2016 is ending with another round of major data breaches with online companies such as PayAsUGym, Lynda, and Yahoo.
For the c-suite, there is one thing we can learn from these three breaches in the past week: ensure your employees are not using the same credentials for personal and professional accounts. As we will begin seeing more and more login credentials stolen from widely used sites, implementing a solid password policy will ensure that attackers cannot leverage these breaches to steal your corporate information.
Just what can an an attacker do to harm your business with your employee’s personal login info? Adversaries can use this information to not only hijack email accounts, but also to collect detailed information from your employees that could enable them to launch a larger scale, social engineering attack against your organization. This could allow them to steal highly sensitive corporate information or gain access to your network.
Don’t fall victim. Ensure a solid password policy for your employees and restrict the use of their corporate email account for personal use.