organisation should conduct regular reviews of employee access levels, and delete any accounts not required. Furthermore, termination of access to system and application accounts should take place immediately upon personnel leaving the organisation.
This, unfortunately, does not account for employees who shared an account, perhaps when locked out of their own, or when an employee needed access to files they wouldn’t normally have access to. 34% of surveyed UK ITDMs report sharing access credentials with other employees at least somewhat often, with another 52% admitting to sharing access regularly with contractors, and a fix here is enforcing regular password changes with strong password policies.
Session monitoring is a key tool and in particular, privileged session monitoring. This enables organisations to keep a constant watch over shared accounts, user accounts and privileged sessions. Shared account logins, multiple sessions and suspicious remote access should also be monitored. This not only provides protection against initial attack, but individual accountability should one arise. At a higher level, for those managers and administrators who have the greatest levels of access, and therefore could pose the most substantial threat, these processes are crucial. The ability to actively monitor, record and audit individual sessions ensures not only user accountability, but user compliance.
Retrieving business phones, tablets and laptops from departing employees is one way of preventing access to corporate information, but this doesn’t help BYOD friendly organisations. Deleting accounts and removing user privileges is a further step, but what of those administrators who set the privileges and effectively “cut their own keys?” Account access and password management software enables both cloud and on-premises centralised account control to those who need it, when they need it.
Terminating user accounts, removing privileges and denying remote access, along with collecting any mobile accessible devices when an employee leaves, is a big, and necessary, preventative measure and can put an end to the long goodbye!
To learn more about mitigating risks in your organization read A Practical Path to Unified Identity Across Data Center, Cloud and Mobile, and get on your way to a more secure environment.