Part 3 of the password management series gets at a really important topic for businesses, especially smaller businesses that don’t have a lot of extra resources for dealing with IT admin. Using a centralised access control system to make sure your systems aren’t accessible by people who have left your company is a crucial element of overall security.
You control access to your office. Why not your IT?
The last time an employee left your business, did you revoke their access to your IT systems? Are you sure? Do you have a way to check?
What kind of information could your former employees get if they still hold valid credentials (even though they no longer work there)? Depending on your business, the answer could include client data, proprietary research, or your financial information.
A former employee could use un-revoked credentials to view or download information that might help their new employer lure clients away from you or steal your ideas, which could be very bad for your bottom line. An employee who left angrily (perhaps because they were fired) could be even more dangerous, and might use their login to implant ransomware, viruses, or other malware.
Even if the departed employee would never do anything to harm you themselves, if their computer or records were compromised, someone else could get those same credentials – and that individual might not be so well-meaning.
Protect yourself with centralised access control
There are a number of ways to help make sure your business isn’t exposed to malicious password use after an employee leaves, and they all fall under the umbrella of “access control”: controlling who can view and change what, when and how.
Good access control starts with company policy. It should be part of your HR offboarding routine to cancel an outgoing employee’s credentials the same way you delete their door code and take back their keys.
That said, when it comes to passwords, revoking credentials manually can be time consuming, depending on how many systems a person had access to and how many unique passwords they used.
Manual revocation is also subject to human error: it’s easy to forget a system or miss a step such that an account you thought was closed remains open.
The safer option is to establish a centralised password management and access control system that gives you complete visibility into the use of all your systems and a single point to activate or revoke permissions. At a glance, you’ll be able to see who has credentials to what systems, and when an employee leaves your company, you can instantly revoke their privileges for anything on your network.
With good access control procedures, you can be more confident in the overall security of your data and systems.