You had never fired someone before. It was one of the most uncomfortable things you had had to do since starting your business. However, you never expected it to also result in the biggest threat to your business to date, a ghost user aka ghost account.
It was a dark, stormy night. Earlier that day you had to let go of your underperforming assistant, Gary.
“It was the right thing to do,” you tell yourself.
You had worked too damn hard to start a business of your own. Your life savings went into this risky venture and you weren’t about to allow anything to get in the way of this company’s success. Gary seemingly had good intentions but was constantly messing up orders, forgetting to send client invoices, and had a slight attitude problem.
Although letting go of Gary was the right decision, this meant you now had to do everything yourself on top of trying to find a new assistant which is a daunting and time-consuming task in itself.
With a deep sigh, you get right to work. “No time to dwell. No distractions.”
What you didn’t realize was that, in the haze of being flustered over this uncomfortable situation, you forgot to sever Gary’s access to all your business’s accounts, files, data, and more. What you also didn’t realize was that he wanted revenge. He was angry and hurt and he wanted to hurt your business just as you hurt him.
After realizing he still had employee access to all of your business’s information, he proceeded to change every password he could think of, transferred all the data and files he could find from your OneDrive to his personal computer, began posting inappropriate content to your social media streams, altering your files, and more.
“That’ll show them.”
***
Ding!
Your phone’s text ring went off. No matter. You’ll answer it later. You’re far too busy right now.
Ding… Ding… Ding, ding, ding!
With an exasperated sigh, you pick up your phone to see what the big emergency is.
Mom: What’s going on with your company’s socials?
Jen: did you mean to post this?? *Screenshot*
Jen: i think you’ve been hacked!
Mom: Honey, I think you should change your passwords. Looks like a hacker.
Michael: I think someone got access to your socials…
Jen: they posted again… i’m reporting the posts but you should change your passwords!!
“What the hell?”
You open your Instagram app only to see the login screen. That’s weird. You should be signed in already. Your password doesn’t work. You try Facebook, Twitter, and LinkedIn and get the same message time and time again: Wrong Password.
You think for a second you may be typing in the wrong passwords after all so you go on OneDrive and try and look for your Password Excel master sheet. OneDrive is empty. What the actual hell? This must be a nightmare.
Ding!
Gary: I’ll give you back your passwords and OneDrive files for $10,000. I’ll be posting until then.
Of course… Of course, it was Gary. I forgot to sever his access to the business’s accounts and files. How could I be so stupid? Do I even have $10,000? Oh, God!
There is no time to panic. You need to fix it and you need to fix it now.
Me: I’ll give you whatever you want. Just please give me back my business.
The End
That was scary, wasn’t it? The worst part is that this happens every day! Maybe not the same scenario, but data is held hostage constantly and most business owners find themselves without a choice in the matter but to give the hackers what they want in order to save their business, which, as we learned, can be quite costly.
“Ghost” users, a.k.a. “ghost” accounts, are are active accounts of former employees on your company’s corporate network that remain active after their departure from the company. Not only is it unnecessary for these users to remain active, but you run a risk of a cyberattack, much like this business owner.
Lucky for all of us, there is software you could use that automatically cut off former employees’ access to your business’s information. Contact WheelHouse IT to learn more!