This is your biggest risk

password reuse
dirtydishes

The prominent sign in your office kitchen couldn't be any clearer. But there's always one person who is too busy or important to abide by your kitchen policy.

And this person is the most dangerous person in your business.

Your Password Policy instructs staff to use a unique or complex password.

But there's always one person (and it only takes one) who doesn't abide by your policy. Password re-use is one of the top reasons businesses suffer email and domain compromises.

It works like this:

  • Your staff register on a legitimate website using their work email address and the same (or similar) password.
  • This website suffers a security breach and user account information is stolen and sold on the dark web.
  • Hackers use the credentials to login to your systems, steal your data or use your email system to maliciously attack other staff members, clients and your other really important business contacts.

It's very common. Organisations like LinkedIn, Canva, MyFitnessPal and many others have been compromised and user credentials stolen by criminal networks. We monitor the dark-web for our clients and see compromised accounts appearing daily.

What can you do?

Multi-factor authentication (MFA) is the only safe option. It means a stolen password (which is one factor) is insufficient to login to your systems. A second factor (usually a phone) is also required. MFA is available in Office 365 for Microsoft products or you can protect all of your systems with Okta (which we use) or similar security software.

Monitoring the Dark Web for compromised accounts is also helpful, and can alert you to breaches of other accounts you have subscribed to.

If you want to know if your business email accounts are being traded on the Dark Web, we're happy to send you a free report from our Dark Web monitoring tool. Speak to us if you need any advice on cybersecurity.

Share This!