Are your employees' credentials for sale on the dark web?

You may or may not be aware of the criminal underbelly of the internet known as the dark web and its potential security risks to your Small or Medium Enterprise (SME). One of the fastest paths to a hacker’s payday is leveraging user sign-on credentials to enter a network or application and methodically navigating toward theft of crown jewel assets (or deployment of a crippling ransomware payload).  

Their malicious activity is difficult to detect because it looks like the normal day-to-day operations of employees at work. Did you know sign-on credentials are bought and sold by cyber criminals on the dark web? If you have employee sign-on credentials that have been exposed to threat actors, your SME may now be vulnerable to an attack.   

When it comes to good security, many businesses don’t recognise their employees as one of their most significant security risks. Have you heard the stories of cyber criminals dumping thumb drives with malicious hacker code in employee parking lots, waiting for someone to pick up and plug them into their work laptop? Pretty clever, right? Unfortunately, research studies have found that upwards of 60% of people who find a thumb drive will do just that—potentially establishing a hacker’s beachhead within the network with little to no effort. That’s where we are right now with security. Collectively, we know we should be doing more, but it never seems to become a priority—until a security event happens, at which point it is too late.  

How to Identify exposure

A critical step in understanding your overall security posture is conducting a risk assessment for the identification of unknown security vulnerabilities and defensive gaps. As part of this effort, a dark web scan can help further identify risk exposure and act as an early warning to cyber risks lurking in the shadows.  

Running a dark web scan against your email domain can provide illuminating results.   

• One organisation’s email domain uncovered 30 compromised emails, including the business owner's login credentials for his bank account 
• Instances of several hundred to thousands of compromised emails have been found 

Your dark web scan results will uncover employees who may have used their business email for non-business reasons and had their credentials compromised, bringing unnecessary risk to your organisation. This is why business email addresses should never be used for non-business-related activities, and separate passwords should be used for each site or application you use. A dark web scan will report on exposed users, and allows for the setting up of ongoing monitoring, so when the time comes that an employee’s credentials get exposed in the future, you can be notified and take appropriate remediation measures.   

Understanding the dark web with fitzrovia it 

The dark web is a lot to take in, but we are here to help! Fitzrovia IT’s experienced security team can conduct a Dark Web Scan to ensure you and your employees are safe. We break down the dark web and the threats to your SME that might be hidden there. We explain the process and value of running a dark web scan to identify threats and how it informs the prioritisation of remediation measures to better protect your business.   

Even better, contact us today, and let’s schedule a Dark Web Scan on one of your domains today. Imagine the shock and surprise if you found your employees’ access information available for sale on the dark web. No matter if you are a team of 5 or 50 - be sure you aren’t a target for the dark web!