Spring cleaning is a great time to review user accounts within the domain or local systems. Old accounts that haven't had passwords changed or used for a long period of time (over three months), should either be flagged for password updates, disabled, or even deleted. While this process should occur year-round, cleaning out old and unused user accounts in the spring can remind us of how they can be leveraged against the business for insider threats if left untreated.