Every year, faculty staff leave our system as retirees after serving California Community College students and the system. Often, a retiree retains their email account after leaving the college to keep in touch with students and colleagues. However, consistent use of these accounts wanes over time, and credentials used for email access can become compromised through guessing or breaches occurring at third-party services.
By taking over these uncommonly-used retirees' email accounts, a bad actor gains an assumed level of trust and a foothold into the college that, unlike a standard employee email account, may not be noticed. An account that looks legitimate to current staff and students is perfect for social engineering, gaining further system access, or stealing confidential information!
Our recommendations are as follows:
Consider reviewing your policy as to whether or not you provide a retiree email account. Many people have personal email accounts and won’t have need for a local email account. Is this truly a benefit or something that rarely gets used?
Create a policy to deactivate such accounts after a period of inactivity (90 days is a good benchmark). Unused accounts can add an unnecessary exposure to the college and could be targeted by bad actors. Deactivating reduces this risk. If a retiree decides that they want the account later, it can always be reactivated.
If you choose to provide retiree accounts, the Chancellor's Office recommends a designated separate email domain, such as email@example.com, rather than firstname.lastname@example.org, to best differentiate them from regular college email accounts.
By differentiating retiree accounts, extra context is provided to the recipients of their emails in the email address itself.
Suppose a differentiated retiree account asks for urgent help with a project or requests confidential information. In that case, it would be noticeable to students and staff that something is strange. However, with retiree accounts that appear to be active college staff, any bad actor with access could be trusted and undetected to cause significant damage to the college.