The dark web is a collection of anonymous websites that are publicly available, yet hide the IP addresses to make it impossible for users to identify the host. It’s very common that sensitive information made available by data breaches ends up becoming available illicitly for sale on the dark web.
According to the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report, 63% of businesses reported an incident involving the loss of sensitive information about customers and employees in the past year.
If you know your company domain has previously been compromised in a public data breach, a dark web report can help you identify if sensitive information such as email accounts and passwords are now vulnerable and potentially for sale on this – often malicious –part of the Internet.
What to do when you realize your company credentials are exposed on the dark web?
- Reset passwords: Alert your IT department so they can reset passwords company-wide
- Check for additional threats: plan to conduct a security audit with your IT team to check for additional vulnerabilities that may have occurred due to the data breach or dark web threat.
- Turn MFA on: If you haven’t implemented multi-factor authentication yet, now is the time. You never know when your employees are part of a new breach. By doing so, you are not only protecting your employee company credentials, but also VPN access, and Cloud applications.
- Promote internal awareness: If you have evidence that employee credentials were exposed on the dark web, use this as an opportunity to host awareness activities to remind employees of secure practices when it comes to accessing company platforms and information. More importantly, remind everyone to keep work and personal passwords separate.
- Don’t just search the dark web once: Data breaches happen all the time. Performing consistent dark web searches is recommended so you can act fast in the event that your company domain is exposed.
Remember: when company credentials are stolen by a hacker, there is a high chance they may end up exposed on the dark web, creating greater vulnerabilities as criminals can try to use personal stolen data to access a company’s network and do further harm, including:
- Installing malware
- Stealing customer and employee information
- Stealing intellectual property
- Transferring funds
- Deleting files or information
- Threatening you with ransomware
- Modifying sensitive information
If you want to find out if your company credentials are exposed, visit our dark web scan website and learn more.