"Password Sharing" and its Impact on Enterprise Data Security

By Enterprise Security Magazine | Wednesday, March 20, 2019

Data SecurityOne of the extreme threats faced by enterprises in recent times is that of the data breach. Insiders and cybercriminals are keenly aware of the value of data. Many people don’t understand the risk, and they are also unaware of ways to protect their data, especially when it comes to handling passwords at work. Employees easily share their credentials without giving a second thought about the breach of company policy. In a survey conducted by SurveyMonkey among U.S. adults, it was shown that out of 1,507 participants, one third (34percent) of them shared their passwords with their co-workers. Almost 22 percent of the participants admitted that they reuse the same password on multiple work accounts. It is seen that only about 12 percent of the employees use password managers to manage multiple passwords securely.

Password sharing can significantly weaken the organization’s security, and it is shown that the majority of the hacking related breaches occur due to weak or stolen passwords. Legal issues can arise if the customer’s privacy is violated. A company must establish a strong policy prohibiting password sharing under any circumstances. Due to multiple logins to a single account, it is difficult to trace the user who compromises the data. Some level of control must be established at workstations like limiting concurrent logins and forcing logoffs exceeding the allowed number of times. Multi-factor authentication and use of long passwords must be encouraged. Employees must be nurtured about the benefits of using password managers like LastPass or Dashlane to avoid using the same passwords for multiple services. Use of personal devices must be avoided in workstations to prevent unauthorized users from accessing the network and confidential data.

CIOs must regulate the policies and make sure that users must not be squeezed to work together in a shared account. When the line between work and home fades, employees tend to increase the risk when they share files from personal device to their company device. Every employee of the organization must be educated about the security policy and password sharing by highlighting the risks involved. An organization must monitor, control, and update policies to minimize or completely eradicate password sharing. Prevention of password sharing will reduce external and internal threats, creating a secure work environment.

Weekly Brief