The news, from time to time, about leaking and selling the data of users of various applications on the Internet to the “Dark web”, which prompts many users, to search for safe ways to preserve their data, here are the easiest ways to preserve your company’s data, or even your personal data:
1- Use unique passwords for all accounts and systems
The first step in keeping an organization safe is to inform employees of the importance of using different passwords for different accounts and systems. Corporate cybersecurity professionals stress the need for strong and unique passwords.
Despite many caveats, password reuse remains a common practice, with an employee reusing the same password about 13 times, and worse, 29% of stolen passwords are weak. One of the companies whose systems were hacked, they used to use passwords like 123456789 or the company name as the password.
2- Replace all passwords regularly
If you do everything right about passwords, your organization’s credentials may still appear on the dark web, and changing passwords regularly “every few months or so” can help ensure that even if your organization’s credentials appear On the Dark web, it will no longer be “up-to-date” and therefore less useful to cybercriminals.
3- Enable multi-factor authentication
According to Microsoft, most account takeover attacks can be blocked using multi-factor authentication, which makes it difficult for cybercriminals to log in as someone else, unless one of them has access to the employee’s phone or email, in addition to their password.
4- Providing safety awareness training for employees
Employees are the weakest link in any organization’s security posture, as the Tessian report found that 43% of US and UK employees made mistakes that led to cybersecurity implications for their organizations, as emails that can try to trick employees into sharing company login details , very common.
Educating employees about cyber threats and how to spot them is critical to mitigating attacks.
According to the report, 43% of employees said that email that appears to be legitimate is the reason they fell into a scam.
5- Monitoring the “Dark web”
If you suspect that your organization’s credentials have been exposed on the Dark web, you can run a scan on it, and there are many tools that enable you to do this for free, such as WatchGuard.
6- Do not use a password
Since 80% of hacking-related breaches are caused by compromised credentials, it doesn’t make sense to rely on passwords. Instead, many companies are turning to passwordless authentication, where users don’t have to enter a password or any other saved secret to log in. Log into an application or IT system, and users can prove their identity based on a “possession factor” (such as a device code or one-time password generator) or an “inherent factor” (such as a fingerprint).
In a recent survey by LastPass, 92% of organizations said passwordless authentication is the future.