Habit 1: Stop Sharing User Accounts and Logins


When it comes to Cyber Security, sharing is NOT caring.

Stop Sharing User Accounts and Logins!

Give everyone their own unique login and email address. Seems like a no-brainer right? Wrong. Many small businesses don’t take the time to set everyone up with individual logins and email addresses because they’re trying to save time and money.

This tends to be true for their other business systems as well. That becomes a particularly disturbing security issue when you’re talking about HR and Financial platforms.

It’s not. Bad doggy.

Saving a few dollars a month on account licenses can cost you well over 1000x the value of that monthly savings in the event of just one ransomware attack. I repeat: Saving a few dollars a month on licenses can cost you well over 1000x the value of that monthly savings in the event of just one ransomware attack.

In addition, people who feel safe working on their devices and work systems will do so more effectively and are more likely to learn how to use the tools you give them effectively. They get excited by the potential impact the tool can have on the business and on their workday, just like you did when you invested in it. You need to capitalize on that!

stop sharing accounts, Reap the Rewards

Here’s a few perks associated with assigning everyone their own account:

  • You have an audit trail of who performed what task on each system (or device)
  • Your users are more likely to use the tools properly since they have their own environment and profile to learn in
  • It gives your users a sense of belonging and privacy

This last item can’t be understated. When people share logins they know that their recent activity is visible to their peers as soon as they’re no longer using said system or device. There is no privacy.

In a recent survey of 1,507 U.S. adults, SurveyMonkey found that one third (34%) said they share passwords or accounts with their coworkers.


An added bonus is that your business will look more professional to the rest of the world. Nothing screams “we’re a small business and have no idea what we’re doing” like everyone using the same …@gmail.com email address. I cringe every time I see an @gmail.com or @yahoo.com email address on the side of a truck or on marketing material for a company.

How good can your product or services be if you haven’t taken the time to get a basic email system in place?

Convinced yet that unique logins are critical to security? Awesome! Let’s talk about implementation. You’re going to need a professional email platform. I do a quick comparison of Google Workspace and Microsoft 365, the two major players in email, in our Business Technology 101 blog post.

Next up, logins for devices (like laptops and Desktops) and web-based system logins (all those Cloud systems you use).

For web-based systems, I’d really like you to be using SSO that is tied into your directory service or email provider. Couple that with two-factor authentication (2FA), and that’s a huge cybersecurity win.

What about Laptops and Computers?

When it comes to devices, this is where it starts to get a little more complex. Unless you have a local directory service like Microsoft Active Directory, device logins are going to need to be manually created and managed on the devices of every team member, which can be tedious. And that only covers Windows devices.

However, there is a solution. You can manage physical devices (Windows, Macs, etc.) and cloud-based systems all in one place using a service called Jumpcloud. If you’re a small business, you literally have no reason not to use Jumpcloud. Your first 10 users are 100% free. You get a centralized source for devices and cloud-based system logins. You also get a landing page with links to all your cloud-based systems, and a bunch of other great cyber security tools, like 2FA. Lastly, it provides a nice backbone for adding in other systems that can be centrally managed as you grow.

Jumpcloud is awesome.

Now that everyone has been given their own login, make sure you train your users to lock their machines anytime they leave their devices unattended. This may not seem like a big deal, but it gets people thinking about cybersecurity routinely, and that’s VERY valuable. I even lock my PC at my home office when I get up to use the restroom because habits are that important.

This will ensure all of your work is protected while you’re physically away from your desks. You can do this with hotkeys and the whole process takes less than a second. Give it a try! Right now is a good time!

For Windows PCs, press WIN + L
For Macs, press Control-Command-Q, or ^+⌘+Q

Lock it down!

That just about wraps up Habit 1. Stop sharing accounts!!! We have two more habits to go.

Click here for Habit 2.

Leave a Comment