[Cyber-Security Awareness Series] Your Credentials , Your Identity

Mark was the head of the Marketing Department in the company “IloveITSolutions”. He had spent 25 long years in this organization. He was working on a marketing plan for an upcoming product launch. He had communicated his requirement of two interns for his department which had still not been fulfilled. He called up the HR department to understand the delay in getting the two interns. The HR communicated that the interns would be arriving today; however, would be busy in a 2-day induction workshop organized for the new joiners. Mark was in no mood to let another 2 days pass by. He instructed the HR to send those interns immediately to him. He was the opinion that such induction sessions where the HR elaborated the policies of the organizations were of no use.

Around an hour later, two nervous faces entered Mark’s cabin. Mark instructed them to prepare a marketing proposal by the end of the day. Annie and John looked at each other and enquired about the credentials to be used for logging into the systems. Mark gave them his own credentials and went to attend some other planned meetings with his team members.

Well, Annie and John logged into the system using his credentials and found a treasure trove of data. They almost checked in every presentation they could find on upcoming product launches to marketing plans for the next year. They also worked on the presentation which Mark had instructed them to do.

After working with Mark for about a month, Annie and John left the company. They wanted to take up a regular job now. They got an offer from a competitor firm “Me2ITSoultions”.

Jack was the head of the marketing department in Me2ITSoultions and was quite interested in understanding as to what had Annie and John learned about marketing from the well-known Mark, his arch rival. Luck was on his side. He not only got to know what had Annie and John had learned but also what they brought with them. The treasure trove of data copied using Mark’s credentials by both of them for reference purposes was at his disposal.

Over the next one year, IloveITSoultions lost every project to their competitor Me2ITSoultions. They lost a lot of market share as Me2ITSoultions rolled out a similar product early in the market than them.
Your credentials are your identity and must not be shared with anyone

They make you accountable even though others use it. Although a lot of companies today have various policies, business owners try to find out easy ways to avoid it. Business owners generally point out delivery pressures, strict deadlines, resource unavailability as reasons or excuses to allow credential sharing.

What do you think about this? How do you ensure users do not share their credentials?

Would love to hear from you.


You may also like to read...

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

Identification, Authentication, Authorization, and Accountability

Understanding Security Modes - Dedicated , System high, Compartmented , Multilevel

How to Pass SSCP Exam in the First Attempt

The Endorsement Process - CISSP, SSCP & other (ISC)2 certifications