Find Out If Your Credentials Have Been Leaked On The InternetConsidering the increasing number of cyberattacks on small, medium, and large businesses all over the world, we think it’s crucial to keep a continuous state of alertness when it comes to IT security. There were too many cases of companies that lost clients and sales (sometimes they lost everything) just because an employee wasn’t careful with their credentials or completely disregarded the in-place security measures. Over 5.3 billion email accounts have been compromised (from over 296 websites that were hacked), and this is without counting the ones we don’t know about! Furthermore, in the last decade, plenty of large internet-based companies have been compromised (many of which contained company and staff details). Here are a few gut-wrenching examples:
- 57,000,000 Uber accounts (January 2017)
- 164,611,595 LinkedIn accounts (May 2016)
- 152,445,165 Adobe accounts (October 2013)
- 250,000,000 Microsoft accounts (March 2019)
- Facebook accounts 540,000,000 (September 2019
So, if you want to make sure the company’s private information stays secure (especially now with the notifiable data breach scheme & GDPR) you need to actively seek out new methods to protect your assets. This will be a good time for you to get in touch with a well-reputed and knowledgeable IT security audit services firm to conduct an in-depth investigation. They can provide you detailed guidance about various precautionary methods against hackers as well as inform you about tools that you can use to check if the emails and passwords currently being used in your company have been leaked in any way. Here are a few tools that you can take a closer look at, in order to deal with your IT security.
The ‘Have I Been Pwned’ ToolThis is basically a website that cross-references your email addresses against a database of known leaked details. The tool is simple and easy to understand – you just introduce the details you want to check and click the search button (or in this case the ‘pwned?’ one).
If you want to check any current passwords, it’s best to download the entire list of compromised passwords and make the cross-reference on your own computer. This way you don’t introduce any active password in an online tool (regardless of how trustworthy it may look).
If the tool says one of your accounts or passwords has been leaked, you should first check which website was breached and the date you last changed your password. If you changed the password before the breach, you need to take action immediately by changing the password and make sure it doesn’t appear anywhere else in your activity.
Domain SearchDomain Search is one of the tools professionals in the IT security audit services industry and recommends the most for businesses, especially large organisations. Companies tend to have hundreds of email addresses and usernames so it is difficult to do the search one by one.
This is why the tool allows users to simply introduce a domain name and learn if any of the associated emails have been compromised. This search becomes even more important if you use Office 365 or G Suite because they generally store all your email history, calendar appointments and client contact details, as well as access to other company data stored and shared in Google Drive or Sharepoint.
In these cases, if one email address is compromised, the entire company may be in danger (it’s like giving the keys to your office to a bunch of thieves)! So, if cyber-criminals find a way into your system, you may be forced to declare a data breach (since it’s likely your private information has been compromised), which will further work on ruining your reputation on the market.
A good thing about using G Suite or Office 365 is that you can check when your staff changed their passwords the last time. If some of your company’s accounts do come up in the domain search and they haven’t changed their password since the date of the breach, then it’s a good chance those accounts are at risk.
You should also notify the people involved as most tend to re-use their passwords, which give hackers the upper hand.
How to Stay Protected?While no system is completely infallible, there are ways to improve your data security. A good example is implementing 2-step authentication on your Google Workspace or Office 365 accounts.
Also, a password management system like LastPass is also a good idea as it allows you to have a very secure random password for every site that is unique (never use the same password for more than one site). LastPass will remember the passwords for you and it will auto log you in. Not to mention that you can protect LastPass with 2-step authentication too (this is a must)! This will reduce your risk if (or when) a website that you have a login for gets hacked. The cyber-criminals won’t be able to use your details to log into your emails, or other services as the passwords are all different.
We hope our guidelines are of use to everyone interested in upgrading their IT security systems, but if you need any assistance in this department or would like a security review, Please contact our IT Security audit services team at Onsite Helper or call 1300 889 839! Our team of specialists is looking forward to hearing from you!