When you took their keys back, did you cancel their passwords, too?
The last time an employee left your business, did you revoke their access to your IT systems? Are you sure? Do you have a way to check?
What kind of information could your former employees get if they still hold valid credentials? Depending on your business, the answer could include client data, proprietary research, or your financial information.
A former employee could use un-revoked credentials to view or download information that might help their new employer lure clients away from you or steal your ideas, which could be very bad for your bottom line. An employee who left angrily (perhaps because they were fired) could be even more dangerous, and might use their login to implant ransomware, viruses, or other malware.
Even if the departed employee would never do anything to harm you themselves, if their computer or records were compromised, someone else could get those same credentials―and that individual might not be so well-meaning.
Protect yourself with Centralized Access Control
There are several ways to help make sure your business isn’t exposed to malicious password use after an employee leaves. They all fall under the umbrella of “access control,” or controlling who can view and change what, when, and how.
Good access control starts with company policy. It should be part of your HR offboarding routine to cancel an outgoing employee’s credentials the same way you delete their door code and take back their keys.
That said, when it comes to passwords, revoking credentials manually can be time consuming, depending on how many systems a person had access to and how many unique passwords they used. Manual revocation is also subject to human error: it’s easy to forget a system or miss a step such that an account you thought was closed is really open.
The safer option is to establish a centralized password management and access control system that provides complete visibility into the use of all your systems, and a single point to activate or revoke permissions. At a glance, you’ll be able to see who has credentials to what systems, and when an employee leaves your company, you can instantly revoke their privileges for anything on your network.
With good access control procedures, you can be more confident in the overall security of your data and systems.
Ensure Only the Right People Have Access to Passwords!
Get Cyber Security Services from Twin State Technical Services if you have questions about access control and what might be right for your business. Our team of experts in cybersecurity services will help you sleep easier at night. Keep an eye out for our next blog on how to make sure your password approach is compliant with laws and regulations.
Contact us today for a consultation. Call 563-441-1504 or contact us online.
Tags: hacking, passwords, permissions, security