Do You Know Exactly What Services Your Staff Are Signing Up For?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Whatever problem, need, or want you have… there’s a cloud application out there that can help you.

We’ve never lived in a such a rich time for problem solving. Every day, hundreds of new services launch to make our lives easier and help us be more productive.

These applications all live in the cloud. They’re known as Software as a Service – or SaaS – because you don’t load any software onto your device. You use them in your browser.

We would argue this SaaS revolution over the last 15 to 20 years has played a critical part in shaping the way we work today.

However, there’s an issue. Many businesses aren’t 100% aware of what new services their staff have signed up for. And this problem isn’t a financial one; it’s a security one.

Let’s give you a scenario. Suppose a member of your team, Janice, is trying to do something creative, but just can’t with her existing software. She Googles it and finds a cool application.

Janice signs up for an account, and as she’s in a rush she uses the same email address and password as her Microsoft 365 account. Yes, reusing passwords is very bad practice. But this gets worse.

She uses the application for half an hour to achieve what she needs to do… and then forgets it. She’s got no intention of upgrading to a premium subscription, so she abandons her account.

That’s not an issue… until a few years later. Janice is still on your staff; in fact, she’s been promoted to a financial position. And then that SaaS application is hacked by cyber criminals, and all its login credentials are stolen.

It’s well-known that cyber criminals will try stolen details on other sites, especially big wins like Microsoft 365.

Can you see the issue here?

Janice’s 365 account would be compromised, and she’d have no idea how it happened. She won’t remember an app she used for half an hour years before.

But now, criminals have access to her email, which might include banking information or two-factor codes.

The answer is to have a solid policy in place about who can sign up for what kind of service. Also, ask your technology partner if they have any way to track what apps are being used across your business.

And definitely get a password manager for your staff… this will generate a new long, random password for each application, remember it, and autofill login boxes.

Password managers encourage good password practice because they make it easy.