Today I participated in an investigation which led to the termination of employment at a client location. The employer cited numerous violations of company policy, including, among others, inappropriate use of company computers for personal use, e.g., spending time on Facebook, Craigslist, and Match.com for non-business purposes. While I had no trouble finding evidence to back up the allegations, what disturbed me most was finding that not only had the terminated employee been using these sites under her Windows network login account, but so were other staff members. Other staff accessed their own Gmail and Facebook accounts at the suspect user.
This is a prime example of why passwords should never be shared, and why workstations should be locked when not in use. Imagine that, instead of Facebook and Gmail accounts which clearly reflected usernames that corresponded to the suspect employee, another user instead went to other sites that don’t require authentication to get into trouble, e.g., Playboy.com, Fark.com, or any number of other non-work sites. How convenient would it be for User A to sit down at User B’s desk when User B is away, and surf to their heart’s content, violating all sorts of company policies under User A’s credentials?
Consider this the next time you leave your workstation unattended, or think about sharing your password with someone else.