Have you ever shared a cloud service with your co-workers? Most of the time, businesses do this to save on costs. You're only paying for the 1 account.
However, this creates a number of risks to your company:
- Cybersecurity: Password sharing promotes a culture of sharing accounts and before you know it, people who shouldn’t be on the VPN are.
When you change a password, you have to notify everyone, which usually happens via email. That's another security risk.
Plus, the password is stored on multiple devices in multiple locations, increasing the risk of someone stealing it.
Finally, you may forget to change the password when an employee with access leaves your company, creating another risk.
- SOX Compliance: If something bad happens, you can’t narrow it down to one individual. This is why SOX compliance requires that software be properly licensed to each employee.
- Software Copyright Infringement: Microsoft and Adobe regularly audit business' use of licenses. You'll have to "true up" your licensing under such audits. If you misused licenses in the past, you may have to pay a fine.
How does the cybersecurity risk play out? Say a cybercriminal uses a phishing email on your co-worker. The email looks like it came from the cloud service. This happens a lot with Dropbox and Office 365.
They enter the shared password, thinking they're logging in like normal. Now the cybercriminal can see all the files in the account. Imagine what would happen if they did this for a shared email account. Or a shared drive inside your network!
Cyber Fu’s bottom line: Don't share ANY passwords between co-workers, and properly license all software for your team.
Do you have a cybersecurity question you want answered? Send it in to firstname.lastname@example.org and it may show up in our next "Cyber Fu Tip."