Stop Sharing Company Passwords
- Updated at
- By Naty Santos
- Passwords
Password sharing is one of the biggest security issues affecting business today, and yet it is one of the least managed security risks. There are many reasons your employees’ share passwords – work delegation, being out of the office, covering holiday leave, a new employee without access, lack of risk awareness, etc.
Employees share logins and passwords on a daily basis, unaware of the risks to security.
Sometimes login credentials are even written down and taped to the computer monitor or other places within view.
Every employee you hire, is hired under the presumption of trust, but every employee who has ever stolen intellectual property from a company in the history of corporate theft was, without a doubt, hired this same way.
Sometimes, it’s a mistake. Other times, it’s a deliberate attack to leak critical information to competitors.
Regardless, without separate login credentials, many innocent employees come under suspicion.
Table of Contents
Password control is not about mistrusting your employees but quite the opposite.
In some small businesses, sharing account credentials is a necessity. This is especially true when dealing with privileged accounts, like the social media accounts, domain administrator accounts, etc., where there is just one account.
This gives your employees complete free reign and anonymity, to the point where you become accountable for any purposeful or accidental breaches of security, because there’s no way of pinpointing the culprit.
How to Stop Password Sharing
Two main ways to stop password sharing are through company culture and utilizing technology.
1. CULTURE: Sharing passwords is a cultural issue so establish a company culture that forbids password sharing.
The issue should be managed head-on through different channels including HR, IT, and Management.
Company culture starts at the top. Many employees share passwords because they are asked to do so by their managers. Management should understand and lead by example.
- Education: Educate staff on the dangers of password sharing. An employee may share a password simply because they’re not aware of the threat to themselves, their job, or their company. Understand why they share: If password sharing is prolific in your workplace, understand the problem. Perhaps managers share passwords when delegating work to staff as there seems to be no other feasible option. Find the source of the problem and go about fixing it.
- Repercussions: If you are going to implement a no–sharing policy, it needs to be monitored and enforced. There should be repercussions for anyone who does not comply. Perhaps sharing passwords shouldn’t mean losing your job, as that seems extreme, but if there are harsher repercussions to risking company security, your users will think twice before doing it.
2. TECHNOLOGY: technology can be used to “keep your house in order”. The use of technology makes it possible to:
- Restrict concurrent logins: Not allowing simultaneous logins will prevent two employees using the same password at the same time. This will discourage users from sharing their password if they can’t use their own login when someone else is using it.
- Your employees care about their own access and their ability to do their job, so if giving their password to someone else means they cannot access their account, they will be encouraged to keep credentials private. It also prevents an unauthorized user from logging into a database while a legitimate user is working.
- Limit accessibility: You can limit employees’ accessibility to buildings or workstations, departments, devices, or even set time limits. For example, HR can only access their database from their department on level four between 9 – 5 pm. Or limit access to select computers, meaning no one will share passwords, as they cannot use another employee’s password on their computer anyway.
- Alerts and automatic logouts: Use technology to your advantage. Consider a pop-up alert to let your staff know the importance of not sharing their password as they log in. And an automatic logout is a great idea so when an employee leaves their computer unattended for a certain length of time, no one can use their login.
- React to suspicious activity: Monitor the use of passwords, so you can shut down the accounts and log out people who appear to be sharing or misusing login credentials.
- Expire Passwords: Make passwords expire so they become obsolete and can’t be reused by someone trying to harm the company.
Conclusion
Digital security has become harder with the trend of storing corporate information in the cloud. Valued information is no longer safely tucked in a safe at the office, but roaming between your company to people’s homes, through employees’ tablets, desktops, and phones.
In this case, you need more than just a cultural shift in password security. You need a platform that protects you and your business.
How VaultOne can help you share passwords securely
VaultOne is making it their mission to eliminate the need for password sharing completely. Imagine a platform that can protect your passwords from user error, hold them securely, and not disrupt productivity.
VaultOne tackles those problems by centralizing passwords in a digital vault located in the cloud. Privileged accounts and passwords are protected because VaultOne limits the disclosure of accounts and passwords with the users, without restricting their jobs. You don’t even need to share the password when providing access to a server via SSH, RDP or Telnet. In other words, with VaultOne, a user can be logged into an account or given access to a resource without ever seeing the password.
