Stop a breach before it happens
By Scott Schulze
Hackers targeting businesses and other organizations are constantly finding new ways to try and steal information. Some of the stolen information is used for other criminal activities such as identity theft, online banking fraud and social networking scams. With more and more data breaches happening every day, it’s likely that your employees’ information is being sold on the Dark Web. This information is used by other criminals to gain access to accounts or to conduct illegal activities.
Why do I need a Dark Web scan?
You probably don’t know how many of your employee accounts can be found on the Dark Web. A Dark Web scan reviews lists of stolen identity data found on the Dark Web (emails, passwords and personal information) to identify accounts associated with your email domain that have been compromised by an external data breach.
An external data breach is a breach that has happened outside your company or organization. Some notable breaches include the LinkedIn breach that compromised over 160 million accounts, the DropBox breach, that compromised close to 70 million accounts, and most recently, the Marriott breach that affected up to 500 million accounts.
The Dark Web scan will identify which of your accounts were exposed, which breaches they were involved with, and what passwords were hacked.
What is the risk?
While these data breaches are no fault of your own or your employees, they could potentially have damaging consequences. Many times, hackers and cybercriminals will use the credentials of one breach, say, the LinkedIn breach, and try them on other websites. If your employees use the same email and password across multiple websites, they could be at risk of compromising their accounts, including their business accounts!
Having compromised business information on the Dark Web thereby significantly increases the risk of receiving a phishing email at your organization, which can be a vector for serious malware or ransomware to enter your organization. The more external data breaches your organization has been involved with, the higher your risk.
How do I protect my company?
If you discover that your email address has been associated with one or more external data breaches, you and your employees should take immediate action to minimize the risk of a breach by immediately changing all passwords associated with the compromised accounts to unique, strong passwords.
One of the most important preventative steps you can take is to conduct an Employee Vulnerability Assessment. Using simulated phishing techniques, the assessment will identify what employees would do when they are sent real phishing emails, thereby uncovering risky behaviors and vulnerabilities.
After identifying these human vulnerabilities, remediate with education, ensuring that your employees are properly trained on cybersecurity. Training should include:
- How to spot phishing and phone scams
- The dangers of social media scams
- How to create strong unique passwords for each account
- When to avoid using biz emails for personal activities
- How to protect portable devices such as smartphones, laptops and USB drives
Help employees keep the door locked!
Your employees are the weakest link in your security plan. Over half of all data breaches are caused by human mistakes, but properly trained employees can be your first line of defense. They can act as human firewalls and protect your organization and minimize the chance of data breaches.
Remember, if your employee accounts have been involved with external data breaches, criminals might have a lot of information about your employees and your organization. They can use this information in various ways to compromise your business and even hold you to ransom!
Be diligent and watch out for criminal activity or attempts to use compromised information against you. We recommend conducting the Dark Web scan at least once per year, and additionally after announcements of major breaches such as LinkedIn and Marriott hit the news.
Scott Schulze is Director of Operations at Fusion Technology Solutions, www.fusiontechnologysolutions.com , a Healdsburg-based Managed Services Provider.
Fusion Technology Services is an IT Support/Managed Services Provider and Cloud Services Integrator, aiming to help businesses maintain a healthy computer network environment while providing the best solutions at a competitive price in Data, Wireless, Video, Backup and other IT Services.