Usernames and passwords for everything from network administrator accounts and banking information to video streaming services are being bought and sold every day.
Cybersecurity researchers at Digital Shadows, a digital risk protection company, estimate that over 15 billion stolen account credentials are available on the dark web – some circulating for free! “Many breached accounts are shared multiple times – suggesting that despite being hacked, the user remains unaware of what has happened.”
How Much is Your Account Worth to Criminals?
Prices range from free to over $100,000 depending on value.
Corporate Attacks: Administrative account information for a corporation can sell for as much as $120,000. If attackers are use that access to disrupt an entire network with a ransomware attack (ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid) and demand millions of dollars in exchange for returning access, the criminals might consider the cost worth it.
Personal Attacks: Obviously, bank accounts are a prime target for cybercriminals. While a compromised account might worth everything to you, a cyber criminal only has to pay an average of $70.71 to get your data. Other accounts like streaming services, social media, data subscriptions and oddly enough, anti-virus software, range in price from free to around $20.
How Do You Protect Yourself?
The what-ifs are scary. Losing your savings, privacy, business holdings and sense of security are realities, but there are steps to protect yourself and your organization.
- Unique password that is made up of random letters (upper/lower), symbols and numbers.
- Utilize different passwords for different accounts. This is made easier by password manager tools.
- Change passwords regularly. There’s a chance your data is already on the dark web. If you are concerned, change your passwords.
- Apply multi-factor authentication for an extra layer of protection, because even if the password is breached, there’s an alert that informs you that someone tried to get into your account.
- Never send passwords or account information via email. Text or call instead.
Office 365 users,
- check for forwarding to ensure emails are not being set outside your organization or intended recipient
- Turn off Outlook web access if not a necessity
- Monthly review of all user accounts, remove any old or incorrect accounts
- Review IP location report to reveal any login attempts from unknown locations/countries
Weak Passwords are the #1 reason accounts get hacked.
- A dictionary word with some letters simply replaced by numbers (e.g., a1rplan3 or aer0plan0).
- A repeated character or a series of characters (e.g., AAAAA or 12345).
- A keyboard series of characters (e.g., qwerty or poiuy).
Not sure if you are protected?
Nieto Technology can help make sure your accounts are secure. Call today to schedule a review of your account security. 713.893.5667