By Heath Gieson, CISO / EVP of Operations, Forthright
As we continue our Cyber Security Action Month series, we’re shifting our focus from login security to something just as critical—but often overlooked: user account inventory.
Let me ask you a simple question: When was the last time you reviewed your user accounts? If you had to pause and think about it, this article is for you.
In today’s hybrid and fast-paced environments, user accounts are constantly being created, modified, and—too often—forgotten. Contractors come and go. Employees change roles. Systems get decommissioned. But the accounts? They often linger. And every unused or over-privileged account is a potential entry point for attackers.
Why User Account Hygiene Matters
Inactive or orphaned accounts are low-hanging fruit for threat actors. These accounts often:
- Lack MFA enforcement
- Go unnoticed in audits
- Retain access to sensitive systems
- Are not monitored for unusual activity
In short, they’re a liability.
Your Action Item This Week: Audit Your User Base
Here’s how to take action:
- Run a Full User Inventory – Start by pulling a comprehensive list of all user accounts across your identity providers (e.g., Active Directory, Azure AD, Okta). Include service accounts, guest users, and any federated identities.
- Identify Inactive Accounts – Look for accounts that haven’t been used in the last 30, 60, or 90 days. These are prime candidates for review. Disable them first—then delete if they’re no longer needed.
- Check for Over-Licensing – Are you paying for licenses tied to users who no longer work at your organization? Or for accounts that don’t need premium features? Reclaim those licenses and reallocate or retire them.
- Review Privileged Access – Ensure that only the right people have elevated privileges. Admin rights should be tightly controlled and regularly reviewed.
- Document and Automate – Establish a routine process for account reviews—quarterly at minimum. Better yet, automate alerts for inactivity and privilege changes.
At Forthright, we believe that cybersecurity is a living process, not a one-time project. Keeping your user base clean and current is one of the simplest, most effective ways to reduce your attack surface.
Next week, we’ll dive into another overlooked but essential action item. Until then, take a few minutes to look at your user accounts—you might be surprised by what you find.
With a commitment to revolutionizing how businesses operate, Forthright empowers organizations to unlock the full potential of secure and compliant digital workspaces, enabling employee productivity.
