fix some typos
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
This commit is contained in:
parent
10e5f14359
commit
7ab1fb8cea
|
@ -95,6 +95,7 @@ For internal applications you can use SAML/SSO solutions in combination with mul
|
|||
I'd absolutely assume that you do also need some kind of password management solution because if you don't supply one your employees will absolutely start sending each other passwords unencrypted over slack. A hypothetical (and lets face it, pretty horrifying) conversation might look like this:
|
||||
|
||||
> **Account Manager** "can you change something for me on the customer's system?"
|
||||
>
|
||||
> **Business Consultant** "I'm busy with another client right now, but you can log in with your client's email address and `hunter2` and do it yourself...").
|
||||
|
||||
Firstly, make sure that you have explicit policies and processes for password sharing in your employee handbook and make sure that your team know about it. At my current company we run mandatory cyber-security training annually and as part of onboarding for new staff. Secondly, give your team tools that empower them to share credentials as securely possible. If that's via some kind of cloud-based password management platform then you can at least keep an eye on what is happening and, if and when that system is breached, you know which of your employees' credentials may have been compromised (versus in a shadow-IT scenario where you have no idea that employees are using a system that has recently been compromised).
|
||||
|
|
Loading…
Reference in New Issue