Have You Shared Your Password with Your Coworkers? If You Have, You Are a Liability
If you manage sensitive information at work, you probably have signed a non-disclosure agreement along with your employment contract. However, have you really gone through that agreement? Perhaps some confidential aspects boil down to common sense, but you have to remember that there are things you shouldn't share even with your co-workers. For example, sharing passwords is a terrible idea, and we are going to discuss why it is so in this blog entry. So, if you have ever thought of sharing passwords with your co-workers for convenience sake, it's about time you reconsider that. We hope that this entry will help you do that.
Table of Contents
The Biggest Cause of Data Breaches
To be honest, we have touched upon this subject before in our previous entries on data breaches. And here we are talking about corporate and business aspects of cyber security, so please bear that in mind.
At the same time, when regular users hear about corporate cyber security, they probably imagine hackers trying to slither into vulnerable systems. They see complicated schemes that are built to steal money from powerful companies. However, the truth is that a hacker doesn't need to look far to find a way into a target system.
According to a survey carried out by Switchfast, 91% of cyber attacks against businesses originate with a phishing email. This means that there's always a human factor involved, and negligent employees are probably the biggest reason businesses experience data breaches. There are many ways that employees can “contribute” to the annual increase of corporate data breaches, and opening phishing emails on a regular basis is clearly one of them. However, today we would like to point out another aspect of liability that can easily lead to severe consequences.
Shared Passwords
If you tend to share passwords with your co-workers, you automatically put your entire company at risk. For example, a study by One Identity found that 60% of UK organizations share passwords for privileged accounts. What's more, if these passwords are managed through an Excel spreadsheet, it shouldn't be too surprising that eventually this information gets leaked to a malevolent third party.
And we're not talking about intentional information theft. Let's consider the following: You share passwords with your co-worker because your co-worker has to perform some task that requires access to your accounts. Now let's imagine that the said co-worker is performing their tasks outside of the office at some coffee shop with a public Wi-Fi. We have discussed the potential dangers behind using a public Wi-Fi several times, so you should know that it is not a good idea to enter sensitive information into your browser or anywhere else when your device is connected to a public Wi-Fi.
But IF that co-worker uses your passwords and accesses sensitive information while connected to a public network that has been compromised, the possibility of a data breach or a data theft grows tenfold. So it is not just about sharing passwords alone. It all boils down to the complexity of online habits, and it is our duty to either change them or improve them so that we could minimize the potential of a data breach.
How to Improve Your Habits
Now that we have established that sharing passwords is a terrible idea, we should look at ways to break the bad habits and usher in a few useful ones. There are things that both companies and their employees can do to improve corporate security.
As far as the company's to-do list is concerned, if we are dealing with extremely sensitive information on privileged accounts, it is strongly recommended to reset the password every single time someone accesses the account. It is also a good idea to restrict the sharing of passwords that allow accessing accounts that have administrative privileges. Smaller companies may consider using a password manager to generate, store, and change passwords regularly.
Also, let's not forget that the companies should not leave any loose ends around. That is to say; former user accounts should be deleted as soon as possible. Finally, if possible, companies should consider monitoring user activity to know, which account was accessed by which user and when. This would give businesses a far bigger control over their sensitive information.
However, aside from corporate efforts, we shouldn't forget that employees themselves need to reconsider their habits, too. Of course, now you know that it is not a good idea to share passwords. But it's also not a good idea to reuse the same password for several different accounts. Again, if you need help with creating new strong passwords, you can use a password manager. Do not keep your passwords in an Excel sheet or jotted down somewhere on a piece of paper. Such habits can easily lead to a cyber security disaster.
Aside from refraining from sharing passwords and opening phishing emails, there are also other aspects of cyber security that business leaders and employees can employ to improve the overall security level. For example, it is vital to enable multi-factor authentication to prevent data thefts. Of course, there is no such thing as a fail-proof plan when it comes to cyber security, but multi-factor authentication provides an additional level of security that is harder to breach because the identity tokens used in the authentication process are individual and unique. Therefore, if the service that you use has the multi-factor authentication option, you should definitely enable it.
Finally, it is important to realize how vulnerable any kind of data is. The Switchfast survey that we have mentioned earlier found that most of the small business leaders and even their employees do not believe that they could be targeted by hackers. That is the wrong way to look at it because EVERYONE can become a cybercrime target since ANY kind of information can be stolen and sold. Hackers deal in information, and any kind of information is valuable as long as they manage to get their hands on it. Your job is to do everything you can to make it harder for these hackers to achieve their goals.
