September 25, 2023

Are Your Employees’ Credentials for Sale on the Dark Web?  

Posted by

Why it’s important to know and how to find out.

You may or may not be aware of the criminal underbelly of the internet – the dark web and its potential security risks to your organisation. Hackers are out here hustling for a payday, and they’re doing it by snagging user sign-on info and sneaking into networks or dropping nasty ransomware bombs.

Their malicious activity is difficult to detect because it looks like the normal day-to-day operations of employees at work. Did you know cybercriminals buy and sell sign-on credentials on the dark web? If you have employee sign-on credentials that have been exposed to threat actors, your business may now be vulnerable to an attack.

Now, here’s the kicker: lots of businesses don’t see their own employees as potential security risks. Have you heard the stories of cyber criminals dumping thumb drives with malicious hacker code in employee parking garages, waiting for someone to pick them up and plug them into their work laptop?

Pretty clever. Unfortunately, research studies have found that upwards of 60% of people who find a thumb drive will do just that, potentially establishing a hacker’s beachhead within the network with little to no effort. It’s just that it never seems like a big deal until it’s too late and you’re dealing with a full-blown security crisis. Let’s get ahead of the curve!

Are your employees’ user credentials for sale on the dark web?

A critical step in understanding your overall security posture is conducting a risk assessment to identify unknown security vulnerabilities and defensive gaps. It’s all about doing a risk assessment to suss out those sneaky vulnerabilities and spots where we’re slacking on defence. And here’s a secret weapon: a dark web scan to sniff out any lurking cyber threats.

Running a dark web scan against your email domain can provide illuminating results.

  • One organisation’s email domain uncovered 30 compromised emails, including the business owner’s login credentials for his bank account.
  • Instances of several hundred to thousands of compromised emails have been found.

These scans reveal employees who have used their work email for non-work-related things and had their info swiped This is why business email addresses should never be used for non-business-related activities, and separate passwords should be used for each site or application you use. A dark web scan doesn’t just leave you hanging. It’ll point out exposed users and let you set up ongoing monitoring. So, if an employee’s credentials end up on the dark web down the road, you will know and can swoop in with the fix.

The dark web is a lot to take in, Feeling overwhelmed by the dark web? No worries, we’ve got your back! Dark Web Scanning: Understanding the Why and the How e-book. We break down the dark web and the threats to your business that might be hidden there. We explain the process and value of running a dark web scan to identify threats and how it prioritises remediation measures to protect your business better.

Or better yet, give us a shout, and let’s set up a dark web scan for one of your domains right now. Imagine the shock and surprise if you found your employees’ access information available for sale on the dark web. Whether you’re a large enterprise or a small to mid-sized business, don’t be a target for the dark web’s shenanigans!

Speak to us to see how we can look
after all your business and IT needs

Chat with us now - bottom right