Compromised Credentials

The Dark Web and Security Best Practices…
Recent events have highlighted to us that our customers are increasingly being targeted by Cyber threats. Research suggests that users continue to be the weakest link in security for businesses, here in WA and worldwide. This is often due to genuine ignorance regarding security best practices and a lack of knowledge or awareness of common threats and risks.  

Within these Cyber threats, Business Email Compromise scams have jumped 60% over the course of the last 12 months1.  Despite awareness of this threat, we have found that an alarming percentage of people (51%) have not changed their password behavior2 and to exacerbate the situation, a large number of users (50%) reuse an average of five passwords across their business and personal accounts3. 

The reality is, once exposed on the Dark Web, your information, business email credentials, or otherwise, cannot ever be completely removed or hidden. You cannot file a complaint or contact a support line to demand your data be removed. Your company should immediately start taking appropriate steps and measures to correct or minimize the risks and potential damages associated with this exposed data. Identify, understand and learn from past mistakes or failures, and adopt a more proactive and preventative approach to your business’ cybersecurity strategies moving forward.

If you have received an email from us confirming that your business credentials have been compromised, We recommend you immediately take the following steps as precautionary measures to prevent a breach:

  • NAlert all employees, top to bottom, of the compromised data.
  • NImmediately change passwords for all exposed logins – as a further precautionary measure, we recommend everyone in your organization changes their passwords immediately.
  • NRetire old and exposed passwords.

In addition to the above, we also recommend you pursue the following:

  • NReview individual compromises with critical users and take the time to explain specific threats and risks – both to the business and potentially, the user.
  • NEstablish/update strict password policies and review and share these with everyone in the business.
  • NDefine what a strong password is and implement a password construction policy.
  • NMake different passwords for each business account mandatory and keep personal ones separate.
  • NDetermine a schedule for routine password changes.

Your Wolfe Systems win team (Account Manager and/or Technical Lead) will reach out to you directly to discuss the implications that compromised credentials are having on your business and what we are doing to keep your business safe.

1. https://www.agari.com/email-security-blog/email-fraud-trends-report-q1-2020/
2. https://www.businesswire.com/news/home/20200219005336/en/Yubico-and-Ponemon-Institute-Release-the-2020-State-of-Password-and-Authentication-Security-Behaviors-Report
3. https://www.yubico.com/wp-content/uploads/2019/01/Ponemon-Authentication-Report.pdf
Perth Office
Unit 22, 8 Sustainable Avenue,
Bibra Lake, WA 6163
Phone: 1 300 958 923
E-mail: [email protected]

Melbourne Office
Ground Floor 253 Par k Street,
South Melbourne, VIC 3205
Phone: (03) 9081 7554
24/7 Support: 1300 958 923

All Right Reserved | © Copyright 2020 Wolfe Systems