Implement a user life cycle
When we talk about user life cycle, we often have 'unused accounts' of past employees in mind. They are, indeed, an easy target for impersonation attacks because their malicious use or blocked status are not detected by a physical person. Deactivating them seems to be the most obvious thing to do. But it goes beyond that simple action. Understanding the value and importance of implementing a user life cycle within your company is crucial.
The user life cycle can be visualized in a loop composed of four steps.
Access Management Audit : As shown in the figure, the first continuous step is to have a clear view of who is having access to what in the company. It can be a newcomer, a manager or an IT person. Every access right has to be seen and managed in order to prevent any security failure. For administration of user management, we suggest that someone in your business, together with HR, has up-to-date staff lists at their disposal.
Hiring Process : Once you have that clear view, you can better manage any new employee by giving him/her enough access as well as identification informations (login and password). At this level, the complexity is as low as the security risks involved.
Change Process : This step comes in whenever a change in the identification informations or the access management occurs. Any modification should be assessed and applied within the access management policies of the company. At this step, the security risks become higher.
Leave Process : Once an employee is about to leave or be fired, his account becomes a typical target of attacks like other unused accounts, as such accounts being compromised will likely pass unnoticed. To keep access to any evidence, the accounts do not have to be deleted, but must be deactivated to make it impossible to use them but possible to look in the backups for evidence (advised period is 6 months after leaving date).