How Ghost Users Can Lead to a Network Breach

By Published On: April 26, 2022

Whether you’ve experienced a change in staff due to the Great Resignation or necessary budget cuts during COVID-19, it isn’t a unique situation to have fewer people on your payroll and network. Are you sure that’s the case, though? Perhaps all the changes in the world over the past couple of years have gotten the best of you. If your team is bigger, and your HR or Accounting personnel doesn’t know everyone personally, “ghost users” are a high possibility. Ghost users are, simply put, active accounts for former employees. Their payroll or corporate network access could still be active if you aren’t careful. This is a security threat because money or data could end up in the wrong hands!

Hackers can get on the “ghost user” account and potentially get away with a cyberattack. Because these accounts are inactive and non-primary, malicious actors can secretly utilize the account, undetected by your team. There, they’ll be able to access sensitive data, alter access rights or edit payroll to their benefit. This is especially dangerous if the ghost user once belonged to someone in senior management!

Unfortunately, that last scenario is often the most popular as well. Consider how many files, logins, and restricted access your senior-level staff has. When one of them leaves, you understandably don’t want to lose that data or access! So, you keep their account live. This is problematic though because if a hacker gets on through their account, they too will have that data and access! Here’s what we do and what we advise to appease this situation from getting out of control.

This may seem self-explanatory, but what we manage, we’ll take care of. We will…

  • Disable their account as soon as they leave the company. Oftentimes, the account is integrated with VPN and mail, so those are disabled as well. If they aren’t integrated, it isn’t time-consuming to turn those off individually.
  • If you use our password manager, we can keep an eye on / lock any accounts that are accessible through their email address. Anything you no longer will need; we’ll opt to disable.

What you’ll need to manage is…

  • Accounts for vendors we’re unaware of. Make sure you go down that list and disable their account with each of those vendors.
  • Any login credentials that aren’t in LastPass or somewhere else accessible to you. If possible, meet with the employee leaving, so that when they leave, you can go in and disable them!
    • This encompasses our biggest worry. If your leadership team, nor the Partners Plus team, are unaware of a login, that could lead to trouble. If an employee has login credentials that we’re unaware of, and it becomes part of a Dark Web breach, a malicious actor could attempt that email and password on the site it’s associated with, as well as any other site. This is why using unique passwords every time is so important! If that employee reuses passwords, that singular login combination could get a hacker into multiple personal and professional accounts all over the Internet.

Let’s talk if you aren’t currently using a secure password manager or having an IT professional manage your network security. We are excited to help you through all transitions, whether that’s staff, hardware, or Best Practices.

Bill Hogan

Bill Hogan is the Owner and President of Partners Plus. He has 40 years of experience in the technology industry, specifically IT support services. Bill has spoken at seminars all over the country about network management and published his latest book in 2018. Partners Plus was selected by PHL17 as the best Computer and Information Technology Support Company in the greater Philadelphia area in 2018.

Related Posts
Subscribe to our Weekly Cybersecurity Tips