Find Out If Your Credentials Have Been Leaked On The Internet

Considering the increasing number of cyber attacks on small, medium, and large businesses all over the world, we think it’s crucial to keep a continuous state of alertness when it comes to IT security. There were too many cases of companies that lost clients and sales (sometimes they lost everything) just because an employee wasn’t careful with their credentials or completely disregarded the in-place security measures. Over 5.3 billion email accounts have been compromised (from over 296 websites that were hacked); and this is without counting the ones we don’t know about! Furthermore, in the last decade, plenty of large internet based companies have been compromised (many of which contained company and staff details). Here are a few gut-wrenching examples:  
    • 164,611,595 LinkedIn accounts (May 2016)
    • 152,445,165 Adobe accounts (October 2013)
  • 711,477,622 Onliner Spambot accounts (August 2017)
So, if you want to make sure the company’s private information stay secure (especially now with the notifiable data breach scheme & GDPR) you need to actively seek out new methods to protect your assets. A good way to start is with a tool that checks if your current emails and passwords you use have been leaked.

The ‘Have I Been Pwned’ Tool

This is basically a website that cross-references your email addresses against a database of known  leaked details. The tool is simple and easy to understand – you just introduce the details you want to check and click the search button (or in this case the ‘pwned?’ one). If you want to check any current passwords, it’s best to download the entire list of compromised passwords and make the cross-reference on your own computer. This way you don’t introduce any active password in an online tool (regardless of how trustworthy it may look). If the tool says one of your accounts or passwords has been leaked, you should first check which website was breached and the date you last changed your password. If you changed the password before the breach, you need to take action immediately by changing the password and make sure it doesn’t appear anywhere else in your activity.

Domain Search

Companies tend to have hundreds of email addresses and usernames so it is difficult to do the search one by one. This is why the tool allows users to simply introduce a domain name and learn if any of the associated emails have been compromised. This search becomes even more important if you use Office 365 or G Suite because they generally store all your email history, calendar appointments and client contact details, as well as access to other company data stored and shared in Google Drive or Sharepoint. In these cases, if one email address is compromised, the entire company may be in danger (it’s like giving the keys to your office to a bunch of thieves)! So, if cyber-criminals find a way into your system, you may be forced to declare a data breach (since it’s likely your private information have been compromised), which will further work on ruining your reputation on the market. A good thing about using G Suite or Office 365 is that you can check when your staff changed their passwords the last time. If some of your company’s accounts do come up in the domain search and they haven’t changed their password since the date of the breach, then it’s a good chance those accounts are at risk. You should also notify the people involved as most tend to re-use their passwords, which give hackers the upper hand.

How to Stay Protected?

While no system is completely infallible, there are ways to improve your data security. A good example is implementing 2-step authentication on your G suite or Office 365 accounts.   Also, a password management system like LastPass is also a good idea as it allows you to have a very secure random password for every site that is unique (never use the same password for more than one site). LastPass will remember the passwords for you and it will auto log you in. Not to mention that you can protect LastPass with 2-step authentication too (this is a must)! This will reduce your risk if (or when) a website that you have a login for gets hacked. The cyber-criminals won’t be able to use your details to log into your emails, or other services as the passwords are all different. We hope our guidelines are of use to everyone interested in upgrading their IT security systems, but if you need any assistance in this department or would like a security review, please contact Onsite Helper or call 1300 889 839! Our team of specialists is looking forward to hearing from you!