Part 3 of the password management series gets at a really important topic for businesses, especially smaller businesses that don’t have a lot of extra resources for dealing with IT admin. Using a centralised access control system to make sure your systems aren’t accessible by people who have left your company is a crucial element of overall security.
You control access to your office. Why not your IT?
The last time an employee left your business, did you revoke their access to your IT systems? Are you sure? Do you have a way to check?
What kind of information could your former employees get if they still hold valid credentials (even though they no longer work there)? Depending on your business, the answer could include client data, proprietary research, or your financial information.
A former employee could use un-revoked credentials to view or download information that might help their new employer lure clients away from you or steal your ideas, which could be very bad for your bottom line. An employee who left angrily (perhaps because they were fired) could be even more dangerous, and might use their login to implant ransomware, viruses, or other malware.
Even if the departed employee would never do anything to harm you themselves, if their computer or records were compromised, someone else could get those same credentials – and that individual might not be so well-meaning.
Protect yourself with centralised access control
There are a number of ways to help make sure your business isn’t exposed to malicious password use after an employee leaves, and they all fall under the umbrella of “access control”: controlling who can view and change what, when and how.
Good access control starts with company policy. It should be part of your HR offboarding routine to cancel an outgoing employee’s credentials the same way you delete their door code and take back their keys.
That said, when it comes to passwords, revoking credentials manually can be time consuming, depending on how many systems a person had access to and how many unique passwords they used.
Manual revocation is also subject to human error: it’s easy to forget a system or miss a step such that an account you thought was closed remains open.
The safer option is to establish a centralised password management and access control system that gives you complete visibility into the use of all your systems and a single point to activate or revoke permissions. At a glance, you’ll be able to see who has credentials to what systems, and when an employee leaves your company, you can instantly revoke their privileges for anything on your network.
With good access control procedures, you can be more confident in the overall security of your data and systems.
COVID-19 and Password Security
The pandemic has transformed the way we work, and created heightened opportunities for cyber attacks and data breaches. Having control over password security and access provides businesses with a simple prevention method to deter hackers from entering your systems and networks, resultantly causing havoc and significant cost.
Following the transition to working from home in March, the need to control passwords and remote employee access has become crucial. At IT Foundations, we have been helping our customers to secure their business information both before and during the pandemic. We have received an abundance of positive feedback from our customers regarding their transition to remote working:
“The team at IT Foundations have been amazing during COVID-19. Working remotely has been so easy.”
Alison Whitley, Links Dental Practice
How IT Foundations can help
We provide a password and access management solution for customers that is specifically designed for businesses to retain control of the password management process. Personal password management solutions like those commonly included in internet browsers just don’t cut it for business purposes.
Watch for our next blog on how to make sure your password approach is compliant with laws and regulations. For more information on introducing a password manager into your business, get in touch with us today.
More in this series:
- Part 1 – Strong Security Starts with Strong Passwords
- Part 2 – Stay Ahead of Hackers by Changing Your Passwords
- Part 3 – Do You Know Who Has Access to Your Systems
- Part 4 – Demonstrating Compliance with Data Security Regulations Can Be Easy if You’re Prepared