Balance connectivity and security in your password management policy.
How many of your employees share passwords with one another?
At first, you might want to say that none of them do. It’s specifically forbidden in your cybersecurity policy, after all.
But there’s a big difference between saying something and doing it. According to SurveyMonkey, one-third of U.S. adults share passwords and account credentials with coworkers, despite knowing that sharing passwords is a key vulnerability.
The key takeaway is clear: Your employees are sharing passwords.
At least, that’s the assumption business leaders in any industry need to make. Regardless of how powerfully worded your cybersecurity policy is, or what disciplinary actions password sharing incurs, the practical benefits make it nearly impossible to avoid.
When remote workers are involved, password sharing often becomes a necessity. When you can neither see nor secure access for an employee or freelancer halfway across the world—or even across town—security issues can quickly escalate.
The problem for executives, shareholders, and organizational decision-makers is that it’s difficult to find out when employees are sharing and reusing passwords. Those workers already know its bad practice—that’s why they do it discreetly.
Business leaders who are ready to accept this fact can craft more comprehensive and better-informed cybersecurity policies. By identifying the security implications of password sharing, especially among remote workers, organizations can plan ahead and keep their systems safe from attack.
What Happens When Employees Share Passwords
Shared employee accounts create numerous problems throughout the organization. They prevent CIOs from effectively securing employee systems and determining what kind of vulnerabilities they may have.
For instance, it’s difficult to trace security-related incidents to their source through a shared account. When each account points only to a single user, any unauthorized activity that occurs on an account points directly back to the individual responsible. But if multiple people can shift blame to one another, the problem becomes deeply complicated.
This problem expands when remote workers are involved. Permanent employees who log in remotely may be logging in on unsecured equipment. There may be no way to guarantee the physical security of that equipment or the kinds of networks through which the remote worker must communicate in order to access company web applications.
The danger deepens for organizations that rely on temporary and freelance workers. Someone could hold on to sensitive account credentials well after their actual work responsibilities have terminated and either sell them to the highest bidder or use them for their own benefit.
In all of these cases, password sharing hugely complicates the process of tracking eventual security discrepancies back to their source. If the compromised password accesses multiple platforms, then a small, preventable vulnerability can easily balloon into an enormous, expensive data breach.
Establish Password Policies for Remote Workers
Even if your remote workers are logging in from secured networks and using physical equipment only they have access to, specialized password policies are still needed. Remote workers and freelancers must uphold higher accountability standards than employees who work in the same office.
If remote-worker access is not regularly policed, people may enjoy access to systems and platforms they don’t actually need to use. Even if the remote worker doesn’t access the system in question, any security breach that occurs becomes difficult or impossible to trace.
If the system or platform is useful for the remote worker, he or she might retain access and use the system for personal gain.
For example, imagine you hired a freelance marketer to operate a HubSpot campaign using your enterprise account. The initiative is a success, and you congratulate your temporary partner for their work.
An enterprise-level Marketing Hub account can cost between $1,200 and $3,000 per month. It would not be so surprising if your temporary marketing partner chooses to use your account for their own purposes, saving thousands of dollars and enjoying access to state-of-the-art marketing tools for free.
This kind of situation happens all the time. The only way to address it appropriately is through regular access verification and password resets. Including policy standards specific to remote workers is key to preventing your freelance partners from taking advantage of your organization.
Implement a Solid Password Management Solution
Even if your password policy addresses all of the dangers associated with password sharing among employees and remote workers, effective password management software remains crucial.
Your organization’s cybersecurity policy can’t address security flaws in third-party providers’ systems.
In a world where 1 out of every 3 web applications still accepts the ten most common passwords, it falls on business leaders to enforce vigilance and good security practice for their teams. Deploy a reputable password management solution today and keep your systems safe.