Discover the risks of shared SaaS accounts and compromised passwords, with tips for better account management and cybersecurity.
According to a 2023 Threat Horizons Report from Google Cloud, 86% of security breaches involve stolen credentials. According to a 2023 Digital Defense Report from Microsoft, password attacks increased tenfold in 2023.
Every time a password is compromised, it opens the door for data breaches by providing unauthorized individuals access to sensitive accounts, systems, and data.
There are many ways passwords can be compromised, and IT departments work very hard to make sure that they are not with a variety of different safeguards and investments.
So, you might find it surprising that one of the most common ways passwords get compromised is when a company’s IT department shares them to create a shared account for testing new software.
Most of the time, this doesn’t result in a data breach, because all of the people who have access are on the same team. But now, bad actors don’t have to work as hard to gain access to the network because instead of a single weak link, you have as many as are on your team.
Sharing SaaS accounts among team members might seem like a convenient and cost-effective solution for testing and collaboration. However, this practice opens the door to significant security risks that can compromise your entire system.
When accounts are shared among multiple users, the risk increases exponentially. A shared account is like a key to a secure facility. If everyone uses the same key, and one person is careless with it, the entire facility is at risk.
This scenario becomes even more alarming when we factor in human behavior. Criminals have doubled down on human engineering and spend their time looking for any opportunity to get someone to loosen their grip on their credentials. It is the favored tactic for intrusion.
Afterward, finding where the error occurred is much more difficult because multiple people have access to the same account. Tracking changes, actions, and potential breaches becomes nearly impossible. Each person’s actions blend into a single audit trail, complicating the task of identifying the source of any issues that arise.
Moreover, fostering insecure habits such as shared accounts sets a bad precedent. Employees may become complacent with security protocols, believing that sharing credentials is acceptable. This mindset can extend beyond testing environments and into day-to-day operations, further amplifying the risk of security breaches.
While the need for shared accounts often stems from the desire for a shared persona during testing, businesses must explore better ways to manage unique accounts.
Investing in robust identity and access management solutions can help streamline the process, ensuring each user has unique credentials while maintaining the ability to test different roles and functionalities effectively.
Implementing multi-factor authentication (MFA) is another critical step. MFA adds an extra layer of security, making it more difficult for unauthorized users to gain access, even if credentials are compromised.
Regular training on best security practices and the importance of individual accountability can also significantly reduce risks.
We’re working on more solutions to make it easier for our lender partners to perform robust testing without exposing their networks to increased risk. To find out more about our approach to cybersecurity, reach out to us today.
Follow us on LinkedIn to be notified when our next article is released.
Mortgage Cadence:
Alison Flaig
Head of Marketing
(919) 906-9738