When it comes to account provisioning, the act of bringing in a new employee, there may be procedures and protocols to getting them set up with email, accounts, computers, and other things; but as important as it is to make sure that new employees are set up, it’s equally important to make sure your company is also doing account deprovisioning.
Account deprovisioning is the account of removing an employee’s credentials, such as company email, account access, computer access, and other things. Here, we’ll look at how deprovisioning works and why it’s important to do so, especially focusing on password protection and security. Password protection is a key and allowing staff members to know them can cause issues in the long-term.
How does account deprovisioning work?
Think of deprovisioning as the reverse of provisioning – just as you would add an employee to the business accounts, deprovisioning is removing an employee from the company. Depending on the service connection, deprovisioning could be as simple as deleting the user or more complicated such as removing them from Active Directory.
Why should I bother with deprovisioning?
Deprovisioning is a very important aspect when it comes to managing employees, especially upon termination. Not only is it just good for organization and keeping track of current and previous employees, but it’s a security measure. There are a number of cases in which former and disgruntled employees have been able to get back into a company via their own credentials or have figured out ways in which to skirt around them.
The most recent of these would be the Sony hack – at the end of 2014, Sony Entertainment, the movie portion of Sony, was hacked by a group known as the Guardians of Peace. The group made public many of the inside document forms of Sony, including current and former employee information (like home addresses, social security numbers, salary amounts, etc), emails between management, and many more. The group then called for the halt of Sony’s movie The Interview; at first, it was believed that the country of North Korea was involved, due to the subject of the movie, but information and events have lead some authorities and cybersecurity experts to believe that a disgruntled employee, along with some current employees, is responsible for the hack.
What happens on the employee side?
Again, depending on company procedure or protocol, once the employee has been terminated, they may receive a notice that their privileges are to be revoked at a certain time or day or they may receive a note to deactivate a service themselves.
Once the termination arrives, the former employee won’t be able to access their former accounts, usually receiving an error when they try to log into that account. As mentioned above, making sure that former employees are not allowed to retain their access can be a major security risk, allowing for them to re-enter the system should they choose, especially if their termination was not a happy one.
This Blog was brought to you by Hypersocket Software and its CEO, Lee David Painter. With over 20 years of industry experience as a pioneer in IT Security, Lee developed the world’s first OpenSource browser-based SSL VPN (SSL-Explorer). Today, Lee runs Hypersocket Software, a leader in Password Self-Service solutions.