According to Google, more than 50% of people are suspected to reuse passwords. If these exposed credentials are valid, they have the potential to provide access to corporate systems, cloud services or other third parties.
This guide draws from best practices suggested in SearchLight’s playbooks, so security professionals can improve their tools and processes to prevent employee account takeover:
- Collect: collect from open, deep and dark web sources
- Validate: asses validity of credential and source context
- Contain: reset affected credentials and inform user
- Educate: refine policies and educated employees