The dark web is a collection of anonymous websites that are publicly available, yet hide the IP addresses to make it impossible for users to identify the host. It’s very common that sensitive information made available by data breaches ends up becoming available illicitly for sale on the dark web.
According to the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report, 63% of businesses reported an incident involving the loss of sensitive information about customers and employees in the past year.
What would you do if you knew your customers’ information has been compromised in a public data breach? You’d probably get ready to show the security services that can help them protect employee credentials and company data.
Dark web reports can help you identify if sensitive information such as email accounts and passwords are now vulnerable and potentially for sale on this – often malicious –part of the Internet. With the increased use of remote work applications and overall technological shift companies have been facing in 2020, this is a great tool that as a solution provider, you can use to step up your game with advanced solutions to ensure more effective protection, detection, and response tactics.
What to do when you realize your company credentials are exposed on the dark web?
- Reset passwords: Resetting passwords company-wide is a good starting point to ensure to prevent unauthorized access.
- Check for additional threats: plan to conduct a security audit to check for additional vulnerabilities that may have occurred due to the data breach or dark web threat.
- Turn MFA on: If you haven’t implemented multi-factor authentication for your customer yet, now is the time. You never know when employee credentials will be vulnerable again. By doing so, you are not only protecting user identities, but also VPN access, and Cloud applications.
- Promote internal awareness: If you have evidence that employee credentials were exposed on the dark web, use this as an opportunity to recommend awareness activities to remind employees of secure practices when it comes to accessing company platforms and information. More importantly, remind everyone to keep work and personal passwords separate.
- Don’t just search the dark web once: Data breaches happen all the time. Performing consistent dark web searches is recommended so you can offer a response plan to your client in the event their information is exposed.
Remember: when company credentials are stolen by a hacker, there is a high chance they may end up exposed on the dark web, creating greater vulnerabilities as criminals can try to use personal stolen data to access a company’s network and do further harm, including:
- Installing malware
- Stealing customer and employee information
- Stealing intellectual property
- Transferring funds
- Deleting files or information
- Threatening you with ransomware
- Modifying sensitive information
If you want to find out if your company or your customers’ credentials are exposed, visit WatchGuard’s dark web scan website and learn more.
Sam Manjarres is product marketing manager at WatchGuard Technologies. Read more WatchGuard guest blogs here.
