It is a situation that every IT manager and CISO of an enterprise dreads: an employee account, either as a result of an offboarding process or directory cleanup, is accidentally deleted from the system. The immediate aftermath of an employee account deletion is not just about the inconvenience to the employee who is unable to log in to the system.
In this post, we shall examine the various effects of an employee account deletion, the technical aspects of data restoration, and what your IT team could do about these IT operational risks.
Immediate Impact on Productivity and Access
The most immediate effect of an employee account deletion is the resultant halt in the productivity of the employee concerned, as they are denied access to company emails, cloud storage drives, communication tools, and software applications. The problem, however, does not end here, as the employee concerned is not the only party affected by the account deletion.
The people with whom the deleted employee was working on a document now find that they are denied access as the permissions of the deleted employee are affected. The meetings that the deleted employee was supposed to host now go missing from the company calendar, as the workflows that were connected with the deleted employee account now go into the unknown.
Technical Overview of Data Restoration
From a technical standpoint, an employee account deletion is not necessarily the end of the road, as most enterprise environments have a soft deletion feature in place, which means that the deleted employee account is put into a suspended state, with the account owner having a grace period of between twenty and thirty days before the account is permanently deleted. The process of restoring the deleted account is done by re-linking the identifier with the active directory, with the user’s inbox, files, and permissions gradually coming back online.
Legal and Compliance Implications
If the deletion survives the grace period and becomes permanent, the organization is at great risk of facing legal and compliance issues. Corporate governance practices may demand that an organization retain communication logs and financial records for a certain period. Deleting an account may result in the deletion of records that are subject to a legal hold or have strict regulations such as GDPR and HIPAA. This is where an IT mistake becomes a huge liability for an organization.
Standard Account Recovery Workflows
The most efficient way of navigating the recovery process is essential in getting the account back online and reducing downtime. To recover an account, one must access their main admin console and find the directory containing the list of accounts that have been removed in the recent past. Clicking on the profile and requesting a recovery prompt usually brings the account online. In cases where an organization uses Google Workspace, deleted Google Account recovery involves an admin accessing their “Recently deleted users” filter in the directory and assigning the user to the correct organizational unit and confirming the restoration of the account.
Preventing Accidental Deletions
The only way to prevent such cases is to have strict administrative practices in place and not rely on human behavior. To ensure that such cases are avoided, IT administrators must implement the principle of least privilege, which grants access only to top-tier administrators. Introducing a secondary approval process that must be completed before any destructive action is carried out is also an essential factor in preventing such cases.
Fortifying Your IT Infrastructure
An unintended deletion of an account is an unfortunate stress test of the strength of your organization. Recognizing the instant productivity implications and potential compliance consequences, CISOs can ensure that recovery is prioritized. Evaluate your current administrative privileges and script your offboarding process today so that a careless click is never an excuse for catastrophic data loss.
1 Trackback / Pingback
Comments are closed.