Company Passwords Stolen

Are Your Company’s Passwords for Sale on the Dark Web?

Digital credentials, such as usernames and passwords, connect you and your employees to business applications, email systems as well as online services. Unfortunately, hackers know this—and that’s why digital credentials are among the most valuable assets traded on the Dark Web.

Not only are usernames and passwords for sale but also for sale is Personal Identifiable Information (PII) such as phone numbers, addresses, social security numbers. Armed with this PII, cyber criminals can more easily hack systems and impersonate you or your employees.

Cyber criminals utilize the Dark Web to plan and exchange tools and information that enable and propel attacks against businesses of all sizes. But you can get the upper hand and understand if there are activities being plotted against your business by getting informed about the leading indicators of an impending attack: leaked credentials.
 

What is the Dark Web?

Surface, Deep & Dark WebThe Dark Web is made up of digital communities hidden deeply on the Internet. Cyber criminals operate on the deep web, using protected forums and closed sites to buy and sell stolen identities and passwords. It is estimated that over 50% of all sites on the Dark Web are used for criminal activities, including the disclosure and sale of digital credentials. Unfortunately, companies that have had their credentials compromised and sold often are even aware of it until they have been either hacked or informed by law enforcement. And then the damage is done.

 

Yes. This Can Happen to You

When your employees use their work email to access services and other third party websites, such as those below, it only heightens your company’s vulnerability of a breach. We all regularly read about large service providers such as Marriott or CapitaOne suffering massive data breaches. Those breaches can result in your company’s credentials finding their way to the Dark Web for sale to the highest bidder.

Remember, employees often use use their company passwords to access:

Travel Sites
CRM
Social Media
Banking
Email
HR/ Payroll
 

Hacking Related Breaches DataAccording to UpGuard, here are some of the largest data breaches ever reported. Each of these data breaches had an impact on millions of people, and provide different examples of how a company can be compromised or leave an extraordinary number of records exposed. Surely you will recognize one or more of these as sites your employees may access with company credentials.

  • Yahoo – 3 billion
  • Marriott – 500 million
  • Twitter – 330 million
  • Linkedin – 165 million
  • Adobe -153 million
  • Anthem – 78 million
  • Dropbox – 69 million
Compromised credentials are used to conduct further criminal activity

 

Remote Workers Elevate The Risk of Compromise [COVID-19]

If the ongoing battle against cyber criminals was not enough, a new dimension of risk has been introduced with sudden transition to work from home employees. As a result of the COVID-19 pandemic, many states have issued “shelter in place” orders forcing workers to conduct their job function from there home.

Challenges of Remote WorkWhile remote work has allowed many businesses to continue operations, it also brings increased security challenges as employees remotely access the company network, files, and data. In many cases, a company workstation is not provided leaving the employee to work from their personal desktop or laptop. These computers are often not adequately protected against attacks including viruses, malware and phishing attacks. Moreover personal computers are not monitored by a company’s perimeter security protection which provides threat detection and prevention.

As a result, the risk of credentials being stolen is now greater than ever. And to make matters worse, employees often use the same password for multiple services, such as email login, social media, and business applications, thus increasing the potential damage from a single compromised credential.
 

How To Protect Your Business

Top Goals

  1. Reduce the risk of account takeover, business email compromise and live hacking
  2. Improve password policy awareness and enforce company password policy
  3. Improved awareness of threat actors and dark web activity to help prevent stolen accounts resulting in financial damage

Step 1 – Get a Dark Web Scan Report Immediately

Dark Web Risk ReportOur Dark Web report offers detailed visibility into your business accounts that are in circulation on the Dark Web posting a risk of being used in an actual attack on your business. This scan will scan the dark web to see if your information has been compromised in any known data breaches. The resulting report will include the email address, credential (unencrypted password), date credential was stolen and the source of the theft (i.e. breach). From there you can alert, and change.

Request a free Dark Web Scan Report ➡️

Step 2 – Enroll in a Dark Web Monitoring Service

The threat is ongoing and requires continuous detection of credential theft. Dark Web Monitoring is an affordable service to set up to constantly monitor the dark web to detect if your company is at risk due to exposed credentials With this type of real time visibility, you stay one step ahead of the cyber criminals that want to take over your network, install ransomware and steal sensitive business data.

  • Protect against a breach with early detection of compromised user credentials
  • 24×7 monitoring of the dark web for stolen corporate credentials of your users
  • Safeguard the personal credentials of highly-targeted executives and privileged users
  • Immediate notification of compromised user credentials are discovered on the dark web
Fortis Cyber Security Checklist

Get the Cyber Security Checklist

Protect your business today

Managed cyber security for your California business

Fortis Cyber Security Checklist

A step-by-step checklist to assist you in protecting your company against today’s most common cyber security threats.

PROTECT YOUR BUSINESS TODAY

Your download will automatically begin when the form is successfully submitted

Call now to discuss Managed Cyber Security

916-235-4200

or send us a message

Enjoyed the read?

Get more small business advice and technology tips