The modeled error estimate for the full sample is plus or minus 3.5 percentage points. IT Security challenges experienced in a Shared Services Model and the best practices to successfully handle and/or reduce exposure to these. Receive mail from us on behalf of our trusted partners or sponsors? CIOs and CISOs work hard to secure our employees’ systems, but we don’t always know the security posture of a system being used by another person—it could be compromised, which could lead to further proliferation of account details and potentially unwanted programs (e.g., malware). The challenges shared accounts hold for IT: Activity Tracking and visibility: The basic premise of identity and access management (IAM) is knowing who accessed which resource. What people do with their Netflix passwords is another issue entirely. Unfortunately for CIOs, many people may not understand the risk, or best ways to protect their data—especially when it comes to managing passwords at work. People are less likely to share a password that's also linked to their email account. Many IT organizations use shared accounts for privileged users, administrators or applications so that they can have the access they need to do their jobs. ICS-CERT’s assessment teams noticed that many sites are short-staffed … At SurveyMonkey, we discovered that customers were sharing account credentials because they didn't have the ability to collaborate how they wanted. (Credit: CC BY-NC-SA 2.0) (Credit: CC BY-NC-SA 2.0) The main shared hosting security risk is when you add many sites under the same hosting account. Thank you for signing up to TechRadar. But we need to educate our employees on the difference between sharing a Netflix login and work account credentials. The first is that multiple people access these accounts. Use a MSA or virtual account when possible. Receive news and offers from our other brands? Here 7 types of privileged accounts. Regardless of the reason, shared accounts present a host of security risks to the network. If your company encourages folks to share passwords, it’s time to stop. Instead of squeezing users who want to work together into shared accounts, the smarter (and safer) long-term solution is to make sure everyone who needs one has a seat. Visit our corporate site. A hacker discovering a document full of shared passwords in one employee’s Google account can turn a single security incident into a full-blown breach, potentially opening your organization to legal issues if customers’ privacy rights are violated. Employees are doing it as a quick fix, but it’s our job to make sure they have the tools they need to work together safely and advance our company’s objectives. Otherwise, if Guest access is enabled, anyone can use those user accounts to access … Security Note: Always run SQL Server services by using the lowest possible user rights. Password-sharing at work carries huge risk for our organizations. TechRadar is part of Future US Inc, an international media group and leading digital publisher. You will receive a verification email shortly. Shared accounts create a major hole in this regard. In some shared hosting environments, all your sites are accessible with the same FTP account and all your sites sit in the same directory. New York, This shows that CIOs can intervene, provide a better way for employees to collaborate, and potentially save ourselves a lot of headaches down the road. Why you should think twice before sharing your password with anyone at the office. Sign up to get breaking news, reviews, opinion, analysis and more, plus the hottest tech deals! In case of a security breach or … Reduce the Risk of a Security Breach When Sharing Privileged Accounts. There was a problem. Four out of ten workers say they do it to more easily collaborate with their teammates, and about the same amount (38%) said they share passwords because it’s the company policy. This can make monitoring and creating an audit trail difficult, even more so if there are multiple logins to an account at the same time. Future US, Inc. 11 West 42nd Street, 15th Floor, © Brent Williams, Chief Information Security Officer at SurveyMonkey. So why do employees share passwords when it’s so risky for their organizations? Make sure your password policy includes these industry best-practices: Our survey found that more than 40% of employees who share passwords do so to more easily collaborate with colleagues. Cyber Monday deals: see all the best offers right now! Here’s how: I was surprised to see that almost 40% of people who share passwords at work did so in accordance with company policy. Promote the use of password technology like Dashlane or LastPass. At home, 71% of people are fine sharing passwords with a spouse or partner, and maybe that’s OK. Data have been weighted for age, race, sex, education, and geography using the Census Bureau’s American Community Survey to reflect the demographic composition of the United States age 18 and over. Time and time again we see an employee or a contractor falling victim to a phishing attack … It’s also harder to establish exactly who is doing what when employees share passwords. Today’s columnist, David Higgins of CyberArk, offers some insight on how breaches are caused when security teams overlook privileged accounts. A hacker discovering a document full of shared passwords in one employee’s Google account can turn a single security incident into a full-blown breach, potentially opening your … And to address the other side of the coin, CIOs should take a hard look at the number of SaaS licenses they’re using. Invest in tools with strong collaboration features to ensure employees can work together with little friction. Reduce the Risk of a Security Breach When Sharing Privileged Accounts. In most cases, these customers make use of shared hosting and have many sites added under the same hosting account. When MSA and virtual accounts are not possible, use a specific low-privilege user account or domain account instead of a shared account for SQL Server services. Failing to manage shared passwords adequately can expose organizations to serious vulnerabilities, particularly in the case of privileged accounts where a disgruntled employee could potentially have the power to hold an entire network hostage. In fact, many security professionals don’t even know their passwords and heavily rely on their password managers to auto-generate and store them. It’s also important to highlight the downsides for employees personally—sharing passwords means they risk losing access to business-critical software if someone else changes the login information. Consumers today have seen their email, retail shopping, and online banking providers go through high-profile security breaches. Choose solutions that allow for single sign-on (SSO) whenever possible. NY 10036. The National Institute for Standards and Technology (NIST) and Microsoft recently debunked the idea that passwords that use composition requirements (e.g., uppercase, lowercase, alphanumeric, and non-alphanumeric characters) were stronger.