Employee Email Breach: How To Detect Exposed Credentials
9 February 2018 00:00
With hundreds of millions of credentials being leaked online is just the past few years, the need for employee email breach detection has never been bigger. Here’s how it’s done.
Unless you’ve been cowered away under a rock for the last few years, you’ve no doubt seen the never-ending headlines of record-breaking data breaches and leaks.
The likes of LinkedIn and Dropbox - two of the most widely-used business services - have been on the receiving end of data breaches that have caused a combined exposure of almost 200 million credentials… many of which are still being used by account holders.
So, just how much of a threat is this to your business?
Emails exposed online
To give you a clear idea of the threat landscape, let’s start you off with an interesting fact -- 30% of email addresses and passwords belonging to CEOs across the globe have been stolen and exposed online.
That’s a pretty bleak finding that doesn’t even take into account how many non-senior employees are exposed via data leaks (we dread to think).
If you also take into account just how many of these employees use the same credentials for multiple sites and services, then the threat of account takeover is huge.
What does this mean for your business?
With this kind of information in arms reach of online attackers, exposed corporate credentials are a gateway into a range of sophisticated scams. Perhaps the standout scam that businesses can expect to receive as a result of exposed employee credentials, comes in the form of social engineering.
In this type of attack, a cyber criminal has the ability to impersonate the compromised account holder by phishing for sensitive information from employees or clients related to the business. It probably goes without saying, but financial and reputational damage can be pretty severe when these attacks prove successful.
In this case, it isn’t just vital to ensure that exposed email credentials are updated, it’s also crucial to educate employees around such common attacks.
What can your business do?
Knowledge is power - and knowing which if your employee’s email addresses are exposed online can give your business a huge boost in understanding its current attack surface.
To gain this knowledge, we recommend the proven and effective method of conducting an email breach detection check. If you’re not 100% sure of what this is, then let us explain how we tend to conduct this detection in three steps:
Step 1 | We’ll gather a list of your employee email addresses and associated domains
Step 2 | We’ll use open-source intelligence (OSINT) and custom-built tools to search through over 300 breached databases and 90 data dump sites.
Step 3 | You’ll receive a full report within 72 hours (take a look an example of our reports here).
It’s safe to say that the findings within these reports often contain pretty startling results, with employees at all levels being affected.
If you’re interested in finding out which employees in your business are at risk of these exposures, visit our email breach detection service page to find out some more information.