Well, here we are, close to what will be the end of summer.  I just can’t believe how fast the time has flown by.  Even through all of this craziness that this world is going through, it seems amazing to me how both the human spirit and the soul can still trudge through and try to make the best of things. 

One thing that we have to make the best of is now working from home, popularly known as “WFH”.  As I have mentioned before, this is a concept that nobody thought would happen in the way it has for at least another 3-4 years out.

But now, we have seen it happen in just the time span of 2 months.  WFH, also known as the “Remote Workforce”, is going to be around with us for quite some time.  In fact, many companies across Corporate America are now realizing the value and savings that are involved with this and are now cancelling their current office leases to get virtual offices for just a fraction of the cost.

But with the Remote Workforce also comes the Cyber issues that come with it.  I have explored these in detail before, so no need to go over them again.  But keep in mind that with the intermingling of both the home and corporate networks, there will be more risks that crop up. 

One such of these is that of the “Compromised Credentials”.  As its name implies, this is where the stuff that you use to login into your personal websites are hijacked or stolen and used for nefarious purposes.

When one hears this term, everybody starts to freak out.  Heck, even I would.  But you know what, believe it or not, things may not be appeared to be too bad.  Although the typical knee jerk reaction will be there, it is important to take a deep breathe and first assess situation.  Here are some key takeaways to take into consideration when you do this:

*Determine if the compromised credential actually belongs to the employee:

In this situation, the employee could have left your company, been terminated, or even changed their credentials.  If what has been stolen does not match up to what is currently in your records, then there really should be nothing to worry about.  But if there is a match, then by all means, change all of the logins and passwords to the employee that has been affected.  This brings out another point:  You must always keep your records updated, and whenever an employee leaves for whatever reason, you should not let their usernames and passwords linger around in your systems for a long period of time.  They should be deleted immediately.

*Implement a suppression policy:

If an alert or warning has been sounded that your employee’s credentials have been compromised, then take care of it immediately.  Once it has been resolved, then mark it so in your database.  If you don’t do that, the same alarm bells will keep going off, and your IT Security team will have to respond again, thus wasting more of their crucial resources and time.  In other words, this then becomes what is known as a “false positive”, and it can eat away at the valuable resources and time of the triaging efforts of your IT Security team.  To make this process much more efficient, you should even create a specialized database in which all deleted login credentials are stored and marked as such.

*Filter out for the duplicates:

Let’s face it, whenever you ask your employee to create a long or complex password so that it does not get easily compromised, the chances that they will do this are very low. You really can’t blame them, who in the heck is going to remember something like that?  Instead, they will create something that is easy for them to remember, and more than likely, they will probably use the very same password for just about everything else that they log into.  For example, the same password could very well be associated with different usernames.  If this happens, and the password is compromised, the same alert and/or warning will be off again, repeatedly, going back to the same scenario that we had in the last point.  To avoid this from happening, establish filtering rules to weed out the duplicate passwords, and create a new password for the employee.  True, this will be a time-consuming task, but it will again save from having the same alarm from being sounded over and over again.

*Confirm if the credentials are even for real:

Whenever a credential has been compromised, the Cyberattacker will of course try to sell it on the Dark Web in order to make a fast buck for whatever the price may be.  In return, the next Cyberattacker that buys these hijacked credentials may very well try to create something new in order to cover their tracks.  If you get any sort of alarms or warnings that of any form of suspicious behavior, try to compare the login credentials that have been used against to what you have mandated in your security policy.  For example, if you specify that a particular syntax should be used, and they do not match up, then you have some clue that the login credentials really have no merit, and thus probably do not pose much of a harm to your business.  Also in this instance, you should create a separate database of compromised credentials that have been repurposed, so you have records that they are a fake.

*Keep an eye out for heisted credentials:

You should have a dedicated resource, even if it is on a part time basis, to keep a continual eye for compromised credentials.  By this, I mean that they should be given the resources to be able to penetrate the Dark Web, and safely explore the underground forums to see if your company’s heisted credentials exist there.  If this has been found, then the need corrective actions have to be taken, such as quickly changing all of the compromised credentials, and of course, notifying law enforcement.  There are also other tools that you can use, especially online ones, that you can use to keep track of criminal activity that are associated with compromised credentials.

My Thoughts On This

So here are some tips to help you determine if any hijacked or stolen credentials from your company really do pose a significant threat to your company.  In the end, the heisting of passwords will always be a target for the Cyberattacker.  It has always been like this.  But the key is determining quickly just how much of a real threat is actually posed, and if there is one, how quickly act upon it.

Sure, this sounds like a huge and daunting tasks that seems like that will never end, but keep in mind, that there are solutions out that are currently available.  One of the best ones to use in this regard is the Password Manager. With this tool, you and your employees can create different types and kinds of login credentials, for each type of application that is to be accessed. 

They can be as long and complicated as you need them to be, and heck, if a breach has been detected, it can even assign a new password automatically to those affected employees and/or systems.

Also, you should seriously consider the use of Artificial Intelligence (AI) and Machine Learning (ML) packages to help automate some processes, such as weeding out for duplicate login credentials, and confirming if a username/password combination is even for real.  They are not nearly as expensive as they sound, and in fact, many of them come as a hosted offering, thus making it both affordable and scalable for any kind of business.