Ghost accounts are a growing threat to the security of your business’s online accounts. Unused accounts provisioned with a high level of access, or ghost accounts, represent a potential threat to the security of your online assets, including your domain names, hosting, and SSL certificates.

What’s a ghost account?

Provisioning appropriate access and edit rights to your online accounts is an essential part of working collaborative with partners and employees. But when partnerships end or employees leave, their accounts are sometimes left behind, with full access rights to services that are very sensitive for your business, including domain names, hosting, and SSL certificates.

These often overlooked accounts, called ghost accounts, sometimes get forgotten for years, leaving a possible security vulnerability out in the open.

Why are ghost accounts dangerous?

Ghost accounts are easy targets for attackers because they are more or less “abandoned.” Which is to say, there is nobody logging in to use them regularly, and nobody updating passwords that may have been compromised.

What’s more, a ghost account that has full access to sensitive assets can give attackers access to those assets, enabling them to either steal them outright or hold them for ransom.

How do you protect yourself from ghost accounts?

There are a few things you can do to keep your online assets safe from attacks exploiting ghost accounts:
• Grant permissions sparingly; only give someone access to something if they need them for specific roles or tasks
• Delete or remove permissions on accounts that no longer need access
• Audit your users and review their permissions at least once a year

By following these three steps, you can neutralize ghost accounts and better protect your online assets. Beware ghost accounts, but also, know how to bust them.