Around this time last year, as the world was getting used to the idea of working from home indefinitely, we shared a post with helpful tips to ensure your home office stays secure. With a more casual workstyle that comes from being in your home-office, it's normal that some habits may slip, and routines will change. But now more than ever, we must remain vigilant about security and ensuring that client data is always protected.
Data breaches and hacks have not gone away. We still regularly hear about them in the news and the devastating effects they can have on organizations and individuals alike. Yet still, according to Keeper's Workplace Password Malpractice Report for 2021, many people are continuing to put their clients and employers at risk. For example, of the 1,000 people surveyed, 57% are still writing passwords on sticky notes and 44% are reusing the same passwords across personal and work-related accounts.
The study also found that workers aren't the only guilty parties, but organizations also have some brutal practices. Would you believe that 46% of the companies involved in the survey let new employees use old credentials? That's a sign that passwords are not getting changed and, even worse, old employees may still have those old passwords on-hand!
One of the most concerning numbers in Keeper's report is that two-thirds of respondents admitted that they're sharing passwords insecurely with unauthorized parties by sending the information through text-message or email. Although all of us have probably shared a password at one time or another by email, it's the practice that makes IT security experts cringe. Emails are forever and can easily be forwarded meaning you have no idea how far it will go. So what is a better way to share a password with a colleague, without risking it getting into the wrong hands and exposing your client? Here are a few options:
Share It Verbally: The best thing you can do is to call the person and tell them the password. If they write it down on a piece of paper, make sure they destroy it immediately after adding it to their own secure password storage.
Share Your Screen: We all now have access to some sort of meeting platform, whether it's Zoom, Meetings, Google or any other too. Set-up a meeting with your colleague and share your screen with them, allowing them to record the password as you have it typed out. Again, nothing is recorded or sent electronically, meaning there's little risk of it ending up in the wrong hands.
Use a Shared Document: This is another solution as a result of more collaboration tools that could be used in a pinch. If you're using Google Docs, One Drive or Dropbox, create a document and share it only with the person who requires the information (a public link would defeat the purpose). Once you know they've logged in and retrieved the credentials they need, simply revoke their access or delete the file all together.
Separate Channels: If you must send a password by text or email, then send it in separate messages and, if at all possible, separate channels. For example, send a text with the username and follow-up with an email that only includes the password.
Password Managers: Finally, if your client is not using a secure password manager (no, not an Excel file that lists every password), then recommend they get one that allows you to share credentials for all of their applications.
Compromised passwords are one of the easiest ways for confidential information to get into the wrong hands. Nobody wants to call their client and admit that their system was breached because of an avoidable mistake. The good news is, by following smart practices like secure sharing and storage, you can help prevent yourself from being in that position.