Your Credentials Are Exposed. Now What?

With the fact that 158 accounts are hacked every second on average, businesses need to be versed in what to do when you receive the alert that your or employee's credentials have been compromised. It is an unfortunate reality that once exposed on the Dark Web, your information cannot ever be completely removed or hidden. You cannot file a complaint or contact a support line to demand your data be removed. Your company should immediately start taking appropriate steps and measures to correct or minimize the risks and potential damages associated with this exposed data. We must identify, understand, and learn from past mistakes or failures, and adopt a more proactive and preventative approach to your business' cybersecurity strategies moving forward.

Once your data is out there, what should you do?


  • Alert all employees from top to bottom of the compromised data and educate them about the Dark Web
  • Review individual compromises with critical users of the specific threats and risks
  • Update strict password policies which include:
    • Retire old and exposed password
    • Define what a strong password is and implement a password construction polity
    • Mandate that business and personal password remain different
    • Determine a schedule for routine password changes


  • Change Passwords
    • Change passwords for all exposed logins.
    • Change all passwords older than six months.


Once the alarms have been sounded, and you are ready to take on Cybersecurity head-first, ensure that your IT professionals have implemented these best practices.


Implement Multi-Factor Authentication: Did you know that 99.% of attacks could be prevented by multi-factor authentication? Even the strongest and most complex passwords won't protect you if they have been compromised and exposed on the Dark Web.

Consider Single Sign-On (SSO) and Password Management Solution: The combined benefits of a Secure SSO and Password Management platform will enable your entire workforce to adapt and thrive in a security-first environment while reducing password frustration and fatigue for users and empowering increased productivity.

Ongoing Security Awareness Training for Users: Users continue to be the weakest link in security for businesses worldwide. This is often due to genuine ignorance regarding security best practices and a lack of knowledge or awareness of common threats and risks. Establish ongoing security awareness training for all users and turn your weakest link into your most robust security defense.

Perform Regular Risk Assessments: A comprehensive audit of your business infrastructure and systems will inevitably reveal vulnerabilities and security gaps within your network, applications, or on your devices. Performing regular assessments will allow you to stay in the know and enable you to achieve and maintain a more preventative security approach, often eliminating issues or problems before they arise.

Proactively Monitor for Breaches and Cyber Threats: Cyber threats continue to increase and evolve, and hardware and software vulnerabilities are discovered regularly, exposing your business to a steady barrage of security risks. To adopt a proactive and preventative approach to Cybersecurity, your business must have visibility and insight into internal and external activities, trends, and threats to the network and data.

Back-Up Everything: You must ensure your business and customer data is protected and secured against any incident or disaster such as system failure, human error, hackers, ransomware, and everything in between.

Don't wait until you are in disaster recovery mode to react. Contact your Pendello Solutions Team today and make sure you are proactively protecting your business. Let our experienced team lead you to the path of creating a strong frontline of defense.