Hopefully, by now, your information security team has a defined process in place to remove access or privileges when an employee is terminated or transfers to a new role in your organization. Most of us are quick to disable accounts in Active Directory or email, but do you have a well-defined process in place to remove all access for your users? Pause to consider:
Are there any third-party accounts or applications that need to be addressed?
If an accounts payable employee leaves or is transferred, there may be access to bank accounts that should be reviewed and changed if necessary.
Was the user in IT?
You should have a detailed checklist of what accounts and applications need to be changed when an IT employee leaves the organization. Pay attention to wireless network passwords, service accounts, and (most importantly) elevated privilege accounts. It may also be prudent to review the logs for any accounts the user may have created over the past few weeks to determine if they were legitimate or a way to get backdoor access once gone.
Have you considered physical security?
If the user knows alarm codes, combinations to safes or locks, or passwords to camera systems, make sure to change those as well.
Fortified Health Security is committed to strengthening the security posture of healthcare organizations. In the spirit of Cybersecurity Awareness month, we will be posting daily information for you to consider when maintaining your organization’s cybersecurity program.