What Steps to Take When Your Business Credentials Are Stolen?

You’ve just discovered there are compromised employee credentials or other sensitive data of your company exposed and available on the Dark Web.

The reality is, once exposed on the Dark Web, your information cannot ever be completely removed or hidden. You cannot file a complaint or contact a support line to demand your data be removed. Your company should immediately start taking appropriate steps and measures to correct or minimize the risks and potential damages associated with this exposed data.

That said, a lot of times the data found on the Dark Web really isn't that critical. Former employees, long out of date passwords are just a couple of examples of "false positive" alerts. So make sure it's a real vulnerability first, by talking with someone with the appropriate knowledge...like, I dunno...Simplex-IT?

But if it does look like a legit vulnerability, identify, understand, and learn from past mistakes or failures, and adopt a more proactive and preventative approach to your business’ cybersecurity strategies moving forward.

• Alert all employees, top to bottom, of the compromised data and explain or educate them about the Dark Web

• Review individual compromises with critical users

• Explain specific threats and risks – both to the business and potentially, the user

• Establish/update strict password policies and review and share with users

• Retire old and exposed passwords

• Define what a strong password is and implement a password construction policy

• Make different passwords for each business account mandatory and keep personal ones separate

• Determine a schedule for routine password changes

• Change passwords for exposed logins – all accounts using the compromised passwords

• Replace with unique passwords for each account

• Change/refresh any passwords older than six months

If you need help with your cybersecurity strategies, call us at 234-380-1277 or sign up for a Foundational IT Assessment!