Think your enterprise password policy is keeping your organization secure from attack?
Think again.
Since 2005, more than 11.78 billion records have been breached through various types of attacks, such as malware, phishing, and credential stuffing. These records—including corporate logins—frequently end up for sale on the dark web, then are used to gain unauthorized access to organizations and websites.
As one example, a group known as “Shiny Hunters” leaked over 73 million records on the dark web, including data stolen from Microsoft’s private GitHub repositories.
So much for enforcing strong passwords and mandatory password changes.
Because employees are likely to reuse passwords across multiple websites and applications, your organization’s risk of being compromised increases dramatically—notwithstanding your enterprise password policy.
While a strong password policy can help protect your organization, that’s not enough to address the potential threat. Are there better ways to prevent employees’ credentials from being compromised and made available for sale on the dark web?
Start a free 14-day trial of Dashlane and run a dark web scan today—no credit card required.
The National Institute of Standards and Technology (NIST) has published recommendations to address the concern about evolving password attacks. NIST Special Publication 800-63B recommends organizations actively check for exposed passwords “against a list that contains values known to be commonly-used, expected, or compromised.”
This list could include:
The challenge lies in finding a list—how do you know if it’s accurate and current enough to tell you if your employees’ credentials have been compromised?
If you have to ask that question, then you already know the answer. A static list downloaded from the internet won’t be updated in real-time, and therefore isn’t adequate. Not to mention that in order to keep that list current, you’ll need to regularly update it manually—a time-consuming and inefficient process at best.
Thankfully, there’s a much easier way to follow the NIST 800-63B recommendations: a password management solution.
An enterprise password manager should offer the ability to actively monitor the dark web and alert you when any employee’s logins have been compromised.
For example, Dashlane’s Dark Web Monitoring feature:
By empowering employees to easily remediate their security risks, Dashlane’s proactive approach gives them the peace of mind that they’re not your organization’s weakest link.
Additionally, Dashlane provides Dark Web Insights for IT admins. Dark Web Insights offers real-time alerts and insights into security breaches and other vulnerabilities affecting employees. This tool:
“Dashlane’s Dark Web Monitoring has been invaluable in helping us uncover security risks. We’re more aware with Dashlane and thus more proactive.”
— Ben Leibert, Technical Manager, VillageReach
Not every breach can be resolved in the same fashion, but there are a few things you can do to protect your organization further. Empower your employees to:
If your employees have corporate credit cards and an account shows up in a breach, contact the company directly. Financial institutions often have their own fraud detection services and can take the necessary steps to protect your company’s financial accounts.
Above all, consider the importance of dark web monitoring for all your employee credentials and passwords. Use your enterprise password management tool to scan the dark web for leaked information and get alerts so you always stay in the know about any potential malicious activity or unauthorized breaches of your organization.
Want to learn more about Dashlane’s Dark Web Insights and Dark Web Monitoring features? Read our latest blog.