Administrators, application owners, managers, and users cannot be expected to remember all of the login credentials they should have access to – services that are vital but rarely used, applications running with accounts that have forced password changes, subscriptions to external services that are accessed through a shared account. Without a corporate password management system it is inevitable that users and teams establish their own methods of recording and sharing login information and credentials.
In Northern’s experience, most organizations are unwittingly exposed to the enormous risk that these weakly protected and highly sensitive files represent. Teams and users are sharing files and emails that contain libraries of IDs and corresponding passwords, often together with server names and IP addresses. Clearly this is a huge risk for the information and cyber security of the entire organization – results of theft or unintended disclosure can be devastating. But this risk can be measured, and eliminated.