Stop Sharing Company Passwords
Password sharing is one of the biggest security issues affecting business today, and yet it is one of the least managed security risks. There are many reasons your employees’ share passwords – work delegation, being out of the office, covering holiday leave, a new employee without access yet, unaware of risks, etc.
Employees share logins and password on a daily basis, not aware of the huge risks to security. Sometimes, login credentials are even written down and taped to the computer monitor. Password sharing is even seen as a necessary to productivity.
Every employee you hire, is hired under the presumption of trust, but every employee who has ever stolen intellectual property from a company in the history of corporate theft, was – without a doubt – also hired in this way.
Sometimes, it’s a mistake. Other times, it’s a deliberate attack to leak critical information to competitors. Regardless, without separate login credentials, many innocent employees can come under suspicion.
Password control is not about mistrusting your employees, but protecting them.
In some small businesses, sharing account credentials are a necessity, especially when dealing with privileged accounts, like the social media accounts, domain administrator accounts, etc, where there is just one account. This gives your employees complete free reign and anonymity, to the point where you become accountable for any purposeful or accidental breaches of security, because there’s no way of pinpointing the culprit.
How to Stop Password Sharing.
Two main ways to stop password sharing is through company culture and utilizing technology.
Sharing passwords is a cultural issue, so establish a company culture that forbids password sharing. The issue should be managed head-on through different channels including HR, IT, and Management. Company culture starts at the top. Many employees share passwords because they are asked to do so by their managers. Management should understand and lead by example.
Educate staff on the dangers of password sharing. An employee may share a password simply because they’re not aware of the threat to themselves, their job, or their company.
Understand Why they Share:
If password sharing is prolific in your workplace, understand the problem. Perhaps managers share passwords when delegating work to staff as there seems to be no other feasible option. Find the source of the problem, and go about fixing it.
If you are going to implement a no sharing policy, it needs to be monitored and enforced. There should be repercussions for anyone who doesn’t follow the trend. Perhaps sharing passwords shouldn’t mean losing your job, as that seems extreme, but if there are harsher repercussions to risking company security, your users will think twice before doing it.
Technology may be the very thing getting you into this mess, but it can also be used to your advantage.
Restrict Concurrent Logins:
Not allowing simultaneous logins will prevent two employees using the same password at the same time. This will discourage users from sharing their password if they can’t use their own login when someone else is using it.
Your employees care about their own access and their ability to do their job, so if giving their password to someone else means they cannot access their account, they will be encouraged to keep credentials private. It also prevents an unauthorised user logging into a database while a legitimate user is working.
You can limit employees’ accessibility to buildings or workstations, departments, devices, or even set time limits. For example, HR can only access their database from their department on level four between 9 – 5 pm. Or limit access to select computers, meaning no one will share passwords, as they cannot use another employee’s password on their computer anyway.
Alerts and Automatic Logouts:
Use technology to your advantage. Consider a pop up alert to let your staff know the importance of not sharing their password as they log in. And an automatic logout is a great idea, so when an employee leaves their computer unattended for a certain length of time, someone can’t use their login.
React to Suspicious Activity:
Monitor the use of passwords, so you can shut down the accounts and log out people who appear to be sharing or misusing login credentials.
Make passwords expire so they become obsolete and can’t be reused by someone trying to harm the company.
Digital security has become harder with the trend of storing corporate information in the cloud. Valued information is no longer safely tucked in a safe at the office, but roaming between your company to people’s homes, through employees’ tablets, desktops, and phones.
In this case, you need more than just a cultural shift in password security. You need a platform that protects you and your business. Vault One is making it their mission to eliminate the need for password sharing completely. Imagine a platform that can protect your passwords from user error, hold them securely, and not disrupt productivity.
Vault One tackles those problems by centralizing passwords in a digital vault located in the cloud. Privileged accounts and passwords are protected because Vault One limits the disclosure of them with users, without restricting their jobs. You don’t even need to share the password when providing access to a server via SSH, RDP or Telnet. In other words, with Vault One, a user can be logged into an account or given access to a resource without ever seeing the password.
Talk to the team at Vault One today, and take a step forward with your company’s digital security.