Report Finds Companies Have Massive Amounts of Inactive User Accounts

We talked about the concept of offboarding earlier this week on our blog. Why is it so important? Two words: risk & exposure.

The Varonis Global Data Risk Report found that 58% of companies that they surveyed have over 1,000 inactive user accounts. While this massive number may seem irrelevant to a small business (<500 employee organizations), the figures do scale down, and smaller companies typically have even fewer processes around offboarding than larger organizations.

What’s even more concerning than the statistic itself is that many of these inactive accounts are found within the financial services and healthcare industries. That means sensitive financial  or medical data is at increased risk of a breach.

Ok, so why do these numbers matter? 

Think of your company’s network as a physical surface area. The total number of accounts (think accounts with login credentials that provide access to the company network or resources ) equals your network’s total surface area. The greater the number of accounts, the greater the surface area. With more surface area comes more potential points of entry. Increased points of entry require greater IT security with a greater risk for malicious actors to breach the network. When a company has a large number of inactive user accounts, they are unnecessarily maintaining a larger network than is needed. 

From an IT security point of view, proper offboarding is crucial for so many reasons. Correctly offboarding employees that are leaving the company will solve any issues with both unnecessary inactive accounts and stale enabled accounts.

Further, it’s not too late to address past improper offboarding within your company now. Identify inactive user accounts and discontinue them if the employee is no longer with the company. Dissolving inactive accounts reduces network vulnerability tremendously. You should also monitor all your enabled accounts and make sure that they can be associated with only current employees. And yes, from our perspective, every little bit counts. 

If your company is looking to begin proper offboarding practices, check out our blog 10 Steps to Proper Employee Offboarding for IT Security

If you have questions about how to offboard or dissolve inactive or stale user accounts within your network, PK Tech can help. It’s never too late to start prioritizing IT security. Contact us here