What to do when your credentials are found on the Dark Web
Sites are hacked every day.
Just this week:
- Total Compromises: 13,394
- Top Personally Identifiable Information (PII) compromised: Domains (13,916)
- Clear Text Passwords (7,014)
- Top Company Size: 1-10 (4,172)
- Top Industry: Education & Research (1,232)
Your Information IS for sale on the DarkWeb. It travels quickly across the world and is viewed by thousands in a weeks’ time[1]. Once on the internet, whether on the surface internet (what we know of as the internet) or on the deep / dark web, you cannot erase it. Many evil things happen on the dark web, it’s not just about stolen credentials. Drugs are sold; people are sold; counterfeit money is sold; access to your server is sold. Your stolen PII can be used to create what looks like a “real person” or to steal your actual identity to open credit card accounts, or even get healthcare.
So, You should behave as if your information is compromised.
If you do not know your Dark Web Status – get a Free Scan Today.
Many breaches are not publicly disclosed, but your information is still on the Dark Web, for sale.
It’s hard to change your email, address and phone number, so that is not the plan. Focus on being aware of breaches and strengthen your password strategy.
MUST-DO Practices
Minimize the impact of the Dark Web having your email by avoiding the use of your WORK email on websites, unless necessary.
CHANGE that compromised password where-ever it, AND ANY VARIATION of it, is being used. When you take inventory, you will be surprised at how many logins your have created with the same password. They add up quickly.
- Use LONGER passwords, like phrases or a combination of several unrelated words.
- Use a unique password for every website or app login. To be able to do this, you need a password management app.
- Use a password manager, like LastPass, and get it to create long (14-16 characters), complicated passwords. You only have to remember the ONE that get’s you into the app. Have I Been Pwned has a partnership with a management app called 1 Password, which is also a good app to use.
Use 2 FA (2 Factor Authentication). So they have your login and password, but they don’t have your phone that gives you a 1-time use pass code to complete your login credentials. Many programs and websites have this as an OPTION, turn it on.
Other great practices:
Monitor for breaches. Some think this is controversial. If you assume your credentials are compromised and act accordingly, what will monitoring do to protect you? Our point of view is – you cannot ALWAYS be “on” AND on average, compromised credentials are not reported until 15 months after the breach occurs. Monitoring for identity theft and monitoring the Dark Web helps alert you immediately, which gives you the power to react more quickly and not wait until you remember to review ALL your vulnerabilities. A faster response to incidents is proven to lessen the impact, so why not, it is not very costly.
Business level monitoring – Dark Web Breach Assessment provided by Integrity IT constantly looks for your domain (ex. @integrityky.com) and sends alerts when something new is posted. Executives can also monitor their personal email address since they are often intertwined in business. The cost to your business is about $600/year.
Personal level monitoring – the website “Have I been pwned”, shows you what type of data is found based on an email address. This is free. Many have received free Identity Theft monitoring from a company involved in a breach, like Equifax and Anthem. You can subscribe to this type of monitoring through IdentifyForce, LifeLock, or ID WatchDog. Prices for individual monitoring range from $120 – $300/year.
https://myaccount.google.com/security-checkup
Monitor your credit card and bank accounts regularly. With the great convenience of auto-pay, it’s easy to not look at accounts for months. Set appointment reminders to do so monthly.
File your taxes early before a criminal does it for you.
Review your credit history 2-3 times a year. You have one free report per year from the three agencies, use them 1 at a time and stagger your reviews.
https://www.annualcreditreport.com
After the enormous breach of Equifax[2], many people have frozen their credit, so criminals cannot try to open accounts with your stolen information.
https://www.identitytheft.gov/Info-Lost-or-Stolen
https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
If you think your identity is stolen, report it immediately. Notify your banks and credit cards.
https://www.identitytheft.gov/
Do not use PUBLIC WIFI – it’s an easy target for criminals to intercept your activity. Just wait for a secure connection or get a hot-spot for business use.
[1] The experiment conducted by security vendor BitGlass
[2] 143 million Americans data was compromised in the 2017 Equifax breach
Related Posts
- IT Security Solutions That Make Sense ( June 11, 2020 )
- Get Services Now from Your Local IT Experts ( May 28, 2020 )
- It’s Time for a Security Risk Assessment ( April 30, 2020 )
- Managed Security Services from The AME Group ( April 16, 2020 )
- Watching Out for New Cyber Security Threats ( March 5, 2020 )
- The AME Group Company Values ( February 20, 2020 )
- Your Resource for IT Solutions ( January 9, 2020 )
- Cloud Security Is Important ( December 12, 2019 )
- Why a Security Assessment Makes Sense ( November 14, 2019 )
- Advantages of Hiring an IT Services Company ( October 31, 2019 )
Recent Posts
Sign up for our Newsletter
Archives
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- July 2015