People often create passwords based on memorable information, such as your practice name and year of establishment. Passwords are often reused to avoid having to remember multiple combinations.
​
However, this puts you at a higher risk of unauthorized access from external users and different team members. If the password falls into the wrong hands, it could also take longer for you to reset every password than it would take for the hacker to get in and steal information.

During set up of your Dental Intelligence products, the first user account your practice creates will have administrative permissions. Administrative permission means that anyone who has access to this account can update other critical account settings, such as login credentials. They will also have full access rights to view all information associated with the account, putting your practice at a higher risk of data loss, internal data breaches, and cyber threats.

By giving everyone administrative access, not only are you at risk of privacy breaches, but it only takes one disgruntled employee to export your data and close your account forever.

If your team is encouraged to share passwords, they are more likely to share them with others too. A past employee might pretend to have been rehired, or a hacker could easily use sniffing or phishing to capture data from employees who don’t think twice about password security.

Human error is a natural part of the working day. Within a single user account, you can quickly identify and roll-back any changes. However, if someone makes these errors on a user account accessible to several employees, it is almost impossible for IT or customer support teams to pinpoint exactly who the error originated from. Plus, any roll-back could potentially undo work of other team members who may have spent significant time working within the account since the error.

User activity tracking also provides insights into who may be responsible for accidental or malicious activity. Accurately tracking who did what will be crucial if you undertake an internal investigation or even legal action.

With individual user accounts, you can assign individual permissions for each user. Personalized permissions will improve data protection and reduce the risk of leaking confidential information.

Go back to basics and talk to your team. Let them know why they’ve received a new user account and the risks associated with password sharing. You can also use the individual accounts to monitor data exports and permission changes of specific people. The account information will expose training gaps, errors, and cases where user accounts have been compromised or hacked.

Introduce a mandatory process to thoroughly identify and shut off access to the employee’s work-associated accounts within a set time of their dismissal or notice of leave. Once completed, the employee won't be able to access their accounts and your practice will have taken another great step towards remaining secure.