It’s a common adage in cybersecurity: humans are the weakest link in your defenses. Hackers still do manage to infiltrate networks directly, but more commonly, their preferred route of access is through your people. No matter how fortified your firewall or effective your antivirus, anyone could click on a link and fall for a phishing scheme or be fooled into sharing a password. The risks compound if you regularly take on new employees. Every system they can access also represents a potential entry point for a criminal. You not only need to be able to give employees access when they join, but more importantly, shut down all their access when they leave.
Here are a few suggestions to help you close down those security holes.
An account left open is an open opportunity. Terminated employees have used their unterminated access to steal information or otherwise take revenge. Successful crimes have also been committed when criminals exploit a still-open account after an employee has moved on. Once a criminal has a foothold, they can either use access to one system as a beachhead for escalating privileges or move laterally across systems to gain access to higher-value information. So each and every account with access to EHR, human resources, nutrition, directory services, accounting and other key systems leaves the others vulnerable. When an employee leaves, there’s no reason to leave those accounts active, but it’s easy to overlook one or two—and it happens all too often.
Solutions are available that automate the steps of onboarding. These make the process essentially self-service for the new hire and easier for everyone involved, including human resources and IT staff. Once configured correctly, with a single login the user can either automatically be given access to all the systems the role requires, or receive instructions on setting up new accounts or passwords. On the back end, any manual steps that system administrators need to take are flagged for action as part of a standard workflow. Most importantly, the chain of access and granting various system privileges is completely reversible. That is, when the employee leaves, the system cycles through a series of actions that remove the privileges of all accounts for that individual – and the security holes they represent.
These automation solutions take multiple forms. Sometimes they’re part of a Human Resources Information System (HRIS). This type of software automates the process for HR (payroll, benefits and similar functions) as well as IT. Software that handles only the IT onboarding piece is more commonly referred to as Identity Access Management (IAM) or Single Sign-On, among other terms. There’s considerable feature overlap among these categories of software. Make sure that any you are considering can automate onboarding to the specific systems you use.
Weak passwords, passwords shared across multiple accounts, a tendency to fall for social engineering ruses and ignorance of basic information security are all human-based vulnerabilities. Employee-education services have become an essential part of security. Enroll each new hire in these programs as an integral part of the onboarding process.
One other service to consider is dark web monitoring, which crawls illegal online marketplaces looking for stolen login credentials for sale. If they find any credentials of your employees, you’ll receive an alert so you can delete the account or change the password to something stronger and more secure.
At FIT Solutions, we have partner relationships with many service providers who are the best in the business at what they do. We can assist you with selection, setup and ongoing best practices to support all of your new hires and also to close down access for former employees. If you would like to know more, give us a call at 888-339-5694.