Passwords are a necessary step to keep your information safe and accessible only by you. So if it’s company data that you’re protecting, and you all work for the same business you might ask ‘Why shouldn’t I share passwords with my colleagues?
As an IT provider we have worked with a number of different sized businesses from various sectors over the years and this is a question that comes up a lot.
Having to remember passwords for logging in and separate passwords for programs or software like Office 365 etc can be irritating. Passwords in general can be perceived as a daily annoyance, and to top it off, you’re not allowed to tell anyone what they are, even if it’s to get an important job done when you’re away.
Why do you want to share the password?
Many of us have been there, you’re going on holiday but there’s a report that needs to be sent out to key personnel while you’re away. If it doesn’t go out, it will impact on other areas of the business and you’ll have to play catch up when you return.
Thankfully your colleague has kindly offered to forward it to all the relevant people on your behalf. Perfect. You can just leave your password on a sticky note on your desk and he can log in and complete the task. Everyone gets the report. On time. Job done.
What’s the big deal?
Unfortunately, sharing passwords makes a mockery of a business’ security strategy. It is never advisable to share passwords. Allowing work colleagues access to your login details is considered a security risk and under best practice these details should not be given out to anyone.
An effective security strategy will involve unique log in credentials for each team member with passwords that update periodically and are forbidden from sharing.
Some may argue, does it really matter? Well in a time where the threat of a cyber attack is now highly likely for businesses, a no-exceptions approach to security is required to keep critical data safe.
Another factor which is making an impact on businesses is the increasing requirement to obtain Cyber Essentials certification. Without a detailed cyber security plan, of which good password management is essential, companies are discovering that they are losing out on potential business.
Many are now having to show that they have gone through the Cyber Essentials process before they can submit tenders for projects, particularly Government and MOD contracts. We predict that this will become an expectation across many other industries as the requirement to be able to prove that a business takes security seriously becomes essential.
But it’s ok, I trust Dave …
The colleague you share the password with could be very trustworthy indeed. However, it isn’t just ‘Dave’ you need to worry about. Who else is about when you are discussing your plans? How did you let him know what password he would need? Sticky note? Email? Text? Passwords sent insecurely are an opportunists dream.
It’s also about scale, you may have only shared your password with Dave, but Ang shared hers with Julie and Rob shared his with Sharon and before you know it the security measures that the business believed everyone was adhering to are non-existent. Critical data is not as secure as was once believed, leaving the possibility of a breach highly likely.
It’s important to remind yourself of your role within the organisation. Do you have access to privileged accounts and are you potentially giving someone with less authority and clearance the key to sensitive information?
The potential impact to you personally?
Despite the increased talk around cyber security and promoting good practice in the press, many people are still using passwords that come to mind easily.
Pets names, birthdays, favourite teams are all still popular choices and even worse, they are being re-used across many platforms as well in both personal and work life.
So sharing your password for your office desktop, could also mean you’re sharing your passwords for multiple personal sites. If they fall into the wrong hands, you could be opening yourself up to a sizable breach of your personal information.
From a work perspective, there is the obvious risk that you may find yourself in trouble if it emerges you have shared a password. In many businesses, this is a disciplinary offence and can incur unwelcome sanctions against you, even dismissal if you break IT policy rules.
Always remember, if you allow someone to log onto a system as you, anything they do to that system will be tracked back to you. Good and bad. A password falling into the wrong hands could mean you are liable for anything detrimental leaving you having to prove that you weren’t responsible.
What is it you’re trying to achieve?
So hopefully the above covers why sharing passwords with a colleague isn’t a great idea, but that doesn’t help you do what you need to do.
What is it you’re trying to achieve? As we discussed before, do you need a colleague to access specific files? Maybe you need them to keep on top of your emails while you’re on annual leave? What exactly do they need to gain access to and for how long? Once you have answered this, you can then find an alternative solution.
What can you do instead?
Any good IT support provider, internal or external will be more than happy to find a solution for you. Trust me, they’ll be thrilled to hear you are NOT planning on sharing passwords.
Explain what it is you need to do, why and who needs the access.
With the correct authorisation, access to files, inboxes and software can be granted, allowing your colleague to carry out the required tasks.
With regards to email inboxes, these can be shared for a set time period with a notified colleague.
Either your mailbox can be forwarded to a different mailbox allowing any new mail received to be viewed by that different person.
Alternatively, a user can be given access to your mailbox while you’re away. This will allow the specified user to be able to check new and existing emails in your mailbox from within their own Office 365 account.
These process in a business email system usually take about 15 minutes to setup.
With regards to accessing files, most businesses will have a permissions policy. With the correct authorisation, permission can be granted for your colleague to have access to your file(s) for a specified period.
Passwords and having rules about what you can and can’t do with them can be frustrating, but they are a necessary measure to keep both business and personal data safe.
It is your responsibility to follow your company IT and HR policies as a breach could land you in hot water and company data in the wrong hands.
As we have covered, there are some options available to you when you need a colleague to be able to access certain files or emails.
It is simply a case of clarifying what you need done, by who and for how long and then gaining the correct authorisation and help from your IT support.