There are a variety of reasons a small business will have compromised credentials, whether someone at the company has fallen for a phishing attack or a third-party data breach has released some of your information. No matter why credentials get leaked, small businesses need to act fast to re-secure their accounts and minimize the available attack surface that malicious actors can take advantage of. Today, we want to go over some of the best practices our security specialists recommend that will help your small business quickly recover from potentially compromised credentials!
Dark Web Scans
The first step to re-securing compromised credentials is to get a detailed understanding of what information has been leaked, so you can strategically target exactly which accounts need the most attention. A small business can work with their managed service provider (MSP) to get a dark web scan that will pull information from the dark web and provide a detailed report on which credentials have been stolen. A dark web scan will detail what information related to your company hackers could buy for just a few cents, which lets you see who has weakened security or immediately compromised credentials.
Change Compromised Credentials
Using the information gathered from the dark web scan, a small business should then immediately change the credentials on any accounts that have been compromised. This will help lower the risk of a cyber attack dramatically in the near future, but SMBs shouldn’t stop there. They should also work with a trusted IT consultant to comb through the data collected from the dark web scan and assess additional security risks based on password fragments or patterns found on the dark web along with any information related to critical cybersecurity infrastructure the company currently uses.
Augment Cybersecurity Training
Once the business has been re-secured as much as possible, small business owners should begin planning changes to their cybersecurity training and rules. This could mean implementing multifactor authentication in case another third-party breach happens or training employees to use a password manager to help ensure their passwords are complex and unique for each account. Your IT consultant can provide valuable insight into how to best improve your company’s cybersecurity posture, and they may be able to provide training tools such as phishing simulations to better improve your training outcomes.
Summary
Even if you don’t think your small business has directly had its credentials compromised recently, it can still be beneficial to follow this plan for re-securing compromised credentials. Over time, information about your business can be leaked in many ways, so getting a dark web scan could reveal security risks no one on your team has thought about yet. Then, you can work with a trusted IT consultant to mitigate the found risks and implement the training that will best keep your small business protected moving into the future!
