Zombie accounts and haunted devices: As bad as they sound

As Cybersecurity Awareness Month comes to a close, we’re diving into the eerie side of cybersecurity. Threats like forgotten accounts or unsecured devices could provide easy access points into your organization and put sensitive data at risk.

Let’s explore the hidden dangers of zombie accounts — inactive user profiles that, if left unchecked, can provide a backdoor for attackers. We’ll also examine the risks posed by using personal devices for work, and how unauthorized access can expose sensitive data.

Zombie accounts

Zombie accounts are unused accounts that still have access to your company’s systems. These are often forgotten but can be resurrected by cybercriminals to wreak havoc. Treat zombie accounts like the undead—they need to be put to rest before they cause any harm!

Back to life: When employees leave the company or change roles, their old accounts may not be deactivated. Hackers take advantage of these accounts because they are easy to exploit without anyone noticing.
Unless regular audits are conducted to catch these zombie accounts, they might not be identified and removed.

Burying the undead: Check the Deactivation Policy: Make sure your company deactivates accounts when employees leave or no longer need access.

Monitor access logs: Keep an eye on who’s accessing what, so you can spot any unusual activity from zombie accounts. Report any suspicious activity to a supervisor.

Scary fact: 31% of employees in the U.S., U.K. and Ireland report having access to a previous employer’s software accounts after leaving the organization.

Haunted devices

Are you aware that your personal devices might be haunting your organization?

We’ve all got gadgets we use for work, but if they aren’t properly protected, they could become haunted by cyber threats.

Devices like your phone, laptop, or tablet could get infected with malware (malicious programs designed to steal your information) or become entry points for hackers if they aren’t secure.

A recent report found that 83% of companies allow at least some of their employees to bring their own devices to work.

When you use your phone or laptop for both work and personal purposes, it only magnifies the number of threats and the implications of a cyber incident. If a cybercriminal gains access, they could steal your data or use your device to access the company network.

How to stop the haunting

• Keep Your Software Updated: Those pop-up reminders to update your device aren’t just annoying — they’re important! Updates often include patches for vulnerabilities that could lead to a breach.
• Avoid Public Wi-Fi: Public Wi-Fi can be dangerous, especially if you’re doing anything sensitive, like logging into work accounts. If you have to use it, make sure to connect through a VPN (Virtual Private Network) to protect your data.
• Know your organization’s BYOD security policy: Ask your manager or IT team about your company’s Bring Your Own Device (BYOD) Policy. If you are using a personal device, make sure you follow any security policies in place.

Reach Blair IT to keep your network safe and secure

Have staff members at your organization been victimized by phishing scams, opening your work systems to malicious attacks?

Contact the security experts at Blair IT to discuss how to create a network protected against scammers and cyber criminals. Call us at 614-898-9925 or fill out our online form to request a consultation today.