A few days go the tech site, Bleepingcomputer.com published an article about an ex-employee of a hosting provider who deleted all server data. The company in question was out of business for a week. And we start to consider possible claims for damages and loss of customers. Would your company survive when your IT systems are down for a week?
Prevent fraud and mistakes
How could this happen? This had nothing to do with a hacker or ransomware (which are, by the way, real threats as well) but with not having decent internal procedures.
Even if you have trusted employee, it's of great importance to have a proper authorization structure. This does not only prevent fraud but also unintentional mistakes which occur when employee change data or settings, with the best intentions, of things they don't really understand.
Take away the key
And then comes the moment an employee is leaving your company. Do you administrators/operators follow procedures that guarantee withdrawal of all rights of all systems? After all, that is as logical and important as asking back the key of the office. Isn't it?
Don't forget all sorts of useraccounts: suppliers and consultants, auditors or temporarily test accounts. These sorts of accounts are often present and have very broad access rights. Make sure that these accounts are no longer active than necessary for the work that is being performed.
Number of employee vs. number of accounts
Put it to the test, compare the list of your current employee with the accounts in different systems. Are there any differences? If so, it's time for action and important to tackle this structurally. Look closely to the procedures for authorization management. Before your business systems are down for a week, or longer..