Your corporate systems contain your organization’s most valuable assets, like personal details, customer lists, sales figures, production runs, project information, and trade secrets. If these assets were to make it into the wrong hands, it could cause significant damage to your organization – financially and reputationally. Managing access to your corporate systems has never been more important.
Who has access to your corporate systems? Ideally, the answer is: only your current employees, and only to the parts they need to do their jobs effectively. But what about your ex-employees? If access isn’t removed for employees when they leave your organization, the risk is not only that they still have access, perhaps to take a peek at your latest customer list. Dormant accounts (accounts with access belonging to ex-employees) are also attractive targets for hackers trying to get into your systems, because the account owner isn’t going to notice account activity. Hackers can easily find ex-employees searching LinkedIn for people who have recently left your organization, and then target the accounts of these ex-employees to get into your systems and get access to everything the ex-employee could.
So what is your process for ensuring that access is removed for employees when they leave your organization? How confident are you that this process is run consistently and in a timely manner, and that there are no dormant accounts in your corporate systems? How often do you check for dormant accounts, and how do you check?
A typical process at many organizations is for HR to notify IT when an employee leaves, perhaps through a service desk system, email, or just a shoulder tap, depending on the size and sophistication of the organization. IT takes the request and then disables the employee’s account at the appropriate time. There are many stages where this process can break down. The person from HR who typically handles this might be away when an employee leaves, or may simply forget to notify IT. Perhaps the email gets buried in the inbox of the person from IT, or they get distracted before making a reminder to do it later, or they are away on the day and nobody else knows what to do. Given the seriousness of the consequences for getting this wrong, a good process should have controls for each of these risks.
At UNIFY Solutions, we have been helping organizations manage their access challenges since 2004, and strongly believe that the safest and most reliable process for managing access is an automated one. UNIFYAssure is a service offering that helps automatically manage access in your organization, including disabling access for employees when they leave, using information from your HR system. To find out more about how UNIFYAssure can help your organization better manage access to your corporate systems, including managing dormant accounts, please see our Why UNIFYAssure page, or our Contact Us page to ask questions, and follow UNIFYAssure on LinkedIn.