Working in a cybersecurity firm that works with a lot of small and mid-size businesses, I see Cyber-insecurity every day. This is installment #10 of Practical Cybersecurity Tips that can be applied to your everyday life.
Recently a CIT member attended a demo for a password manager software. It has some pretty cool features, but the sales person didn’t really understand security. I honestly don’t know if it is how the software works or not, but he explained that the admin had full access to all users and all their passwords. Read that again – admins have full access to all users and their passwords! So, that means that anyone that was an administrator could access every password for every single user. That seems absolutely terrible to me. That software isn’t a security tool, it’s a recipe for disaster.
Ouch!! No one, should have your login info!
If for some reason the IT department or computer tech is asking for your password to troubleshoot an issue you’re having, they should have access to reset it… Rather than telling them your password, have them reset it! Then when they’re done you should be required to reset it again back to something that only you know.
Think about it – if they should have your information, why are you giving them the info? Don’t!!
If the tech reaches out to you and you aren’t even having an issue that you’re aware of – don’t provide your information over the phone or email. Ask for their name and a callback number and then call the IT department to see if there is anyone with that name using a published number or one that you have from previous interactions (Not the number they just gave you). Here’s another point to underscore that if you were using MFA, you could be avoid being part of a vishing campaign!
Same thing goes for a bank or financial institution.
But what about access to your ailing parents’, your spouse’s or children’s accounts?
If the website doesn’t support another login to the same account, use a password manager! Most have the ability to securely share credentials. They even have ways to nominate a trusted person in case of death.
- Don’t share credentials with others. I know, this seems like a virtual impossibility sometimes. Even Amazon has some really great family (household) security settings. One of the best Practical Cybersecurity Tips I can offer is to use a password manager that shares privately and safely those credentials with your authorized family members or spouse.
Back to the story I started with. Should that password management software rep calls back, as I’m an agent of change – I’ll likely inform them why I won’t consider their product as maybe they’ll change in the future!
Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, world class cybersecurity, and comprehensive managed IT services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
Contact us to learn more and let us show you how good I.T. can be!