Shared logins, risks, and corrective actions
Commonly accepted IT security measures generally advise against sharing logins, and we at Khoros adhere to the same belief and practices. By keeping unique and discrete logins for each user in your organization, you minimize risk and help us provide you with the highest degree of service and security.
Why do companies and users share accounts?
Most shared usage starts as a temporary solution to an access problem. A coworker needs access to a certain report or to perform a specific task. It seems easier to share existing account info than to create a new ID. That logic ignores the downstream impact and the risks involved.
Risks of shared logins
Many users may not even realize the security risks and potential consequences of sharing account credentials and passwords. There are three main areas of risk:
- Lack of an audit trail of actions taken in your software - Shared logins preclude organizations from running audit trails. Without unique logins for each user, anyone with access to the account can complete the same actions within the platform and there is no way to connect actions with individuals. In this way, accountability is also compromised through shared logins. For example, if a damaging post is made or authorized using a shared login, you will have no way to determine what individual took that action.
- Password exposure - In order to share a login, the ID and password must be communicated to each user sharing it. That can happen via several methods (verbal, email, Post-It note). But all of those methods run the risk of exposing this sensitive access information beyond the desired audience.
- Inability to change individual access - Once shared access has been established it is difficult to make any changes without revoking the password for everyone and re-sharing a new password manually. Failure to manage that could result in ex-employees retaining access to sensitive social media accounts. At the very least, your staff will be unproductive with constant password changes.
Benefits of individual account creation
By creating unique accounts for each of your organization s users, you can take full advantage of the support and security Khoros provides.
Maintaining individual accounts within Khoros also allows you to take full advantage of our data protection and security measures. Just like with Support, our Security and Risk teams have less insight into the individuals using shared accounts. This directly affects our team's ability to respond quickly and accurately to potential security incidents, including errant posts and comments to your brand accounts or confidential data leaks. The Khoros platform supports security controls such as password expiration, inactivity timeout, absolute timeouts, and Single Sign-On (SSO) that are only effective with individual, unique user accounts.
Khoros Support uses all available account information when managing support requests in order to better serve you. When these logins are shared or generic, we have less insight into the individuals on your team accessing the platform through the single account. If, for example, a shared login is connected to a team email, and a user from your team sends a support request from their individual email account, our system is unable to automatically connect the request to the appropriate account within Khoros. This creates unnecessary delay in investigating any issues you report or helping you troubleshoot specific questions. However, when all individual users on your team have Khoros logins associated with their own email addresses, it s much easier for us to quickly connect users with their instances, permissions, and account settings when providing support.
Many other Khoros features have been designed with individual user accounts in mind. Functionality like approval teams and workflows, auto-assignment rules, and customizable roles and teams give you the flexibility you need to tailor your Khoros instance to your unique organization. These features and more take advantage of fine-grain user-level configuration only possible through the use of individual, not shared, accounts.
Actions to take
Need to make changes to your user setup? Company admins can check out this article on how to add, remove, and manage users to get started creating new users within your instance. If you need additional licenses to get full value from your software investment, please contact your Strategic Sales Director. They can assess your current license setup against your needs and offer you a solution.
If you are not sure if you have shared logins, please contact Khoros Support and they can help with a quick audit to provide additional information.