It’s noon, and your second day on staff at church. Your hard drive fills up so you call the helpdesk. As David the tech goes through the computer looking for what is taking up space: The Camera Uploads folder inside your Dropbox. And it has photos that church staff shouldn’t have on their computer.
How panicked are you at this point?
In this real-life story, this unfortunate guy was in real panic. He said that someone had hacked him, which almost always is an attempt to evade responsibility for something.
Helpdesk escalated the case to me and I called one of the pastors who asked us to investigate.
The issue was a shared account, used across 17 computers by numerous people. All inappropriate photos appeared on the day a new member joined, but it wasn’t conclusive evidence.
And as it turned out: it wasn’t him.
It was someone outside of church staff that had mistakenly put the Dropbox account on their own iPhone. This person uploaded thousands of photos, including bad memes, travel photos, copies of their passport, and yes, some NSFW photos.
And because it was a shared account on multiple machines, these photos were downloaded to 16 other machines.
If the church had used individual accounts the staff member never would have had this scare, it would have been easy to pinpoint who uploaded the images, when, and from what device.
In a nutshell, this is why shared accounts need to be avoided, especially when there are reasonable alternatives:
- An innocent person came close to losing their job on their second day
- A church had 16 machines with NSFW photos on them because of one person’s mistake
- It was possible for an un-authorized person to upload data to this church’s network
This story has an embarrassing but happy ending. If the photos were poor, forensic investigation was inadequate, or the wrong person saw them, it could’ve led to potential lawsuits for the church.
Next time your cybersecurity guys make a “bad” recommendation like adding accounts that seem only they like add to your bill, it might be decreasing your business risk.