In these times of ongoing layoffs, orphaned accounts on the network are a growing concern. Or should be. These are accounts that still give ex-employees email access and default passwords to sensitive parts of the network.
“Whenever the risks from the insider threat are discussed, it’s usually about the disgruntled or malicious employee within the firewall, abusing permissions to steal data or plant malware,” says security evangelist Ryan Naraine with Kaspersky Lab Americas. “But the orphaned account is a bigger risk and, frighteningly, is often forgotten.”
In fact, some stats in a 2008 Symark survey point to an alarming situation.
- Forty-two percent of businesses don’t know how many orphaned accounts are on their networks, and 30 percent have no way to find them.
- In 30 percent of businesses surveyed, it takes at least three days to terminate an account after an employee or contractor departs. In 12 percent, it takes longer than a month.
- Some 38 percent of companies have no way of determining if an orphaned account has been used to access information.
- Of the few companies who can determine use of orphaned accounts, 15 percent said the account had been accessed at least once.
“In these tough economic times you have to be prudent about expending resources, but in your IT security budget you need to spare some room to create formal policies to deal with ex-employee accounts that are never disabled,” Naraine says. “It’s crucial that companies get serious about keeping detailed inventory of essential data, knowing where it’s stored and who has access to it, and staying alert for unusual data traffic.”