Magpie Tech Tips

May 13, 2020

Sharing Account Passwords with Co-Workers? Time to Stop.

When co-workers share passwords between them, you're asking for trouble. It could be a shared cloud service, an email account, even a shared computer. Each worker should always have their own account & unique password. Otherwise you open yourself up for cyberattack, and more.

Have you ever shared a cloud service with your co-workers? Most of the time, businesses do this to save on costs. You're only paying for the 1 account.

However, this creates a number of risks to your company:

  • Cybersecurity:  Password sharing promotes a culture of sharing accounts and before you know it, people who shouldn’t be on the VPN are. 

    When you change a password, you have to notify everyone, which usually happens via email. That's another security risk.

    Plus, the password is stored on multiple devices in multiple locations, increasing the risk of someone stealing it.

    Finally, you may forget to change the password when an employee with access leaves your company, creating another risk.

  • SOX Compliance:  If something bad happens, you can’t narrow it down to one individual.  This is why SOX compliance requires that software be properly licensed to each employee.

  • Software Copyright Infringement:  Microsoft and Adobe regularly audit business' use of licenses. You'll have to "true up" your licensing under such audits. If you misused licenses in the past, you may have to pay a fine.

How does the cybersecurity risk play out? Say a cybercriminal uses a phishing email on your co-worker. The email looks like it came from the cloud service. This happens a lot with Dropbox and Office 365.

They enter the shared password, thinking they're logging in like normal. Now the cybercriminal can see all the files in the account. Imagine what would happen if they did this for a shared email account. Or a shared drive inside your network!

Cyber Fu’s bottom line:  Don't share ANY passwords between co-workers, and properly license all software for your team.

 

Do you have a cybersecurity question you want answered? Send it in to and it may show up in our next "Cyber Fu Tip."