What’s a hacker’s payday? The day when an employee of an organisation picks up and plugs in a thumb drive he found on an employee parking lot giving the hacker access to sign-on credentials and the ability to deploy a malicious payload. According to research, a staggering 60% of employees did exactly that. This results in employees potentially establishing a hacker’s beachhead within the network with little to no effort. That’s where we are right now with security. Collectively, we know we should be doing more, but it never seems to become a priority—until a security event happens, at which point it is too late.
Are your employees’ user credentials for sale on the dark web?
A critical step in understanding your overall security posture is conducting a risk assessment for the identification of unknown security vulnerabilities and defensive gaps. As part of this effort, a dark web scan can help further identify risk exposure and act as an early warning to cyber risks lurking in the shadows.
Running a dark web scan against your email domain can provide illuminating results.
- One organization’s email domain uncovered 30 compromised emails, including the business owner’s login credentials for his bank account
- Instances of several hundred to thousands of compromised emails have been found
The results of a dark web scan will uncover employees who may have used their business email for non-business reasons and had their credentials compromised, bringing unnecessary risk to the organisation. This is why business email addresses should never be used for non-business-related activities, and separate passwords should be used for each site or application that you use. A dark web scan will report on exposed users and tools can be set up for ongoing monitoring. This means that whenever an employee’s credentials get exposed in the future, you can be notified and take appropriate remediation measures.
The dark web is a lot to take in, but we are here to help. To learn more, download and review our “Dark Web Scanning: Understanding the Why and the How” e-book. We break down what the dark web is and the threats to your business that might be hidden there. We explain the process and value of running a dark web scan for the identification of threats, and how it informs prioritization of remediation measures to better protect your business.
Even better, give us a call, and let’s schedule a dark web scan on one of your domains today. Imagine the shock and surprise if you found your employees’ access information available for sale on the dark web. Whether you’re a large enterprise or small to mid-sized enterprise—be sure you aren’t a target for the dark web!