After Indianapolis-based American College of Education fired its IT manager, it discovered that the administrative password to its Google cloud account was changed, preventing 2,000 graduate students nationwide from accessing their email, papers and course work.

The online college asked the former employee to unlock the account. He said he was willing to help out if the college would pay him $200,000; after all, he shouldn’t be expected to work for free, he claimed. Google wouldn’t unlock the account because it did not belong to the college and it was wary of falling victim to a social-engineered hack attempt.

This incident, still in litigation, points to the need for organizations to review their IT policies to prevent such calamities.  They waste time and resources, cost money to correct, and diminish reputation.

Here are a few best practices to consider for your IT department…

• All accounts to cloud and other online services should be in the name of the organization, not an employee.
• There should be more than one administrator on file with online services so that access can be maintained if one administrator leaves the organization.
• Any credit cards used to pay for a service should be in the name of the organization, not an individual. The delay in proving ownership and getting a service re-established can be quite disruptive to business operations.
• As a matter of policy, any change in admin credentials should be immediately reported to the appropriate C-level executive who should keep a log of such changes.
• When an admin resigns, revoke access to systems and networks immediately; if dismissed, revoke access beforehand.

Do you have everything in place – systems, tools and policies – to reduce your risk? DataLink can help you get where you need to be.   Contact us today: 410.729.0440 or sales@DataLinkTech.com.