Most people will question the real value of Dark Web Monitoring if they cannot delete their personal information once it is posted to the public. So what should we do if our company gets an alert that PII (personally identifiable information) is on the Dark Web. In this post we will discuss what can be done when receiving a Dark Web Monitoring alert?
1) Change the passwords linked with the affected user account.
Most of us will use the same password on the business network. This is the biggest worry for most business IT administrators when their company website has been tampered. Internet users tend to have a habit when it comes to passwords, they like to recycle the password across various sites. This habit makes cyber-criminal stealing user data much easier. They are three option that can be consider when changing the password:
- Change from short, complex passwords to long yet easy to remember phrases that include few words, numbers and special character.
- Consider using a Password Manager solution. It is a good exercise to use uncommon passwords or phrases. Using a Password Manager is a safe method to maintain with all the various credentials.
- Enforcing a multi-factor authentication (MFA) for sites and systems whenever attainable. Multi-factor authentication as an authenticator app or SMS gives a solid protection against identity compromise. It is hard for cyber-criminal to tamper with a user’s data information even if they get the username and password because they still need, for example a Transaction Authorization Code (TAC) number as an authentication.
2) Request new or freeze the cards and other account numbers when necessary
In certain conditions, dark web monitoring services can alert users to the card or account fraud before the affected bank or store realizes something has turned out badly. If the user information has already been tampered, another way is they can freeze the card and other accounts. It is a simple, low cost process that can give a sense of relief to the user regardless of the alarming nature of the dark web.
What can be done when receiving a Dark Web Monitoring alert? Another way is by educating. It is the weapon anyone can have. With knowledge, users can learn about the attackers at the gate, figure out how to keep out and attack back against those cyber-crime and share the information with others.
Feel free to contact E-SPIN for your specific operation or project requirement, so we can assist you on the exact requirement in the packaged solutions that you may require for your operation or project needs, such as modern web application security testing, continuous protection and monitoring of attack surface and dark web to make sure none of your company sensitive data, such as customer data being leakage and being trade in the dark web.