It’s effortless for an IT Security Consultant to blurt out the answer, “It’s for your protection!” But does that answer the question often asked? Too often a simple question like this comes up due to other discussions the consultant may not be aware of, such as budget cuts, internet access, cloud service platforms, or the company is rethinking their IT strategy and needed some clarification.
When you search online for the answer, extensively addressing the question, is limited. You may find scattered through all the search engine results; on a couple of websites, they try to answer the question. So today let’s tackle that commonly asked question, “Why Does Everyone Need A Separate User ID and Password?” and hopefully by the end of this article you’ll have the answer you are looking for and a response to provide those asking you.
Does Your Industry Require Unique User ID And Passwords For Compliance Reasons?
Let’s start with the most common industry of widely used, individual usernames or user ID and password combinations, which is the Healthcare industry. Depending on the country you work in; your healthcare industry may have strict compliance rules and governmental regulations; which require each member of your medical practice or hospital staff be assigned individual user IDs and passwords, for security reasons and monitored activity around the clock.
In the United States, HIPAA compliance is mandatory for all medical practices and hospitals. From the single person operation up to multi-group organizations. IT Security and patient information protection are regulated heavily, and violation fines are stiff and high.
With compliance and regulation-heavy industries such as Healthcare, Legal, Banking, and Pharmaceutical it is the governing bodies that mandate and require each employee be assigned unique usernames or user ID and password combinations. Along with that, you’ll have regular and ongoing password changing timelines and complex password compliance policies put in place by IT Security teams. They are kept up to date in the event an unscheduled inspection takes place, or a facility audit; has been issued by the governing body.
Can A Business Have Just One User ID and Password For Cloud Computing?
Another commonly asked question and becoming more attractive when a company wants to cut spending and go with a pay as you go model using a Public Cloud account. The company could have a single user ID and password, and along with that, IT Security Consultants will advise the company will and does reduce their cloud computing service’s security dramatically.
A few things to know about using Public Clouds:
- Increased scalability – Scaling-up is much more elastic and affordable with public clouds.
- No hardware investment – Public cloud provider owns, operates, and maintains equipment.
- Pay-As-You-Go – Save money by only paying for the computing resources
- Higher security risk – Shared resources between multiple users create more vulnerabilities and make IT security issues more profound.
- Performance – Network performance is weaker and less reliable than private cloud.
- Lacks customization – Public clouds restrict the customization of resources and services.
Does Using, A Single User ID And Password Combination Put Your Staff At Risk?
Most of the time CEO’s or business owners are focused on company security. They will inquire about system security, device compliance, password protection, firewalls, and the list goes on. But in the midst of all that checking, there is one asset that gets overlooked. The employee.
The IT team is always busy securing your company; but has anyone taken the time to see if the employee, themselves are secure. Here’s what we mean. The #1 common security risk is human error. Knowing that, how would you be able to pinpoint which employee
- accidentally clicked on that fake email,
- which in turn your system gets hit with a ransomware attack,
- because the employee did not log out of your system?
Using a single Username or User ID and Password combination invites anonymity to all users and removes any security your IT Security team has in place. Also, if the attack was genuinely orchestrated, by one of your internal staff members, how would you be able to identify the culprit to have them prosecuted? When everyone is using the same user ID and Password combination, you have no protection in place.
What Can A Hacker Do If We Only Use A Single Login Identity?
Unfortunately, once a hacker uncovers that unique; Username or ID and Password combination, the company is using for all the staff to log in, there will be untold damage, identity theft, and stolen data. The recovery process will be costly and can take weeks and in some instance months to rebound.
Furthermore, if your industry is legal compliance regulated; then your company, organization, or medical facility would be looking at stiff fines and potentially closing the operation down indefinitely; because the penalties wiped out the business.
Here is a sample of the security failure cascade that takes place once login credentials are discovered and used by a hacker.
- User ID and Password combination cracked, and ID is JBBobo850
- Hacker knows there is a chance user ID, JBBobo850 may lead to more accessible details
- Digs a little deeper and finds this email address: jbbobo850@hotmail
- Upon further searching finds that email is for JBBobo850’s social media account
- Social media account reveals more information like phone number, address, and real name
- It turns out JBBobo850 is Jim B. Bobo, and the 850 is the area code for the section of the country where he resides.
As you can see once a hacker uncovers your login credentials, time is on their side to see how much more they can discover about you or your business, and then attempt to take it from you.
With any User ID or Username and Password combination; security is the name of the game. Protect yourself, your staff, and your business. Check in with an experienced IT Security consultant if any of the questions listed above crossed your mind or gave you a reason for concern. They can discuss any additional User ID or Username and Password combination questions you may have.
Like this article? Check out 9 Great Microsoft Outlook Timesavers; DON’T GET HACKED – 10 STATS THAT WILL SURPRISE YOU & 5 WAYS TO PROTECT YOUR BUSINESS; Security – The Biggest Challenge For Companies to learn more.