In my capacity as a member of the committee, I've met with a number of cybersecurity firms that advise businesses, governments and financial institutions, and one of the things they talk about is a number of different kinds of accounts. Some are left open when people leave a firm. Some are rogue accounts when somebody comes into an organization and creates an account that just sits there for years. Companies don't even take stock of what's there. There are accounts that have higher authority than they probably should have. People leave or they change jobs.
How can we educate organizations to be mindful of that, because it seems like a very easy fix to deal with a lot of these vulnerabilities that they're leaving themselves open to?