Internal Audit reminder about security
During recent reviews, the Internal Audit Department learned that some supervisors have shared personal passwords with trusted employees. Allowing associates to use their supervisor’s sign-on credentials provides these employees with access they should not have. Also, it defeats the purpose of the audit trail, which is designed to track any activity or changes made by individuals based upon their usernames.
The University’s Guideline for Account Passwords states that passwords should be treated as confidential information and if anyone asks for a password, one should refer them to the guideline.
ITS’s security awareness training includes more information about the dangers of sharing passwords.