The unpaid summer intern that could cost you millions

Courion®, the market leader in intelligent identity and access management (IAM), recommends that now that the summer holidays are finished and term time is almost here, companies take a close look at a common access risk factor that may be leaving them vulnerable to a data breach: abandoned accounts associated with student summer time workers and interns.

Most organizations hire seasonal workers, especially in the summer months when university students are available and interested in employment, often at low or no cost to an employer. These temporary employees are given access to company resources, and may even be using privileged access credentials shared by a manager. Many companies forget or neglect to terminate accounts used by temporary employees and interns when summer ends. What’s more, as a company grows and other employees are transferred or terminated or temporary workers or contractors leave the organization, the number of abandoned accounts can grow – significantly.

Abandoned accounts are not revealed during the typical periodic audit that an IT department might conduct, so these accounts often go unnoticed. The problem is, abandoned accounts provide hackers with an easy way to gain access to your network. In addition, seasonal employees are not tied professionally or emotionally to your organization and may be more prone to explore your network and exploit access vulnerabilities, even at a later date.

Reducing or eliminating access risks such as abandoned accounts makes sense as a way to minimize the possibility of a data breach, but CISOs need an efficient way to uncover them. To assist with this problem, Courion now offers a complimentary quick scan evaluation of access risk which leverages the award-winning identity and access intelligence solution, Access Insight, to help organizations gauge whether they have an abandoned account problem. Based on evaluations of access risk recently conducted by Courion at more than twenty major corporations, organizations often have not just a few, but thousands of abandoned accounts.

Both the 2014 Verizon Data Breach Incident Report and the SANS Institutes Top 20 Critical Security Controls recommend that CISOs know who has access to their data and review user accounts on a regular basis. That’s why Courion’s intelligence-driven approach to IAM provides an organization with the ability to “assess first” and uncover issues such as abandoned accounts and orphan accounts with no oversight, or accounts with more access than is truly needed.

“Once hidden access risk factors are eliminated, an organization can continue to leverage the intelligence integrated within the Access Assurance Suite in provisioning and governance operations,” emphasized Chris Zannetos, CEO of Courion. “An organization can not only start, but also stay compliant, because continuous monitoring is built into the suite that automatically detects, notifies and enables remediation of policy violations as they occur, further minimizing access risk and streamlining future audits.”