Don’t Let Security Go with Your Staff

At some point or another we have all left a job. If you’re one of the lucky ones, it’s because you found something better. You’ll have farewell drinks, and possibly a good-bye gift or good luck card to see you on your way. If you were one of the unlucky ones, you may have been let go because of innumerable reasons beyond your or your employer’s control, and have left feeling pretty hard done by.

We’ve all gone through the process of handing in our IDs and building access cards, but how often have we had to surrender details of our company log in? Or how many times has the company changed its standard log in information for Outlook or another email system when someone has left? The answer is, probably not that often, if at all.

If an employee that’s been let go unwillingly feels like exacting some revenge, how is the business going to stop them from accessing systems and accounts without knowing what information they have access to in the first place?

If I were so inclined, I could log into the accounts of companies I have worked for previously, access files, and wreak havoc with confidential corporate data. With access to a social media account such as Twitter, previous employees have the potential to seriously harm a company’s reputation among customers, prospects, shareholders and the media. If employers are not prepared to change their password every time an employee leaves the company, they leave themselves open to attack, embarrassment and potential reputational, and financial damage.

We need only to cast our minds back to January 2013 to see how damaging a simple oversight like forgetting who has access to what can be. A disgruntled HMV employee took to the corporate Twitter account to vent his, or her, frustration at being let go, presenting a very different side of the business to more than 63,000 followers. Given the sensitive subject of the tweets, and the potential for perceived flaws in HMV’s HR process to be made public, shows exactly the sort of nightmare that keeps business executives up at night.

HMV’s very public and unfortunate display of employee frustration was an occasion that with Unified Identity Management could have been avoided. With a few clicks from the IT department the disgruntled tweeter’s profiles could have been removed from the system, taking away their ability to tarnish the brand’s reputation.

Instead of dishing out individual log in information to each and every person, does it not make more sense to have everything available under one profile, and then have privileges attributed to employees within this profile?

The trouble with multiple sign-ons is keeping track of who has access to what. When somebody leaves, how does an organisation know all the means in which the employee had access to its online resources? Do you reset every password to make sure nothing is missed? Trying to do this wastes company money, time and resources, and will inevitably reduce productivity. To avoid employees having to remember multiple passwords and usernames, it makes sense to have a unified log in.

A single, unified architecture for sign-on can address these challenges with true single sign-on directly to Active Directory. A cloud service can facilitate secure single sign-on and control access through a security token service, which authenticates users to the portal with Kerberos, SAML, or an Active Directory username/password; then automates logins through a one-click interface when users select from their list of authorised SaaS applications.

It is much simpler to have control of all resources in one place so that data is kept secure, privileges are monitored, and access simplified. With single sign-on you can keep tabs on all employee activity, and when someone does leave the company, regardless of what terms it is on, you can disable a single account, making the transition, control and protection of company resources seamless and risk free.

Read Larry Seltzer’s article offering his perspective on why ‘Passwords are key when firing employees’ here on ZDNet.com