Office parties often accompany a promotion or lateral job
transfer. Celebrations may even be held in the case of a demotion as a group
bids farewell to a co-worker. Demotions aside, most people are quite happy when
employees move within the organization.

One thing that is often overlooked in the frenzy of an
internal job change, however, is network security. Frequently the rights and
permissions required for the previous job are left assigned after the employee
starts their new job. Lax security procedures such as this can potentially lead
to troublesome issues, policy breaches, or violations of state or federal laws.

For example, if an employee in a healthcare facility moves
from a clinical role to a non-clinical role, they should no longer be permitted
to view patient related information. If the employee does access patient
related information that is not required as part of their new job, they are in
violation of the Health Insurance Portability and Accountability Act (HIPAA)
which can lead to stiff penalties and fines for the employee and the

In order to ensure that all employees who work for the
organization have the requisite permissions assigned to their user accounts, all
positions in the organization should have a documented list of the appropriate
permissions that are required for each job title. Although such documentation
may take time to develop, it will prove to be a worthwhile investment for the
organization. Using these lists will allow the network security staff to
quickly determine and assign the appropriate group memberships and permissions
for each employee. When employees change jobs within the organization the
security staff will be able to easily and accurately change the employee’s

One way to ensure that the network security staff is aware
of an employee job change is to require Human Resources to notify the IT
department when an employee’s job status changes. When the network security
staff receives a job change notification they can send the appropriate forms to
the employee’s new manager to ensure that the employee will have the
appropriate rights and permissions on their start date.

In addition to the previous suggestions, the following tips provide
a guide for keeping the rights and permissions up-to-date and increasing
network security. While these simple steps may not eliminate all of the
potential issues, they will help ensure that all employees will have the
appropriate rights and permissions to perform their job.

  • Remove
    network access for employees who no longer work for the organization.
  • Remove
    login accounts to systems that the employee should no longer access.
  • Change
    passwords on systems that have generic or group login accounts.
  • Remove
    outdated group assignments, permissions, and rights when employees change
    jobs within the organization.
  • Uninstall
    all applications that are no longer needed by the employee to save
    licensing costs.
  • Limit
    the rights to change user permissions to prevent others from modifying
    permission assignments.
  • Perform
    periodic security reviews in small and medium sized organizations.