Dear Colleagues,

The Office of Information Security recently worked with the Internal Auditor to include the following subject matter into the institution’s Fraud Prevention Training.

Sharing Passwords

• Do not share you LBCC password with anyone. Doing so is a violation of LBCC AR 6006 and may be subjectable to both civil and criminal liability.
• Can lead to unauthorized access to protected data.
  • The CIA Triad (Confidentiality, Integrity and Availability)
  • Confidentiality: Ensuring that information is accessible only to those authorized to have access.
  • Integrity: Safeguarding the accuracy and completeness of information and processing methods.
  • Availability: Ensuring that authorized users have access to information and associated assets when required.
• Compromises Internal Controls.
  • Access to PeopleSoft, TARS, other systems is restricted to employee classifications with clearly defined duties.
  • By sharing passwords, the employee receiving your password could have access to security clearances they shouldn’t have (timesheet approvals, invoice approvals, etc.)
• Can lead to fraudulent activity.
  • Approval of time not worked.
  • Approval of unauthorized purchases.
  • Conflict of Interest.
  • Power over employees (ability to gain cooperation under threat of duress.)

Thanks to Bob Rapoza for incorporating Information Security Standards into Fraud Prevention Training, and providing real-world examples to explain their impact.