John Larger, manager of thinkCSC’s NOC, shares his insight on the Dark Web and why your business credentials can be a hacker’s dream if you’re not vigilant.
Usernames and passwords are the go-to security solution for so many networks, services, and social media sites, but they are the weakest link in your security efforts, particularly when taking into consideration the risk of human error. Usernames and passwords are often the only layer of security that stands between your employees and your business network. While best practices demand that we should use different passwords for every service (do you?), the reality is that most of us repeatedly reuse passwords. That is a huge problem. The password that may have just been stolen from your employee during the Capital One breach, for example, may be the same one used to connect to your network, your financial system, or their work email.
Password Reuse Is a Huge Risk
In fact, passwords being shared among different services is one of the most common issues we come across. When one service is compromised, every subsequent use of that credential is at risk. We commonly see malicious actors inject themselves into the middle of an email conversation regarding an invoice or other financial transaction and intercept data (e.g. provide the other party with different bank routing info). We’ve seen these cyber criminals create rules to forward, delete, or hide messages so that their activity is undetected. Sometimes it might be used only for gathering information for other nefarious purposes. It all starts with a password that someone used in more than one place and found its way into the hands of the criminal element on the Dark Web.
Learn more about how even the information you store with your favorite pizza place can be used against you and your organization. Read the full article on the Columbus Chamber blog.
At thinkCSC, we offer Dark Web monitoring to identify exposed credentials and alert our customers before hackers can do harm. thinkCSC’s Dark Web monitoring services are provided through a strategic partnership with ID Agent, provider of Dark Web monitoring and identity theft protection solutions. With Dark Web ID, thinkCSC can now offer 24/7 monitoring of millions of sources, including botnets, criminal chat rooms, peer-to-peer networks, malicious websites, bulletin boards, and illegal black-market sites, to alert you of stolen or compromised data. To learn more, please get in touch with us.