The Long Goodbye

Written by

Implementing and maintaining sufficient security for an organization’s computer network is a timely, costly and ever evolving issue. There are various ways to help ensure that those who shouldn't have access are kept out, but how do you prevent an attack from someone who's left your organization and may still have access to information that you are unaware of?

There’s a danger that when an employee leaves your organization they take more than just their belongings with them. A joint study conducted by Intermedia and Osterman Research concluded that, as many as 89% of employees leaving their jobs retain access to at least one business application. Similarly, a survey conducted by Centrify found that as many as half of surveyed IT decision makers (ITDMs) say it can take up to a week or more to remove access to sensitive systems. Whether the employee is disgruntled on leaving or not, personal information, your intellectual property, and your business accounts are attractive and potentially lucrative targets to an individual with easy access to them.

Cloud storage and business applications are increasingly widespread, providing employees with access to larger amounts of information. From the end-user, to your network or systems administrator, the ability to work remotely and problem solve whilst offsite is key to your organisation's efficiency. However, the greater the privileges, the greater the risk.

Password on a Post-It Note

It’s vital you have a complete understanding and awareness of employee accounts, their assigned privileges and what they can access. Uncontrolled distribution of login details and account or password sharing is the equivalent of a password on a 'post-it’ note. At the basic level, your organization should conduct regular reviews of employee access levels, and delete any accounts not required. Furthermore, termination of access to system and application accounts should take place immediately upon personnel leaving the organization.

This, unfortunately, does not account for employees who shared an account, perhaps when locked out of their own, or when an employee needed access to files they wouldn't normally have access to. A third of surveyed UK ITDMs report sharing access credentials with other employees at least somewhat often, with another 52% admitting to sharing access regularly with contractors, and a fix here is enforcing regular password changes with strong password policies.

Session monitoring is a key tool and in particular, privileged session monitoring. This enables your to keep a constant watch over shared accounts, user accounts and privileged sessions. Shared account logins, multiple sessions and suspicious remote access should also be monitored.

This not only provides protection against initial attack, but individual accountability should one arise. At a higher level, for those managers and administrators who have the greatest levels of access in your company, and therefore could pose the most substantial threat, these processes are crucial. The ability to actively monitor, record and audit individual sessions ensures not only user accountability, but user compliance.

Doing What is Necessary

Retrieving business phones, tablets and laptops from departing employees is one way of preventing access to corporate information, but this doesn't help if you support BYOD organizations. Deleting accounts and removing user privileges is a further step, but what of those administrators who set the privileges and effectively “cut their own keys”?

Account access and password management software enables both cloud and on-premises centralized account control to those who need it, when they need it.
Terminating user accounts, removing privileges and denying remote access, along with collecting any mobile accessible devices when your employees leave, is a big, and necessary, preventative measure and can put an end to the long goodbye!

What’s hot on Infosecurity Magazine?