Back to blog
Don’t Get Bitten by Zombie Accounts

Don’t Get Bitten by Zombie Accounts

2 minute read

Left behind, forgotten, and ready to pose a threat to your cybersecurity… Are there zombie accounts lurking in your Microsoft 365 environment?


Everyone has accounts that they’ve forgotten about or don’t use anymore. In our personal lives, these ‘zombie accounts’ are long-forgotten logins to social media platforms, online shopping sites, and even message forums.

However, these abandoned accounts are also present in professional organisations, most frequently originating from improper termination of a leaver’s access.

Although it’s very unlikely that the leaving member of staff would try to hack back into the company system after departure, it’s not impossible; leaving any door open for hackers is a very dangerous game to play. That makes zombie accounts a deadly – and oh so quiet – threat to be reckoned with.


Don’t Wait to Be Bitten


Neglecting to address your zombie accounts can unleash many painful consequences for your business’ future.

Unauthorised access is arguably the biggest threat, with lingering access giving former employees a means to continue accessing potentially sensitive data. Meanwhile, cyber criminals looking for an easy score might find their look changing when happening upon an account whose owner used a duplicated – and leaked – password. Bad actors are creative in their means of entry; zombie accounts give them an additional advantage.

Meanwhile, regulatory bodies consistently emphasise the importance of maintaining strict control over user access. Ignoring unused accounts is a fast track to non-compliance, potentially leading to fines or even legal consequences.


Facing Down the Zombies

It’s not all doom and gloom though – there are ways to defend against the risk zombie accounts pose.

Regular company-wide security audits form the initial line of defence, allowing businesses to frequently view the account infrastructure and recognise which identities need deleting before they pose significant risks. Conducting regular checks will help to keep on top of the issue, while a well-structured offboarding process should catch out any zombie accounts before they get a chance to stick around.

Employee awareness – especially through consistent cybersecurity best practice training – is a key supplementary activity. By arming employees with an understanding of the risk, their responsibility, and the nature of passive cyber threats, you’ll have an extra line of defence to rely on

MFA, biometrics, and similar security practices should be enforced to ensure only authorised members of staff have access to certain platforms and data, limiting the opportunity to re-enter former identities.

Cultivate visibility into active and inactive identities with an analytics platform such as Surveil. Building a comprehensive view of unused identities and resources can be a manually-intensive (and very daunting) task; with Surveil’s actionable insights, it’s possible to surface lingering identities, create automated security alerts, and direct anti-zombie action.


Zombie accounts pose a security threat to businesses of all shapes and sizes, with every unused account a potential entry point into your organisation. It’s not just a concern for your IT team, either: there’s a collective responsibility to ensure every window is shut, every door is locked, and no access is left for threat actors. So, what are you waiting for?


Let Surveil’s actionable insights do the work for you. Identify zombie accounts, mitigate their costs, and close the security gap for good. Speak to your Microsoft Partner to get started – or get in touch with our team to find out more.

Related articles