Share what you know with millions of people
Focus is the best place to turn what you know into remarkable content
How often do you check user accounts?
I just saw this interesting post about an employee at the Colorado Dept. of Revenue who used the accounts of two subordinates which had not been removed when they left the employ of the department. The insider then used those accounts to sign off on transactions that netted her $11 million.
You would be surprised how often simple audits can uncover leaks of money. For instance it is a good idea for the CEO to occasionally hand out pay checks on pay day to catch a few phantom employees. Unfortunately in this day of ACH that is not always possible.
But, you can audit your user accounts. Check them against your employee database. Make sure there is a one to one relationship. Account for all of the administrative accounts used for managing servers and routers. Those tend to stagnate and eventually everyone, including former employees, knows the passwords.
Events
- Dos and Don'ts of Small Business Marketing May 29 @ 11 am PT
- Lead Nurturing 202: The Next Generation May 31 @ 11 am PT
- The Tricks to Paid Media June 6 @ 11 am PT
- Display Advertising for Brand Awareness June 20 @ 11 am PT
Related Activity
3 Answers
This is a very good point, Richard.
At the end of the day, as I am sure you have noticed with many organizations, it's the little things that create the biggest gotchas.
A review of user accounts should occur, at the very least, monthly.
Many organizations also run into problems when a user account is used for critical services, and so cannot be easily disabled when the employee in question leaves. Of course, this account is already a critical one, considering who the user was that would have critical functions tied to it. And so the problem is magnified...
-ASB: http://XeeMe.com/AndrewBaker
I suppose this taps into the problems associated with outsourcing, as well - a lot of smaller companies might outsource the management of their firewalls, for example, so even if they company gets their internal process right in terms of disabling accounts of ex-staff, there may still be a firewall rule allowing that ex-employee to VPN into their network. At that point, with their knowledge of patching, running services and any IDS/IPS in place a malicious ex-staff member could start attacking the network without needing authentication credentials.
As much as users don't like it, this is another reason to force the automation of password changes and deny repeat passwords. As techs we keep a multitude of passwords in our head - it is really that hard for the end user to remember the one they use everyday?
On Windows systems you can also set account activation times so that temp or contract worker's accounts expire on a given date.
Answer This Question