The Risks of Leaving Inactive Accounts Open | Xuper IT | News

The risks of leaving un-used user accounts open

Leaving inactive accounts open could leave your company vulnerable to cyber attacks…

User accounts are often left open when an employees leaves or changes roles, however if steps aren’t taken to close these entry points, you could be leaving your organisation vulnerable to cyber attacks. Cyber criminals will look for the easiest and quietest way into your network and one common path is through user accounts that are no longer in use.

Most companies now take protecting their current users very seriously, but ghost users tend to be an overlooked threat, but are a great way for hackers to quietly probe without alerting anyone. While technology can monitor accounts to an extent, this threat could easily be mitigated by improving communication between your IT team and other departments. IT will be able to close these accounts, but only if they are made aware when an employee leaves.  For a cyber criminal, it’s fairly easy to find inactive accounts to target, simple searches on LinkedIn, for example, can reveal who’s recently left an organisation.

If a cyber criminal was to get access to the ghost account of a senior level staff member, they could also get access to a range of sensitive information such as personal data or financial documentation.

Unusual behaviour?

It may also be worth monitoring your users typical behaviour. If you know someone doesn’t typically use their accounts in the middle of the night, and suddenly the account is being used, you can look deeper into the account and investigate any suspicious behaviour.

Whilst not all companies can afford to ask their overworked IT department to monitor inactive accounts, by implementing procedures to ensure user accounts are active and monitored, you will find it much easier to spot unusual behaviour. Monitoring along with a simple process to permanently close these accounts after so long will massively improve your security.

Leaving the door to your company’s sensitive data open, you are an easy target for exploitation and leaving your organisation at risk. And with GDPR now in force, any breaches could have a devastating effect on your business.