Cybersecurity Blog

Logging into a machine or account and then letting someone use it is against our AUP – 10/29/19

 

This quarter our main message has been Keep your Password Secret. The reason is, sharing your password is against our Acceptable Use Policy (AUP) and puts yourself and our network at risk. The purpose of keeping your password secret is to prevent other people from having access to information and applications that they shouldn’t as well as to provide accountability.

Much to my surprise, it has been discovered that employees are logging into applications, workstations and systems with their own credentials and then letting someone else use those same applications, workstations and systems. While they are indeed keeping their passwords secret, they are still violating our AUP and exposing themselves to the same risks just as if they had just handed over their password. They risk is not just the loss of data, but also being held accountable for something that they did not do.

That is exactly what happened this week. A supervisor logged into an application using their credentials and then let their reports use the application. While one of the reports was using the system, they made changes to data they were not authorized to make. Because the supervisor’s credentials were used, they were questioned about the changes. The supervisor denies they made the changes, however there is no way to track who in fact made them.

I am also aware of similar situations occurring when guests are brought on campus. Some departments have been asking their administrative assistants to login to a workstation and then turn the workstation over to a guest speaker.  This is also a violation of the AUP.

If you have a guest coming to speak on campus, they are required to bring their own laptop and then connect to the visitor WiFi, MRvisitor. If they do not have a laptop, they can borrow one from the library. At no point are visitors allowed to have access to our internal WiFi, MRsecure, our workstations or computers stored in smart cabinets.

Repeatedly sharing passwords or logging in and letting others use workstations or applications will result in your account being locked down. If you have any questions regarding the sharing of passwords or credentials, please refer to our AUP or contact the IT Service Desk at 403-440-6000.

 

Leave a Reply

Your email address will not be published. Required fields are marked *