What are the dangers of ‘ghost’ users?

Senior Support Analyst

Fav thing about the office

The relaxed, casual, welcoming yet professional environment.

As a child I wanted to be a ... when I grew up

As a child I wanted to be many things, Doctor, Fireman, Police Man etc. I fell into IT when I was unemployed knowing nothing about it, but found I enjoyed it. IT has since been a 24 year, paid, hobby.

Guilty Pleasure(s)

Shutting the door and turning the music up loud when no-one is at home.

Favourite Holiday

The holiday I have not yet had. My upcoming 25th Wedding Anniversary Party in Ibiza.

Describe yourself in three words or less

Unique, Colourful, Professional.

An interesting fact about me

I am a fully qualified Level 2 Football coach and have coached local teams from the ages of 7 - 18.


Polish Vodka, Mediterranean foods, Sci-Fi series and movies

Favourite Band

I do not have a favourite band but my preferred music type is Hardcore Dance.

Karaoke Jam

If I did Karaoke it would be torture. I would not want to torture anyone, well almost anyone.

If I had a superpower it would be...

A Genie’s abilities (but not constraints), as this would grant me what I would require in any given situation.

What I do at Q2Q:

The best way to describe what I do is: I provide day-to-day support tasks ranging from the basic to the more complex installations of infrastructure systems.

For example, I could be installing Flash player for one customer, before moving on to implement a new server system (splitting one overloaded server into several separate fully functional virtual servers), with server replication and backup. I also liaise with 3rd party companies in the resolution of issues relating to their products, whether printers or bespoke software applications.

Background and Achievements

I have worked in Retail, made Vertical and Venetian blinds, been an Admin Assistant, before finding I had an understanding of I.T. and enjoying the work that came with that understanding. My I.T. career has led me to work in many different I.T. environments, ranging from schools, to small I.T. support firms, to British Aerospace with CPC, and ultimately Q2Q. Each have had their merits, but I feel that Q2Q is the right company for me, and their aspirations equal my own.

Hobbies and Interests

Online PC games, Star Wars The Old Republic, World of Warcraft, War Thunder Land and Air Battles, World of Tanks and World of Warships. Watching movies, mainly Sci-Fi and Japanese Anime. Taking Rio (my dog) for a walk. Listening to music, and enjoying the odd glass of Vodka.

Are you afraid of ghosts? Maybe you should be – and here’s why…

We’re not talking about the kind that groan and clank and go bump in the night – rather the ones that can haunt the forgotten corners of your business systems, sometimes with catastrophic results.

Take a minute to think about all users of your online platforms – it could be the most important thing you do today! Are all those log-ins relevant and active? Or do some belong to the ghosts of employees past? Could you still have profiles for people who no longer work for you? How about access for staff who never or rarely use that particular service or database?

If so, your SME is certainly not alone. However, it’s a good idea to check this situation sooner rather than later and undertake any necessary ghostbusting – before such spooks lead to a more serious problem.

Leaving doors open to attack

‘Ghost’ users aren’t simply bad IT housekeeping – they can be a major security threat.

The ability for an ex-employee to access your business information can be dangerous in itself – especially if there’s anyone who left feeling a bit disgruntled. But cyber-attackers looking for a way to hijack your data also pose a significant risk, as an unused but still enabled profile can provide easy entry. This is particularly hazardous when coupled with weak or old passwords, and security software that hasn’t been updated for a while.

We’re seeing general cyber-security becoming a key priority for many businesses, and rightly so. For example, the NHS has been just one of many organisations to fall victim to hackers recently – the notorious WannaCry attack caused chaos and led to the cancellation of 15,000 operations and appointments. And partly as a result of such high-profile problems, companies are working harder at their IT security across the board to try to make sure something similar doesn’t happen to them.

However, many are still guilty of allowing stale yet enabled users to linger. Unmonitored entryways into business systems can be like an open door for hackers to sneak through without being noticed, access networks and sensitive data, and cause disruption.

Worryingly, any security alerts generated by someone trying and failing to log in multiple times, will not be seen or acted upon if messages to that account are going unread. So, such open doors need to be identified, shut and locked securely – although, of course, it’s preferable to not leave them ajar in the first place!

Making your SME a no-ghost zone

Prevention, as with so many things in life, is better than cure – so try your best to make sure there is nowhere for IT ghouls to grow and thrive.

What do your leavers’ processes look like? Are your policies in this area being fully implemented every time? Have you thought about what happens with regard to sabbaticals and maternity leavers?

You should also be very wary of facilitating accounts that are used across more than one platform, as they can create vulnerability. Similarly, limiting employee access to sensitive data is crucial. Think carefully about who is authorised to reach and amend it – if a staff member doesn’t need to see it, then why not put in measures to restrict reading and editing opportunities?

It’s also wise to figure out what normal activity looks like for a given account, to allow suspicious usage to be pinpointed more quickly and effectively.

These ongoing monitoring processes shouldn’t be for IT teams to shoulder alone. Your HR staff and senior managers – as well as other relevant personnel – all need to work together to make good security protocol routines reliable and consistent.

The art of ghostbusting

Luckily, it can be straightforward to reduce the risk posed by ‘ghost user' accounts. The usual procedure involves investing in centralised systems that can find and revoke stale user access. It’s relatively easy to employ an active directory script to see which accounts haven’t been used in a while – although deactivating these can be time-consuming and costly if there are a lot that need attention.

So, whilst it’s preferable to shut out ghost users as soon as they’ve left, there are removal processes out there to wipe out any weak spots that could be exploited – and help your senior management to sleep a little easier.


Who you gonna call? Q2Q can assist with your ghostbusting needs! Contact us to find out how.

What are the dangers of ‘ghost’ users?