How A Third-Party Data Breach Impacts Cybersecurity At Your Business

With the average American adult maintaining over 130 different accounts online, the risk of a data breach or data being stolen continues to grow. Between social media, financials, productivity applications, email, business applications, online shopping and countless other accounts online, your “online life” becomes more and more a part of your day to day physical life as time passes.

As more of our lives and data are shared online, criminals are focused on breaking into these databases to steal the valuable info they hold:

• Personal Info such as name, address, dates of birth, social security numbers etc.
• Financial information such as bank info, credit cards etc.
• Social Information on social media accounts

This is a real problem facing consumers globally but the impacts span beyond individual damages and stolen identities (though, those damages are bad enough).

When a criminal steals your password, or the password of a coworker, chances are – they've gained access to many pieces of your “online life”.

Here’s an example to illustrate how a third party data breach can lead a criminal back to your business.

Your HR manager helps book travel for employees at the business. He set up a business account at a national hotel chain to book rooms for whatever the business travel needs are. The hotel chain’s database suffers a breach and cybercriminals steal thousands of email/password combos including your HR manager’s credentials.

Your HR manager used the same password he uses for all kinds of sites online when he created the login at the hotel company site. This means that the criminals who have this breached data, now have access to your payroll software, servers and all the other things your HR manager interacts with.

The criminals either use this data themselves or take it to the Dark Web to sell for a few dollars (password/email combinations go for $3-$5 on average on the Dark Web).

Breaches like these happen daily and criminals use the information they steal to do as much damage as they can.

This creates a unique problem for business owners and managers because what can you possibly do to protect yourself from a data breach happening at a hotel chain or some other account online?

Things get even trickier when the average span of time between a data breach and disclosure to the public reaches 15 months. Meaning, criminals have a 15-month head start to get to your business and do damage before your are notified on the 5 o’clock news or your social media feed.

So, how can you defend against this kind of thing?

First, implement a password policy at your business:

1. Strong Passwords Required
2. Change Passwords Regularly (90 days minimum)
3. Dual Authentication
4. Lockout Procedures

Second, roll out a password management tool across your organization.

As mentioned earlier, the average adult in America manages over 130 accounts online. It is no wonder that we have a hard time creating strong and unique passwords for each of those accounts. It would be nearly impossible to remember all of that without writing things down – which isn’t secure.

To bridge the gap between security and memory, implement a password management tool. Look for something that is encrypted, secure and be sure to consider mobile capabilities. We recommend LastPass as a great option to start.

Third, invest in Dark Web Monitoring

Dark Web Monitoring is still a newer service offered to businesses and professionals. This is a monitoring solution designed to scrub different areas of the Dark Web (chatrooms, discussion boards etc.) for data connected to your domain.

If we apply Dark Web Monitoring to the example above with the HR Manager for instance – when the criminals stole data from the hotel chain and went to sell/share it on the Dark Web, the monitoring tool would identify your IT company to have the HR manager change passwords. That way, the criminals have useless data and you are protected well before you learn about the breach 15 months later.

If you are interested in Dark Web Monitoring, let's talk.