Dec '25 (edited) ⢠General discussion
đ§ What is âAccount Piggybackingâ in Cybersecurity
Account piggybacking happens when someone gains access to an employeeâs accountânot through hacking a password, but by quietly staying logged in after borrowing a device, sharing a workstation, or using someone elseâs phone or browser. It also happens when employees forget to sign out of shared PCs, kiosks, or web portals. The âpiggybackerâ can read email, download files, impersonate staff, or change settings without needing credentials. Small businesses often overlook this because it feels like a convenience issue, not a security risk. In reality, itâs one of the easiest ways unauthorized people move through company systems unnoticed.
What to Do
~
Enforce automatic sign-out timers on Microsoft 365, Google Workspace, and financial portals. Require MFA so even if someone tries to re-enter, they canât proceed without the second factor. Disable browser âremember meâ settings on company devices. Set policies that block employees from sharing accounts entirely. Add workstation lock policies so computers auto-lock after a few minutes of inactivity. On shared PCs, use separate user profiles with sign-out reminders. For field staff, enable remote-wipe and login-session controls on mobile devices. Review login logs weekly to catch unusual access patterns from unknown locations or unexpected times.
0
0 comments
đ§ What is âAccount Piggybackingâ in Cybersecurity
skool.com/techframework
Please post your questions and comments about business-related IT or Cybersecurity, and a member or moderator will answer them.
Powered by