During every school year, faculty members resign, students graduate and staff are terminated. However, when a student or an employee leaves the school, who makes sure their accounts are deactivated and deleted?
When user accounts become inactive, obsolete or abandoned, they must be deleted for security and compliance reasons. On dormant accounts, unusual activity could go unnoticed and undetected for quite some time, potentially causing significant risks to a school’s network.
Stale user accounts, especially in Active Directory, are one of the biggest concerns for IT. Here are 3 ways your school can do to prevent and eliminate inactive and orphaned user accounts:
- 1. Have a clearly defined and well-communicated internal process for updating accounts when an employee or a student leaves. Although this seems obvious, many organizations surprisingly do not have these policies. As a result, when companies or schools face unauthorized access issues, they are completely caught off guard and totally unprepared.
- Automate cleanup of inactive and obsolete user accounts using an identity management system. When employees or students leave or their status changes, automated deprovisioning will deactivate and delete user accounts automatically, restricting access across all systems and applications.
- Conduct periodic audits to ensure all cloud applications used are being managed by your school’s identity management system. Even when a school has an identity management system in place, students and staff will often create outside accounts. Periodically poll your users to see which systems and applications they are using, and be sure to add them to your identity management system if they are not already there.
Dormant and obsolete accounts in Active Directory can serve as a gateway for attackers. These accounts can sit unnoticed and undetected for quite some time, that is until a hacker attempts to gain unauthorized access and potentially threatens to exploit sensitive information. Minimize and avoid these types of security risks by implementing the best practices above.
Let us know if you’re searching more advice on how you can protect your school from the potential hazards of stale logins, old passwords and inactive accounts.
You may be interested in this related post:
Orphan Accounts. What’s the Big Deal?