Maybe you are a busy employer wishing for five more hours in your workday, and the thought of going through every email you receive daily is overwhelming, on top of everything else you have on your “to do” list.
Or maybe you’re part of a department in your company, with five co-workers, and you have the same concerns.
So, you wonder, what’s the harm in sharing your passwords to company accounts? After all, you reason, your employees (or co-workers) are trustworthy and you have a good, strong relationship with them. And many hands make light work, right?
A LinkedIn article reveals that sharing work passwords with coworkers is more common than we might think. The article references a SurveyMonkey study showing that 34 percent of workers share their passwords and accounts with colleagues.
There may be many reasons you believe this is a good idea and a time saver, but you should exercise extreme caution when it comes to sharing access. In general, don’t do it!
A password that falls into the wrong hands can result in a data breach, a ransomware attack, or worse – the organization being found noncompliant because unauthorized parties saw data that should have been protected.
Suppose that a well-intended co-worker logs in with your password, and possibly it is done on the co-worker’s home computer. That computer may not be as protected as the office infrastructure. Or even if the co-worker uses your credentials in the office, where hopefully the infrastructure is well protected, who knows if that employee is as disciplined as you when it comes to detecting threats in email. All it takes is one click on an email that is supposedly from UPS announcing a delivery but is actually a phishing scheme. The employee clicks on the email, and then the company infrastructure – as well as your data – is compromised.
Should that occur, suffice it to say that neither you nor the employee you shared the log-in credentials with will be on the fast track for advancement in the company. Breaches are expensive, time-draining and can damage a company’s brand and reputation.
Business.com reports that, for a small business, the cost of a data breach can range from $120,000 to $1.24 million. And for larger businesses, Security Magazine puts the cost of a single breach at $4.35 million, looking at larger global companies.
Other research shows that individuals who use the same password for all their accounts are more than 10%, even with all the training and awareness of the dangers of this practice. And when you look at people who use the same password for some, if not all, of their accounts that rises to more than 60%. Also consider that a number of workers use the same passwords for their personal accounts (banks, for example) as they do for work accounts.
Consider another danger of shared passwords. If an employee leaves the job and still retains the passwords and access, this poses a threat to the company’s security. Even a well-intended former employee poses a problem, not to mention one who left under less than ideal circumstances.
The potential consequences of sharing access can be expensive and damaging.
So, wherever possible, keep your access codes to yourself. If you are in the extreme circumstance where you need to share your password or log-in credentials, you can protect yourself somewhat with these steps:
- Communicate passwords that you will share verbally, either in person or over the phone.
- Do not send password information to someone else via an unencrypted email. Send via encrypted email. Or use a password vault.
- Changing your password and log-in frequently.
- Do not use the same password for multiple accounts.
- Even if you share your password (and perhaps especially if you do), be certain to create a very strong password, and a different one for each account, which consists of capital and small letters, numbers, and special punctuation marks. (Get more password tips)
- If you have shared your log-in credentials for a specific project, change the password when the reason for sharing has ended.
- Use two-factor authentication for access to social media and other sites.
- Encrypt sensitive company data where appropriate.
- Password and management apps, such as Shared Trust, can help make the occasional shared password situation somewhat safer, according to the same LinkedIn article referenced earlier.
- Be certain that you are using a secure method of storing passwords and company access. Some do so in a notebook, which may be susceptible to being seen by multiple people. If you use this method, secure the notebook in a safe place, such as a safe or locked drawer. If you store electronically, there are password managers such as Lastpass or 1Password to manage multiple passwords.
- A related topic is that of “digital legacy,” and how to arrange for who can access your social media and cloud when you are no longer around or able to. We’ll cover this in more detail in a future blog.
Remember, any network is only as secure as its weakest link.
If you are looking to be certain that your network is secure, or if you have questions about today’s topic or anything else related to IT or technology, please contact us for more information or give us a call at (888) 357-4277. We look forward to hearing from you!