IT Expert Password Advice

Does your company require you to share your passwords with the IT department?  We’ve been hired by a number of companies, fewer and fewer over the years, that supply us with a file or a paper that included each staff person’s login data. If your company is still doing this, it’s time to stop. Here are a few reasons why that’s a bad idea.

  1. Ethics or Accountability - If a company holds their IT person responsible for this much data, that individual holds a lot of power. Do you want to run your business hoping this person has good ethics? Or do you want to rein him/her in and expect some accountability?

  2. Pointing the Finger - If something were to happen with this list of passwords, how would you fix the problem? Who would be reprimanded for the errors? Could their be any recourse on any employees?

  3. Potential Problems - The problems could be internal or more widespread. Besides one employee logging in as another employee and blame being unaccountable, there is the potential that a hole allows someone outside the organization entry to the internal system. Once this hacker is in, they now have passwords for all users, which could be a disastrous problem.

 

Now that you have convinced management that this is bad practice, you need to correct the problem. First, force all users to change their passwords. If your system allows, put a change your password every 90 days option on their accounts, keeping passwords fresh and unique. Don’t forget to add a new policy to the employee handbook banning employees from using someone else’s password.

 

If you need help setting up your IT procedure, process and managing passwords, give BKS Systems a call and we can help!