One Rotten Apple Ruins The RMM
RMM systems provide technicians with amazing capabilities, but with those capabilities comes an equal need for managerial control. Without those controls in place, things can quickly turn ugly whenever a technician turns rotten and needs to be “Let Go.”
It sends shivers down my spine every time I watch it.
RMM systems give technicians everything they need to manage hundreds of systems across multiple networks. Unfortunately, when things go sideways those capabilities quickly turn into major risks. Any termination or resignation could potentially turn ugly and that leaves a number of problems that need to be addressed.
There is also the possibility that a disgruntled user logs in post-termination using their account, or by remembering the passwords they used on a daily basis. If those accounts aren’t locked, or those passwords aren’t properly changed, then those technicians can continue to gain access to systems… and if any group knows what systems could be hit to cause the most damage to the business, it’s their technicians.
How can a business address that sort of risk?
There’s no trick to addressing this sort of risk, for the most part it is mitigated by having effective account and password management policies in place. Here are four ideas for policies that would significantly reduce the risk posed by a disgruntled ex-employee.
1. Upon termination, all accounts known and/or utilised by the terminated user are to be locked until they are adequately re-secured.
2. Upon termination, all passwords known and/or utilised by the terminated user are to be changed.
When a technician has their employment terminated there are a number of passwords that should be changed. Not only are there their personal passwords, additionally they often know the passwords of users they supported, shared administrator accounts, website passwords, and passwords for network devices. This means that turning over a technician frequently involves changing dozens of passwords across multiple networks. This can quickly becomes expensive, as changing all those passwords takes a significant amount of time (30-60 minutes per network).
Kaseya AuthAnvil has many ways to address this issue. One effective way involves automating the process with Password Server. If passwords are synchronized and set to automatically generate, passwords can be changed with a click of the report and expiry button.
3. If an employee with access to high-value systems is terminated, those systems must be closely monitored for incursions for a period of no less than thirty days.
4. Upon termination of a technician, all staff with privileged access must be notified of the termination. This is due to the increased risk of social engineering attacks by the ex-employee due to their familiarity with staff and systems in place.
Will having policies like these mitigate all of the risk whenever a technician leaves your company? No, there’s much more to it than that; however, this is a great place to start. Most people overlook the risks posed by ex-employees, especially those that leave on good terms. Who knows what trouble they may have, or what grudges they may have held…
Fortunately, we’ve got a number of resources to help you mitigate those risks. For starters, try implementing policies like the ones we recommended in this blog post.