Today’s reminder to terminate employees’ credentials when their employment ends

A consultant investigating breaches found a threat actor using an old, active "Greg from Auditing" account to roam a U.S. city's network, tamper with conference-room devices, and change controls in the water utility—turning many controls off and potentially endangering the water supply. The root cause was failure to terminate departed employees' credentials and lack of unique, protected logins.