Yeah. I am starting to take steps to reduce the need for sharing of passwords. Weve had a shared folder, and right now we have sufficient disk space (I hope) on the server to hold any files that may need to be shared among the customer service reps. Ive also created a mailing list for customer service that I hope will help with this problem as well. Only problem is, I dont know if I can allow outside posting to that list. Have to see. J
John-AldrichTile-Tools From: Alan Davies [mailto:[email protected]] Sent: Friday, August 27, 2010 10:54 AM To: NT System Admin Issues Subject: RE: Password sharing policy Fair enough .. and that's part of the risk assessment you do for conducting business at that level. Nothing too far wrong with it if you understand and accept the risk and have no legal/regulatory necessity to comply. There are other controls you may wish to put in place ... from a very basic level a paper based system of held records for use of particular credentials. For every solution there are many nuts to crack ... or cats to skin ... or something .. a _____ From: John Aldrich [mailto:[email protected]] Sent: 27 August 2010 15:40 To: NT System Admin Issues Subject: RE: Password sharing policy A couple problems our email is hosted, and while I can share email usernames/passwords, thats about all I can do. Second, we dont have a lot of money right now to spend on IT, or anything much. Third, were privately held, and dont process credit cards so theres very little regulatory compliance of which Im aware, that we could fall afoul of. John-AldrichTile-Tools From: Alan Davies [mailto:[email protected]] Sent: Friday, August 27, 2010 10:02 AM To: NT System Admin Issues Subject: RE: Password sharing policy What's wrong with sharing mailboxes, etc. instead so there's some prospect of auditing? Same with folder ACLs. If you have the money, there are enterprise solutions to ease the pain ... There's nothing I can think of that would cause me to allow an employee to do this. Particularly since it's a hard regulatory requirement not to. a _____ From: John Aldrich [mailto:[email protected]] Sent: 27 August 2010 14:40 To: NT System Admin Issues Subject: RE: Password sharing policy Necessary evil among customer service here We have people out one day/week on a rotating basis, and the person that is covering their area for them has to be able to log in as that user. I strongly discourage anyone outside that area from sharing their passwords, but we have no active policy regarding it. John-AldrichTile-Tools From: Bob Fronk [mailto:[email protected]] Sent: Friday, August 27, 2010 8:43 AM To: NT System Admin Issues Subject: OT: Password sharing policy Good morning list . I am interested in seeing any written password sharing policies you have in place. It seems ours is written in Latin, since no one seems to understand it. I am going to draft a new policy, but would like to see how others handle this and get opinions from the list on how big of a deal sharing passwords is in other businesses. (Personally, I think it is a BIG deal) Thanks, BF **************************************************************************** ******** WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" **************************************************************************** ******** WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<image001.jpg>>
<<image002.jpg>>
