Learn how shared identities put your organization at risk and how you can prevent it
A recent survey among 1,507 U.S. adults conducted by SurveyMonkey revealed that more than one-third of employees admitted to sharing passwords or accounts with their coworkers. Although it may be tempting to share log-in credentials among colleagues, the sharing of identities (such as usernames, email addresses, or account information) when logging into software-as-a-service (SaaS) solutions like Synergi Life can introduce a variety of security risks, including hacking-related breaches. Compromised credentials are the most common entry point used by malicious threat actors to gain access to systems and data.
While the sharing of credentials has inherent risks, the way that the credentials are shared can lead to an increased cyber security risk. Most likely the credentials are written down on paper and shared with other employees or stored on a spreadsheet in a shared drive. While convenient, the method of sharing increases the chances that these credentials can be accessed by an unauthorized individual.
The practice of sharing credentials can be even more tempting if there are employees who are not working for an organization permanently. These workers may need access to Synergi Life only sporadically and are likely not fully aware of an organization’s security practices and potential risks.
These employees may also not be integrated into access workflows, so conducting a full onboarding process could delay their start of critical work. No matter the reason employees share identities, there are security risks associated with the practice.
Synergi Life helps organizations manage risk, but if the information that is recorded and stored in the system is disclosed, it could lead to any of the following:
Reputation Damage: When identities are shared, it is harder to determine who has access to your systems and what they are allowed to do. This can lead to unauthorized users gaining access to sensitive information or functionalities, potentially causing data breaches or system misuse. A data breach is not only financially damaging, but it can also cause irreparable damage to an organization’s reputation.
Lack of Accountability: Sharing identities diminishes accountability because it becomes challenging to attribute cases and updates to individual users. This can create confusion and difficulties when investigating incidents or cases.
Increased Risk of Phishing: By sharing identities, you may inadvertently make it easier for malicious actors to conduct phishing attacks on your organization. If attackers know a common username or email address used in the organization, they can create more convincing phishing emails to trick employees into revealing their passwords or other sensitive information.
Unauthorized access to sensitive information: Your Synergi Life instance may contain sensitive data, and sharing identities can lead to unauthorized individuals being able to access confidential information. This could result in leaks of sensitive business data, financial information, or personal details.
Compliance Violations: Depending on the industry and the type of data being processed, sharing identities could lead to violations of regulatory compliance requirements (e.g., GDPR, HIPAA, or PCI DSS) that mandate strict controls over access to personal or sensitive data.
The bottom line is that the use of shared or common identities in Synergi Life increases risk and makes it harder to implement basic cybersecurity practices such as frequent password changes and multifactor authentication. The NIST (National Institute of Standards and Technology) Digital Identity Guidelines recommend an Identity Assurance Level (IAL) of at least 2 to protect the potentially sensitive information stored in Synergi Life. Please speak to your DNV Synergi Life team member if you would like guidance on how to best assign unique identities for each of your Synergi Life users.
To maintain a holistic security approach, it's important to enforce strict identity management practices, including ensuring that each user has a unique, strong and private set of credentials to access software. Employing multi-factor authentication (MFA) can also significantly enhance security by adding an extra layer of protection to user accounts. You can read more about the benefits of introducing MFA here.
Author: Kurt Swakhoven