Here is the scenario: You’re pinned to your phone and simultaneously buried under emails. One of your case managers pokes their head into your office, and you ask them to log into Trackops under your account to take care of a quick update on your behalf. While waiting on the phone for a client to confirm something, you scrawl your username and password on a piece of scratch paper and hand it to your case manager and whisper ‘thank you’.
Three months later your case manager has just quit without notice, and you’ve come to find out they are working for another investigation firm. Dread overwhelms you as you realize that you never reset your password in Trackops. You realize that you’ve shared your personal account information for Trackops, along with other online accounts like company email, online banking, and social media. Your case and client information is now vulnerable, and you had everything to do with it.
While you’d like to think that all employees are ethical, and would never intentionally your sensitive data with a third party, you can never be too cautious. According to McAfee, insider threats (meaning persons within the organization) account for 43% data loss. Are you protecting your sensitive data? Use these three simple steps to help avoid a serious, yet preventable breach of sensitive data.
Avoid Sharing User Accounts
While technically sharing your password with a co-worker may not be a crime, the account holder is responsible for account usage, and any damages that arise out of it. This liability could put your private information in jeopardy, and possibly result in significant damage to your company’s reputation. In regards to Trackops, sharing your account credentials could potentially expose your clients’ sensitive data to unauthorized parties. Not to mention, it creates an auditing nightmare of figuring out ‘who has done what’.
Use Unique Passwords and Password Managers
Aside from not sharing account credentials, it’s also important to avoid using the same password for multiple accounts. Additionally, using easily guessed passwords, such as children’s names, birthdays, favorite sports teams, etc… can easily be guessed and are less secure than randomly generated passwords. The best practice is to use a unique and complex password for each account you have, and change them periodically. What’s more, you should never store your passwords in a digital or written document that could be accessed by others. One of the best things you can do is to use a password manager to generate unique passwords for your various (sometimes countless) online accounts. We’ve previously written about managing your passwords and why it is important, and this still holds true.
Use Multi-Factor Authentication
Whenever possible, consider enabling Multi-Factor Authentication (MFA) for an added level of protection on your executive accounts. MFA intercepts access to your accounts, and only grants access once a code from your personal device is verified. You can activate MFA this for your Trackops, Google, Microsoft and Apple accounts, among others. It is strongly recommended that you to consider this step in your authentication process.
When your accounts aren’t secure, no policy, procedure, or safeguard can protect you from sensitive data loss due to the actions of unscrupulous or careless employees. Reduce your risk and secure your digital accounts using these common practices. You’ll thank yourself later when you don’t have to deal with the headache or potential litigation from exposing your data to unauthorized individuals.