Ensuring Your Staff are Aware of the Threat Posed by Dark Web

There is a good chance that your workforce is unaware of the seriousness of the threat that your business faces from hackers, who use dark web sites and forums to sell and trade stolen data.

Credentials are extremely valuable to hackers, as they give them the foothold in networks they need to steal sensitive data and conduct ransomware attacks. Cybercriminals target credentials and sell them to other hacking groups who specialize in cyberattacks on businesses.

One of the most common ways that credentials are obtained is using brute force tactics – where hackers use automated tools to login to accounts using commonly used passwords, dictionary words, and lists of passwords compromised in previous data breaches. Business accounts are vulnerable if employees reuse passwords across multiple platforms or set weak passwords.

There has been a spike in cyber attacks during the COVID19 pandemic, and attacks are becoming far more common so it has never been so important to ensure that employees set string, unique passwords for all of their work accounts.

The most straightforward way for businesses to ensure good password hygiene and security is to use a password manager solution, as these can be used to generate really strong, unique passwords by employees, and securely store those passwords to ensure they cannot be accessed if your systems are breached.

A Password Manager will allow you to do the following:

  1. Improve Cybersecurity: Any good password manager, such as Bitwarden for example, has a password generator that will suggest strong, unique, random passwords for accounts. Employees will not need to remember these as they will be auto-filled when they are needed. Only a master password for the password vault will be required. Good password managers also support multi-factor authentication. This added security measure means if a password is acquired, it will not be enough to gain access to an account. An additional credential will be required such as the answer to a question or an SMS to your provided phone number to confirm the access attempt is legitimate. There are also MFA solutions that allow for authentication to be provided biometrically. This will eliminate the need to remember a password; however, it is not possible to amend this information once it has been set up.
  2. Configure Single-Sign-On (SSO) Processes: This would allow you to add automation to the log on process, something that will be attractive and encourage buy in from staff members. Using SSO puts in place faster access and does not impact the productivity of employees while also removing the chances of them forgetting their log-on credentials. This feature is also perfect for the IT department as employees can only be given access to apps and programs that they require for work purposes, greatly reducing the chance of anyone using a web portal or service that is laced with malware.
  3. Set up Dark Web Monitoring Services: Dark web monitoring services are crucial as they will make users and administrators aware if any of passwords or data have been compromised in a data breach. Normally this is an extremely easy feature to enable and it will begin working instantly. If an instance of a password being sold or listed is detected, the user will be alerted and told to change their password. 

While your workforce may not be conscious of the risk posed hackers and the trading of data on the dark web, putting a password management solution like Bitwarden in place will improve password security and will make it much harder for cybercriminals to gain access to accounts. 

 

 

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

John Blacksmith

John Blacksmith is a journalist with several years experience in both print and online publications. John has specialised in Information technology in the healthcare sector and in particular in healthcare data security and privacy. His focus on healthcare data means he has specialist knowledge of the HIPAA regulations. John has a degree in journalism.
Twitter
LinkedIn