How to enable safe employee password sharing
At home, a surprising 71% of people are happy to share their passwords with a spouse or partner. In the home environment, this may seem like a relatively low risk practice. However, it is crucial your employees are made aware of the difference between sharing a personal login, and sharing work account credentials.
This guide will outline the risks associated with employee password sharing and discuss the importance of having robust policies in place.
The risks of password sharing
The vast majority of consumers have heard of security breaches involving household name companies. This includes Yahoo, Facebook, Adobe, and many more. As a result of these high-profile security breaches, 87% of Americans are somewhat concerned their personal information will be compromised online. Unfortunately for businesses, many individuals—including employees—will not fully understand the consequences of a breach, and may not even be aware of practices they should adhere to for the safety of their data.
In a recent survey of 1,507 adults in the United States, SurveyMonkey discovered that 34% said they share passwords or accounts with coworkers. This means that more than 30 million of the 95 million American knowledge workers could be sharing with their colleagues. Nearly a quarter of the people surveyed also admitted they reused the same credentials for multiple accounts in a work setting.
Employee password sharing in the workplace carries a significant risk to businesses. In fact, 81% of hacking-related security breaches are the result of weak or stolen passwords. Moreover, once a hacker gains access to your system, shared credentials make it far easier for them to also compromise other areas of your network. This means your company could potentially risk facing legal issues, especially if you’re an MSP and customer privacy rights have been violated.
There can also be personal implications for employees. For example, they risk losing access to business-critical software if a hacker changes their login details. Furthermore, if an employee uses the same password for multiple accounts, a hacker could try it to gain access to other things, such as social media accounts, personal bank accounts, and more.
So why do employees share passwords when it is so risky to do so? Of the surveyed workers, 42% said they do it because it makes collaboration easier, while 38% said because it is company policy. These results demonstrate that leadership can intervene and improve security by providing better ways for employees to collaborate, in addition to establishing robust sharing policies.
The importance of password sharing policies
Surprisingly, almost 40% of people who share passwords with other employees do so in accordance with company policy. If your company encourages or enables employees to share credentials in an unsupervised or uncontrolled way, it’s time to review your policy.
Your revised password policy should include the following industry best practices:
- Choose solutions that allow for single sign-on (SSO) whenever possible. SSO will reduce the likelihood of employees sharing passwords that are also linked to their email account.
- Enable two-factor or multifactor authentication wherever you can—this will make it much harder for a hacker to gain access, and will discourage sharing due to the extra layer of authentication.
- Encourage employees to use complex passwords. They should include uppercase and lowercase letters, symbols, and numbers. They shouldn’t include any personal information that might be found on your social media profiles.
- Urge employees to avoid using the same password for multiple products or services.
- Promote the use of a secure password manager.
- Implement granular access control, like role-based permissions, for accounts and systems.
Utilizing a password manager
The N-able™ Passportal™ secure password management solution can facilitate the process of sharing credentials. This encrypted and highly efficient solution was built specifically for MSPs and offers a range of advanced utilities, including robust reporting and auditing, change automation, and privileged client documentation management. Passportal helps your team implement best practices by storing credentials and knowledge in an encrypted vault—which is controlled by role-based permissions and multifactor authentication.
Passportal helps companies manage risk by allowing you to automatically generate strong passwords. With N-able software, you can also grant or revoke access quickly to avoid lending credentials to new technicians, and instantly revoke access when others leave.
Overall, the Passportal solution offers MSPs a robust and dependable way of managing employee credentials, significantly reducing the chance of a breach occurring. Although password sharing among employees seems to be a fairly common practice, the risks associated with it shouldn’t be ignored. To learn more and start increasing your security today, a demo of the Passportal solution is available.