Welcome to #WeekendWisdom number 52. This week we’re going to talk about using shared accounts.
First of all what do I mean by a shared account?
What is a Shared Account?
A shared account is a generic user ID or username that has its password known by multiple people. Now I’m distinguishing this from generic accounts which might have their password only known by one person. They’re ok. There’s no real risks there. So that could be an Accounts user ID or a HR user ID.
How about an example?
But the shared accounts are risky. So just as an example in a hotel environment you might have multiple staff that look after the reception desk. They might all have access to a “reception” account that is set up on the computer there. so that they don’t have to be logging in, logging out or things like that on that computer.
What is risk of using shared accounts?
Now the thing is because multiple people know that password you lose control over any tracking over what that account does. So one of those staff logged into the account and they transfer a database of information off to some external account, you don’t know which one of the multiple people that know the password, you don’t know who did it. It can be very difficult to track that down.
So those are the kind of risks that exist with using shared accounts.
So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.