Monitoring for Dormant Accounts

by | 14th October 2022

The Challenge:  

In What is data security? What your finance firm needs to know Chalkline said financial services firms are 300 times more prone to IT security attacks than other sectors. Average costs of dealing with cybercrime incidents is higher in the financial services industry, with the average totalling £14 million per company, with financial firms taking an average of 98 days to detect a data breach.

The criteria for inactive and dormant accounts are based on the users’ timestamp and sign-in activity when the users are inactive for between 60 and 180 days.

Why would inactive and dormant accounts be an issue?

Cyber criminals see them as a perfect opportunity to infiltrate your system. Once they are in, they can take over the dormant and inactive accounts.

Ken Spinner in Info security magazine defines inactive accounts like going on holiday and not locking your front door or locking your front door and leaving your keys scattered in your front garden.

Inactive and dormant accounts become Cyber Criminals’ attack vectors. Social Media searches on Facebook, Twitter and LinkedIn show Cyber Criminals the employees who have recently moved to new employers, with their accounts now becoming prime targets for the Cyber Criminals.

Varonis’ 2021 Data Risk Report on Financial Services reported if Cyber Criminals want to infiltrate your system, undetected, they just need to access your inactive accounts, enabling them to take over the accounts, becoming Ghost Users, undetected by your IT Security Team.

It is crucial you remove these dormant accounts from your Active Directory (AD). Varonis quotes around 59% of companies in the financial services industry have 500 passwords that never expire and around 40% of companies have over 10,000 Ghost Users. Poor AD Hygiene leads to Cybersecurity breaches and reputational damage.

The Solution:  

Generating reports on your self-service portal listing all inactive users allows you to keep track of dormant accounts.

An Inactive Account Manager can notify your IT Team of accounts that have been inactive for a specific period of time. Your IT team can then take appropriate action by removing these accounts, removing any security risks.

Ken Spinner says when an employee leaves your company, their department should contact the IT team, who can change the permissions or delete their account.

The Outcome:  

You know which of your user accounts are inactive. You can change their permissions settings or delete them entirely.

Call Chalkline today on 020 3819 3300 or review our IT Security Packages for SMBs page and book a meeting with us, we can help with all elements of cyber hygiene and answer any questions you might have.

Other Posts from Chalkline