A Password Management Horror Story
Not having strong policies surrounding shared passwords could make your data a hostage
An article review.
Do you know who is in control of the various account credentials used by your organization’s employees? One Indianapolis company is, but only after a fired employee held a vital password hostage for $200,000 according to an article in the Indy Star.
The American College of Education found itself in this situation after firing its only system administrator amid a round of layoffs. The organization didn’t realize this employee was in control of a Google account that contained course schedules and materials for the entire school until the account password had been changed–and they had received a letter from the former employee’s attorney demanding the money.
Initially Google refused to help the college, saying that the fired employee was the sole administrator of the associated account. After pressure from the school and an investigation by the Indy Star however Google relented and allowed access. Though the data in question has been recovered, both the American College of Education and the fired employee remain tied up in multiple lawsuits over the incident, making this an expensive lesson to learn.
Stories like this highlight the need to develop and implement a solid password management procedure, including the documentation of any shared passwords your organization may use.
Fortunately, we are planning a webinar on this subject for March 21st.
Original article by Vic Ryckaert writing for the Indy Star.