Halloween may be a couple of weeks back, but there are still some unwanted ghosts hovering around too many small businesses and nonprofit organizations. In this article, we will describe what ghost user accounts are, why they are a security and operational risk, and how your organization can best protect against them.
What Are Ghost User Accounts and How Prevalent Are They?
Ghost user accounts are user accounts that are still active in your network, but they belong to individuals who are no longer employed at your company. These accounts are also known as ghost users or ghost accounts. A broader definition includes user accounts that are accessible to current workers, who should not have access to sensitive data in the system.
Ghost user accounts have most often been overlooked or forgotten by your IT team. According to Varonis, as many as 65% of companies have more than 1,000 ghost user accounts in their systems. Making the situation worse, 88% of companies with over 1 million folders have over 100,000 folders open to all employees at their organization.
Why Are Ghost User Accounts Dangerous for Your Organization?
Increased cybersecurity risk
Because your IT team is not aware of ghost user accounts, they provide a perfect hiding spot for cybercriminals. Malicious actors can exploit ghost user accounts to obtain credentials for cyberattacks and steal sensitive data. These unmonitored accounts make it easier for cybercriminals to cause data breaches and disruption for an extended period of time without being detected.
Access to ghost user accounts will enable hackers to obtain critical information about your employees, clients, projects, and other sensitive content. These bad actors can also use the accounts as a portal to lock you out of your own network and then demand ransomware before they return control back to your company.
Inefficient use of data and resources
Ghost user accounts can create noise that affects threat detection mechanisms as well as internal communications and operations. Critical data resources from your company are being expended to maintain these accounts rather than being used to help improve operations. High-level data is often being saved in these accounts where it is not necessary, which is both inefficient and a security risk.
Enhanced former insider threat
Most organizations justifiably spend time and resources trying to mitigate the potential threat from unhappy current employees who have access to their network. However, one glaring threat that is too often ignored is the real danger posed by disgruntled employees who have been let go from the organization, yet who still have access to their company accounts.
These former insiders sometimes are looking for revenge when they feel they were mistreated by their organizations, and they will occasionally act maliciously on those feelings. Some examples of the potential damage former insiders can do with their ghost user accounts include:
-Changing passwords to company social media accounts and adding offensive comments and images to your social media to embarrass your organization.
-Changing passwords to files and programs on your network and transferring them to their personal accounts.
-Locking your company out of your own network and demanding a ransomware payment to regain access.
-Granting access to your network and sensitive data to cybercriminals.
How to Protect Your Organization Against Ghost User Accounts
Centralize systems and closely monitor use of all accounts
Your organization should use centralized systems that make it easy to find and revoke access to users. In addition, your company’s IT team or IT partner should make use of an active directory script and other tools to determine which employee accounts have not been used for a significant amount of time.
In addition, special attention should be paid to limit or eliminate the sharing of accounts, especially the accounts that grant widespread access.
Maintain an updated inventory of all IT assets
Your organization should strive to have an updated inventory of all your IT assets including equipment and devices, hardware, software, and all tools that require passwords. Your company should monitor this inventory continuously to ensure all user accounts are captured and controlled.
Ensure onboarding and promotional processes grant sensitive access appropriately
Your organization should make a point of ensuring that only the employees who need access to sensitive data receive it. This oversight starts with the onboarding process and should be followed throughout all employees’ time at your organization.
Follow a thorough offboarding process
With the real threat posed by former insiders, your organization must ensure that there is a comprehensive offboarding process that removes all former employees’ access to your systems as soon as they leave.
There is also the risk of ghost user accounts as a result of former contractors or vendors that had access to your system, so these accounts must also be controlled carefully.
Because of the danger represented by former insiders or partners, your organization should have sufficient IT or HR resources assigned to ensure that this off-boarding process is followed accurately.
Follow strong password protocol including MfA for all user accounts
One glaring problem with many ghost user accounts is that because they were created long ago, they often do not have the latest security features attached such as MfA. Your company should develop and strictly follow a strong password policy that applies to all user accounts.
Consult with an experienced IT Support Partner
The most important recommendation we can give you to best defend against the negative impact of ghost user accounts is to work closely with an experienced IT Support partner. A dependable IT partner, like Network Depot, will help you formulate policies and processes as well as select and install tools, which will ensure that you can resolve the issue of ghost user accounts.
With an understanding of the threat posed by ghost user accounts and the help of a trusted IT Support partner, your organization will be able to keep its focus on achieving your unique goals.