Heads up: there’s another security threat that could be lurking around your business. And even though it’s almost Christmas, today we’re talking about the undead — undead accounts, that is.
Keep reading to learn about zombie accounts: what they are, how they come to be, and how they could threaten your business.
Zombie Accounts: What Are They?
Zombie accounts are network accounts (login credentials) that are active in your systems but that don’t belong to any current user.
We call them “zombie accounts” because they're, well, undead. Like TV zombies, they should be dead, but no one went and made sure they really were dead. And now these accounts are bumbling around your network, just waiting for some enterprising bad guy to come along, resuscitate them, and find a way to hurt your business.
Why Are Zombie Accounts a Thing?
So far these zombie accounts sound like bad news, and they are. So why do they exist at all?
Well, there are lots of ways to end up with zombie accounts, but by far the most frequent is this: a (real live) employee leaves your company, but that employee’s login credentials remain active.
That now ex-employee’s account is still a fully functional account in most ways; there just isn’t anyone actively using it.
How Does an Account Turn Into a Zombie Account?
You might be wondering how this happens, and the answer’s simple: when someone leaves, someone that’s still there has to manually go into the admin system and delete or disable that person’s credentials.
But that doesn’t always happen. Sometimes that someone is busy or even forgets. Maybe that someone is you — or maybe as you read this, you’re wondering if your company even has anyone doing this important step!
It might (and probably should!) send a chill up your spine, but it’s possible every single ex-employee’s account is still hanging out there, waiting to be exploited.
What Are the Risks of Zombie Accounts?
There are plenty.
We’ll start with the most obvious one: ex-insider threats.
Insider (and ex-insider) threats
if an ex-employee's account is still active, then the password is almost certainly whatever it was on that employee’s last day. If the employee remembers the password, he or she could just log back in to any cloud service, pretty much whenever, wherever.
Most former employees would have no reason to do this, but unfortunately not every employee leaves on good terms or for the right reasons. That’s why it’s good security practice to disable and/or delete accounts right after an employee clocks out for the last time, or close to it.
Credential theft
Next up is credential theft. Scammers are constantly collecting login credentials through a variety of tactics (think phishing attacks and the like). These credentials then get sold on the dark web, and other bad guys could attempt to use credentials to log into various services.
If the person who used to own the zombie account ever had credentials stolen, those credentials are still rattling around the dark web. Eventually someone might use them and attempt access to your systems. From there, you’d be opened up to just about any credential-based cyberattack out there.
This risk is even scarier when you consider how prevalent password reuse and password sharing is.
Overspending on zombie software licenses
Last — and this one’s a little sneaky — you might still be paying monthly or yearly software licenses for that zombie account. With things like Google Workspace, Microsoft 365, Adobe, and any other seat-based SaaS tools you use, paying for nonexistent users is just bad economics!
How to Eliminate Zombie Accounts
Prevention is the best cure here: simply delete or disable accounts when employees leave the company, and your zombie account worries are over. Better yet, set up automated account management systems so that this happens automatically.
Questions on how to do this? We can help! Reach out anytime.