Compromised Credentials

The Dark Web and Security Best Practices…

Recent events have highlighted to us that our customers are increasingly being targeted by Cyber threats. Research suggests that users continue to be the weakest link in security for businesses, here in WA and worldwide. This is often due to genuine ignorance regarding security best practices and a lack of knowledge or awareness of common threats and risks.  

Within these Cyber threats, Business Email Compromise scams have jumped 60% over the course of the last 12 months1.  Despite awareness of this threat, we have found that an alarming percentage of people (51%) have not changed their password behavior2 and to exacerbate the situation, a large number of users (50%) reuse an average of five passwords across their business and personal accounts3. 

The reality is, once exposed on the Dark Web, your information, business email credentials, or otherwise, cannot ever be completely removed or hidden. You cannot ﬁle a complaint or contact a support line to demand your data be removed. Your company should immediately start taking appropriate steps and measures to correct or minimize the risks and potential damages associated with this exposed data. Identify, understand and learn from past mistakes or failures, and adopt a more proactive and preventative approach to your business’ cybersecurity strategies moving forward.

If you have received an email from us confirming that your business credentials have been compromised, We recommend you immediately take the following steps as precautionary measures to prevent a breach:

[dsm_icon_list icon_color=”#000000″ icon_font_size=”16px” admin_label=”Supreme Icon List” _builder_version=”4.7.7″ _module_preset=”default” text_font=”|600|||||||” text_font_size=”13px” custom_margin=”||8px||false|false”][dsm_icon_list_child text=”Alert all employees, top to bottom, of the compromised data. ” font_icon=”%%45%%” _builder_version=”4.7.7″ _module_preset=”default”][/dsm_icon_list_child][dsm_icon_list_child text=”Immediately change passwords for all exposed logins – as a further precautionary measure, we recommend everyone in your organization changes their passwords immediately. ” font_icon=”%%45%%” _builder_version=”4.7.7″ _module_preset=”default”][/dsm_icon_list_child][dsm_icon_list_child text=”Retire old and exposed passwords. ” font_icon=”%%45%%” _builder_version=”4.7.7″ _module_preset=”default”][/dsm_icon_list_child][/dsm_icon_list]

In addition to the above, we also recommend you pursue the following:

[dsm_icon_list icon_color=”#000000″ icon_font_size=”16px” admin_label=”Supreme Icon List” _builder_version=”4.7.7″ _module_preset=”default” text_font=”|600|||||||” text_font_size=”13px” custom_margin=”||8px||false|false” hover_enabled=”0″ sticky_enabled=”0″][dsm_icon_list_child text=”Review individual compromises with critical users and take the time to explain speciﬁc threats and risks – both to the business and potentially, the user. ” font_icon=”%%45%%” _builder_version=”4.7.7″ _module_preset=”default”][/dsm_icon_list_child][dsm_icon_list_child text=”Establish/update strict password policies and review and share these with everyone in the business. ” font_icon=”%%45%%” _builder_version=”4.7.7″ _module_preset=”default”][/dsm_icon_list_child][dsm_icon_list_child text=”Deﬁne what a strong password is and implement a password construction policy. ” font_icon=”%%45%%” _builder_version=”4.7.7″ _module_preset=”default”][/dsm_icon_list_child][dsm_icon_list_child text=”Make diﬀerent passwords for each business account mandatory and keep personal ones separate. ” font_icon=”%%45%%” _builder_version=”4.7.7″ _module_preset=”default”][/dsm_icon_list_child][dsm_icon_list_child text=”Determine a schedule for routine password changes. ” font_icon=”%%45%%” _builder_version=”4.7.7″ _module_preset=”default”][/dsm_icon_list_child][/dsm_icon_list]

Your Wolfe Systems win team (Account Manager and/or Technical Lead) will reach out to you directly to discuss the implications that compromised credentials are having on your business and what we are doing to keep your business safe.

1. https://www.agari.com/email-security-blog/email-fraud-trends-report-q1-2020/
2. https://www.businesswire.com/news/home/20200219005336/en/Yubico-and-Ponemon-Institute-Release-the-2020-State-of-Password-and-Authentication-Security-Behaviors-Report
3. https://www.yubico.com/wp-content/uploads/2019/01/Ponemon-Authentication-Report.pdf