What are the dangers of ‘ghost’ users?

Are you afraid of ghosts? Maybe you should be – and here’s why…

We’re not talking about the kind that groan and clank and go bump in the night – rather the ones that can haunt the forgotten corners of your business systems, sometimes with catastrophic results.

Take a minute to think about all users of your online platforms – it could be the most important thing you do today! Are all those log-ins relevant and active? Or do some belong to the ghosts of employees past? Could you still have profiles for people who no longer work for you? How about access for staff who never or rarely use that particular service or database?

If so, your SME is certainly not alone. However, it’s a good idea to check this situation sooner rather than later and undertake any necessary ghostbusting – before such spooks lead to a more serious problem.

Leaving doors open to attack

‘Ghost’ users aren’t simply bad IT housekeeping – they can be a major security threat.

The ability for an ex-employee to access your business information can be dangerous in itself – especially if there’s anyone who left feeling a bit disgruntled. But cyber-attackers looking for a way to hijack your data also pose a significant risk, as an unused but still enabled profile can provide easy entry. This is particularly hazardous when coupled with weak or old passwords, and security software that hasn’t been updated for a while.

We’re seeing general cyber-security becoming a key priority for many businesses, and rightly so. For example, the NHS has been just one of many organisations to fall victim to hackers recently – the notorious WannaCry attack caused chaos and led to the cancellation of 15,000 operations and appointments. And partly as a result of such high-profile problems, companies are working harder at their IT security across the board to try to make sure something similar doesn’t happen to them.

However, many are still guilty of allowing stale yet enabled users to linger. Unmonitored entryways into business systems can be like an open door for hackers to sneak through without being noticed, access networks and sensitive data, and cause disruption.

Worryingly, any security alerts generated by someone trying and failing to log in multiple times, will not be seen or acted upon if messages to that account are going unread. So, such open doors need to be identified, shut and locked securely – although, of course, it’s preferable to not leave them ajar in the first place!

Making your SME a no-ghost zone

Prevention, as with so many things in life, is better than cure – so try your best to make sure there is nowhere for IT ghouls to grow and thrive.

What do your leavers’ processes look like? Are your policies in this area being fully implemented every time? Have you thought about what happens with regard to sabbaticals and maternity leavers?

You should also be very wary of facilitating accounts that are used across more than one platform, as they can create vulnerability. Similarly, limiting employee access to sensitive data is crucial. Think carefully about who is authorised to reach and amend it – if a staff member doesn’t need to see it, then why not put in measures to restrict reading and editing opportunities?

It’s also wise to figure out what normal activity looks like for a given account, to allow suspicious usage to be pinpointed more quickly and effectively.

These ongoing monitoring processes shouldn’t be for IT teams to shoulder alone. Your HR staff and senior managers – as well as other relevant personnel – all need to work together to make good security protocol routines reliable and consistent.

The art of ghostbusting

Luckily, it can be straightforward to reduce the risk posed by ‘ghost user’ accounts. The usual procedure involves investing in centralised systems that can find and revoke stale user access. It’s relatively easy to employ an active directory script to see which accounts haven’t been used in a while – although deactivating these can be time-consuming and costly if there are a lot that need attention.

So, whilst it’s preferable to shut out ghost users as soon as they’ve left, there are removal processes out there to wipe out any weak spots that could be exploited – and help your senior management to sleep a little easier.

Who you gonna call? Q2Q can assist with your ghostbusting needs! Contact us to find out how.

Send us a message

    Talk to us

    Lancaster: 01524 581690 (Head Office)

    Preston: 01772 395693

    Technical IT Support illustration at Q2Q HQ Lancaster, Lancashire and the North West