Sharing login credentials is never a good idea, especially at work. Not only does this practice breach internal policies but it also increases the likelihood of a data breach. It only takes one password to fall into the wrong hands for cyber criminals to be able to access your systems and networks and cause harm. Sharing passwords often occurs because team members trust one another and share the workload, but what would happen if one of those employees turned rogue?
Staff are often unaware of the risks and need to realise that what’s at stake is much more than a series of characters, symbols and numbers: it’s the survival of the whole company.
MP Nadine Dorries has revealed that she shares her login credentials with her team – even interns and those on exchange programmes. Her defence was that it was ‘standard practice’ within parliament, but this doesn’t make it right. The House of Commons Staff Handbook, chapter 23, rule 5.8 forbids the practice. Dorries also said that she doesn’t have access to government documents and insisted that there is a ‘shared email account’ on her computer that her staff need to access.
Although other MPs have also admitted to sharing login credentials, common practice isn’t necessarily good practice.
If a member of staff needs to access your email account, why not ask the IT team to set up delegate access instead? This allows others to receive your emails and respond on your behalf without having to share your password.
Carl Gottlieb, data protection officer at Sky News, said:
Sharing access to confidential systems should always be minimised, especially in government where security and audit trails are paramount.
MPs and the civil service have a track record of lax practices around sharing passwords and this needs to change. MPs, like many senior managers, have teams around them that act as a bubble of trust. Interns are trusted to handle their email and social media accounts on a daily basis.
This usually works well until, eventually, the bubble bursts, and previously trusted personnel make mistakes or go rogue.
It is important to inform staff of the risks they create when sharing passwords. If they’re not following that best practice, what else are they doing that they shouldn’t be? In order to inform all staff of information security best practice and internal policies and procedures, consider our e-learning courses as part of a staff awareness programme.
Our Information Security Staff Awareness E-Learning Course teaches employees about the most important elements of information security, including phishing, creating backups, portable media devices and business continuity. It also gives them advice on how to avoid becoming a security liability, introducing them to your policies on incident reporting and responses.