Member Article

How to Create a Secure Work Environment for Sharing Passwords

Sometimes all of us need to share passwords with colleagues, though we know it’s not best practice. If sharing isn’t carried out securely, passwords can fall into the wrong hands, resulting in a potential data breach or even a ransomware attack.

With 92% of UK businesses having experienced a cyberattack in the last 12 months, according to recent research by Keeper Security, business leaders must ensure their organisation keeps passwords and online credentials safe. Here are four tips to help make this happen.

Whenever possible - avoid sharing passwords.

In some circumstances it’s unavoidable, but password sharing should not be the norm. It’s important all employees log into company portals with their own secure credentials and that they do not share these details with others. By using unique login credentials when accessing every service and app, access control is simplified and IT administrators can apply granular security policies on the user level, limiting employee access to resources that are not relevant to their job function.

If password have to be shared, do so safely and efficiently

There are some circumstances where passwords may need to be shared. Whether it’s accessing a shared database, infrastructure credentials, communal documents or subscription service, at times, it’s not realistic for all employees to have private access. In these moments, business leaders must ensure security measures are taken and passwords are only shared with authorised parties.

It’s quick and tempting to share passwords via email or instant messaging but this is also extremely insecure and inefficient. The majority of employees will have hundreds of unopened emails in their inbox resulting in emails or texts being missed or never opened. IT admins can waste hours resolving password-related issues, if an inefficient system is in place. What’s more, if and when an enterprise needs to change a shared password, each employee would need to be notified of this change, exhausting further time and resources.

Deploying a password management platform can solve many of these issues and is a step many businesses should take to boost workforce productivity as organisations recover from the pandemic. An enterprise password management platform enables IT admins to create shared password folders for individual groups and grant (and - of course - remove) user access to the folder.

Rather than noting down shared passwords, all employees can access these through a secure digital vault which can be accessed from any modern device. This way, passwords will not be lost and changes can be made easily by the tech team. It simplifies the whole process and significantly lowers the chance of errors, saving time and money.

If somebody leaves the company, reset all shared passwords

When an employee leaves the company, they may still try to access an old resource or database if they’ve been given access through openly shared credentials. While legally, this should not happen, unless businesses disable an account or change the shared password, there’s no guarantee it won’t.

When an employee leaves an organisation, regardless of the reason, IT administrators must disable all of their user accounts and reset any shared passwords to prevent unwanted access. However, this process often fails to occur due to the time-consuming and laborious nature of the task. An enterprise password management platform will perform these simple but effective steps automatically. This reduces the time required from IT admins and also ensures no holes in an organisation’s defence system appear.

Be thorough with your security measures

All employees must be encouraged to use strong passwords, whether they plan on sharing them or not. If businesses insist on strong, unique passwords, strengthening an enterprise’s security level is the responsibility of each employee. By using secure passwords, no less than eight characters long, and consisting of a range of characters, using multi-factor authentication, employees can help bolster their enterprises’ defence system. But this relies on each employee to be consistent and compliant at all times.

Investing in a zero-knowledge, enterprise-grade password security and encryption platform takes away this risk. Such a platform gives administrators complete visibility into employee password practises meaning password adoption can be monitored and password security policies enforced. It takes away the risk of anything slipping through the cracks and results in businesses continuing to thrive without having to worry about password security, saving time and resources.

This was posted in Bdaily's Members' News section by Keeper Security .