I work at a small company that interacts with a lot of clients. We frequently have to get on their FTP servers, in their hosting accounts, and more. As such, we have a large amount of client account and password information that was previously just written down and placed in file cabinets with other documents. This made sharing the passwords difficult and resulted in going back to the client to ask for passwords several times.
When I got the the company I decided it would make things easier and more efficient to set up a better system. I installed Dropbox and KeePass on all systems and built a protected password database for our office. It has made things much more efficient.
However, with this setup, it opens us up to problems. This is purely hypothetical at this point, but it crossed my mind yesterday.
What if we hired an employee and later fired them and they decided to get revenge by using the passwords that they (could have) easily backed up to abuse client (and our own) accounts? Is there legal protection? Is our system terrible? What are your thoughts?