Carl Mazzanti is the president of eMazzanti Technologies in Hoboken. | I was working in the lab
Late one night When my eyes beheld An eerie sight…
–Monster Mash – Bobby “Boris” Pickett |
Nobody wants to be around a zombie, especially in October as Halloween draws closer. But here is a spooky thought: your business may be a breeding ground for them.
In a previous NJBIZ column, we warned about the Cyber Security threat posed by zombie, or past-due, “phantom records” and vendor accounts. However, business owners and other entrepreneurs should be aware that offboarded employee email and other unused zombie accounts can also be at risk. It is a chilling thought: your company’s former assets are now turning into liabilities. Fortunately, an experienced Cyber Security consultant can help.
The challenge starts with a gap in the actions companies routinely take when an employee exits, voluntarily or otherwise:
- The employee will have to turn in their keys or ID cards and any other accessibility assets.
- They turn in any mobile device, laptop, or other electronic equipment.
- They turn in any corporate credit cards.
- Depending on their position, the employee may be asked to sign a nondisclosure agreement.
- Depending on the circumstances, the employee may be searched to be sure they are not leaving with sensitive materials.
But what about their email account(s), lead source and other subscriptions, and registered domain names? It is not unusual for companies to maintain an ex-employee’s email address and simply redirect it to another existing employee’s email account. While this enables the successor employee to keep up with the ex’s business correspondence, it also opens up another path for phishers and hackers to penetrate the company’s Cyber defenses.
Ditto with the ex-employee’s subscriptions. When companies reduce headcount and reallocate email accounts, they’re actually creating more “busy work” for existing employees, who now have to dig through a higher volume of emails, many of which are spam.
In fact, nearly one-third of a worker’s day is spent digging through emails, according to published reports; and 45% to 85% of the emails are spam anyway. So besides opening an additional attack vector, these zombie email accounts act as time burglars, eating away at employee productivity.
The zombie email problem is not limited to ex-employee accounts – it extends to ties with zombie vendor, supplier, and customer accounts too. When a vendor, supplier, or customer closes a shop, for example, their domain name may still be active but could be under the control of a bad actor who now has access to your company’s email or other portal.
Savvy business owners, however, can exorcise these Zombie accounts. One step is to have managers periodically go through email and other accounts to prune the deadwood. Do you have customers, vendors, or others that you know are out of business? Shut down the account or take it off your “whitelist” of approved emails.
Are you forwarding emails from an ex-employee to active employees? Review the emails and determine which ones are from legitimate partners, then reach out and give them updated contact information for the active employee taking over the relationship. Then, after making sure you are keeping good backup records in the cloud, go ahead and shut down the ex-employee’s email account.
Do the same for any lead generation or other accounts the ex-employee had signed up for. And finally, going forward, do this kind of pruning a lot faster. Many businesses wait 90 days or more to begin addressing the challenge of an ex’s email and other accounts, but that is way too long. Instead, try to start the pruning process within 24 to 48 hours of an employee’s departure.
Trimming this kind of fat is good for a company’s health. It can boost productivity and add another barrier against zombies and other bad actors. And it is a lot more effective than garlic or wolfsbane.
Free Cyber Security Assessment
The time is NOW to begin planning your Cyber Security Strategy