The backdoor into your company could be you. You may be the weakest link!

Here is what happened:

A corporate executive, after discovering an extensive breach of his personal accounts and sensitive data, engaged CyberWA in order to improve his and his family’s personal cyber security posture. To call it an extensive breach is putting it mildly, in fact, the breach was massive. The executive’s personal digital life that was affected included his and his family’s email accounts and other sensitive accounts. Account credentials (username and password) were found on the Internet and the same password was used across multiple accounts.

In addition to his personal woes, the executive was also concerned whether the breach could have impacted the organization.

The impact:

First, the executive had to shore up all his personal accounts, in particular his email accounts — making sure that there were no signs of ongoing compromise by reviewing auto-forward rules, currently logged on devices, app-passwords and terminating all existing sessions. Concurrently, we were investigating to determine what was accessed and potentially exfiltrated by the adversary.

In this case, there was no breach to the company, but the executive’s personal life had a major impact. All accounts had to be recovered and secured, and preventative actions established to limit risk of identity threat.

Lessons learned are:

Implement, at a minimum, basic cyber hygiene practices:

• Patch, patch and patch. Do not put off tomorrow if a patch is ready today.
• Enable two-factor authentication on all sensitive accounts.
• Create complex passwords or paraphrases.
• Do not share passwords across multiple accounts.
• Only send sensitive data via secure encrypted channels.