I will add that although you do not wish to confront him, the matter needs to be addressed by management.
Confrontations are not nice but it does not need to happen that way.
What he is doing is putting the entire network at risk for hacking, data loss, and just failures in general.
If you do not raise the issue you may be deemed as an accomplice at worst and personally/technically ineffective at best.
Most companies and organizations have rules regarding employee's use of technology. If your office does not have such rules then those rules need to be established, published, and distributed to all employees. And each employee should be made to sign that they read, understand, and will abide by the rules.
For now, simply tell him that what he is doing is putting the network/data/office/company at risk. He may or may not stop.
If he does not stop then you must escalate the problem upwards. And maybe start drafting some rules to present to management.
Google words such as "office technology rules", "IT policies", and so forth. Limit the search to the last year or so.
Plenty of examples and templates to work with. Re-write as necessary for your office environment.
For example here is a link covering a wide range of policies:
https://www.techrepublic.com/article/100-it-policies-at-your-fingertips-ready-for-download/
Then use your policies to educate and train employees accordingly.
Some folks will always try to work around the rules; written or unwritten.
However, signing an agreement that puts their job at risk (should there be a direct, intentional violation) sends a strong message.