Tag: password

Consumers Are Skeptical About Biometric Data Security: How Companies Can Respond

by ID Agent

In 2014, Apple's introduction of the iPhone 6 was more than just an exciting iteration of its flagship product – it was the launch of Touch ID. This blockbuster device ushered in a new era of widespread biometric data use for the layman. Fingerprints had replaced passcodes as device gatekeepers, charged with protecting the most important, sensitive information.

Read More

Six Similarities Between GDPR & US Regulatory Requirements

by ID Agent

As companies collect and store more and more personal information, they face data privacy risks on many fronts. Increasingly, they are being held accountable for protecting their customers’ digital privacy. New regulations, led by Europe’s General Data Protection Regulation (GDPR) in 2018, are quickly becoming normative in countries around the world. In total, 58% of all countries have some form of privacy regulations on the books, and another 10% are drafting legislation.

Read More

The NY SHIELD Act is Almost Here: How to Stay Compliant

by ID Agent

Data privacy regulations are quickly becoming par for the course in countries around the world, each one bringing new, nuanced responsibilities for companies to follow. While Europe’s expansive General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) have made most of the headlines, we are just months away from the latest privacy regulation, New York’s “Stop Hacks and Improve Electronic Data Security (SHIELD) Act.”

Read More

The Importance of Building Better Passwords

by ID Agent

Good password hygiene is one of the easiest ways for businesses and consumers to protect their accounts from the millions of attacks threatening personal data every day.

Read More

How to Spot a Phishing Attempt

by ID Agent

Phishing is one of the most common, yet dangerous methods of cybercrime. It utilizes deceptive messages to trick victims into clicking untrustworthy links, downloading malicious attachments, or divulging sensitive information. Despite cybersecurity experts’ warnings over the years, it seems that internet users still consistently fall prey to these simple but effective attacks. According to Verizon’s 2019 Data Breach Investigations Report, a third of all cyber-attacks involved phishing. It is therefore absolutely critical that you’re able to protect yourself and your business from the inevitability that is a phishing campaign targeting you. Below we cover some tell-tale signs of such an attack. 1.) The message is designed to make you panic It’s common for phishing emails to try to scare the recipient into a desired action. The email may claim that your account has been compromised and the only way to verify it is to enter your login details. Alternatively, the email might state that your account will be closed if you do not act immediately. Ensure that you take the time to really think about whether an email is asking something reasonable of you. If you’re unsure, contact the company through other methods. 2.) Domain names are misspelled The reality of the internet today is that anyone can buy a domain name from a registrar. And although every domain name must be unique, there are plenty of ways to create addresses that are hard to distinguish from the one that’s being spoofed. A subtle change of letter in the word, paired with a well-crafted html e-mail, can easily fool a hurried reader. Hackers regularly use discrete punctuation to differentiate their malicious domain source (ex. No-reply@wellsfargo.com vs. No-reply@wells-fargo.com). 3.) It includes suspicious attachments Phishing emails come in many forms, but the one thing they all have in common is that they contain a payload. This will either be a link to a bogus website, as discussed above, or it will be an infected attachment that you’re asked to download. An infected attachment is a seemingly benign document that contains malware. In a typical example, the phisher claims to be sending an invoice to a business or organization. It doesn’t matter whether the recipient expects to receive an invoice from this person or not, because in most cases they won’t be sure what the message pertains to until they open the attachment. When they open the attachment, they’ll see that the invoice isn’t intended for them, but it will be too late. The document unleashes malware on the victim’s computer, which could perform any number of nefarious activities. We advise that you never open an attachment unless you are fully confident that the message is from a legitimate party. If you receive any type of notification about the file’s legitimacy or the application asks you to adjust your settings, then don’t proceed. Contact the sender through an alternative means of communication and ask them to verify that it’s legitimate. It might take you a few more minutes to do so, but the ultimate cost will be much less. 4.) The message contains a mismatched URL One of the first things you should check in a suspicious email message is the integrity of any embedded URLs. Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook and most web-based e-mail services). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious. 5.) The message appears to be from a government agency Cybercriminals don't always pose as a bank or business – sometimes they'll send messages claiming to be from a law enforcement agency like the FBI, or even impersonating the Internal Revenue Service. Rest assured that government agencies don't normally use email as an initial point of contact. That isn't to say that law enforcement and other government agencies don't use email. However, law enforcement agencies follow certain protocols, and their primary means of communication is very rarely by e-mail, and never for the purpose of extortion. 6.) Phishing isn’t limited to your e-mail inbox Just because you’ve successfully identified phishing attempts in your work inbox doesn’t mean you’re in the clear. A malicious link is just as dangerous on your social media accounts – especially if you’re prone to using these platforms on your work devices. Hackers regularly compromise social media accounts in order to increase their attack surface. Once they have access to the account, they can send a malicious link to everyone who is connected to the compromised profile. That means that even if you receive a message from a trusted source, you need to use a discerning eye to determine whether or not to click. Be sure to ask yourself questions like, does this person normally contact me on this social media platform? Do I have another means of contacting them to confirm they did indeed send the message? Have they recently posted to announce that they are not the person responsible for phishing messages? Practice Makes Perfect It has become painfully obvious that phishing attempts won’t stop anytime soon. They are quite simply too lucrative for hackers to pass up, given the ease with which they take advantage of their victims. Living in this new cyber reality, the most effective measure you can take to protect your business and your bottom line is to train your employees and yourself in cybersecurity awareness. When users are trained to recognize the signs of phishing attempts, they become an organization’s best line of defense. Consider a security training solution that can simulate phishing attacks and allows you to follow them up with video-based training campaigns to educate employees who may need it. If you’re not sure where to begin, ask your Managed Service Provider (MSP) what type of solution would be best for your business. Learn about ID Agent’s Phishing Simulations and Security Awareness Training, so you can help your employees to become your company’s strongest line of defense against attack!

Read More

CISA Issues Official Activity Alert for BlueKeep

by ID Agent

A security flaw in Remote Desktop Services (RDS) of outdated Microsoft operating systems known as BlueKeep (CVE-2019-0708) has caused quite the stir in the last month. In May, Microsoft released two warnings of the vulnerability and encouraged users to patch and/or upgrade their operating systems. Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued a rare official activity alert for BlueKeep. The affected OSs include Windows 2000, Windows Vista, Windows XP, and Windows Server 2003/2008. The agency recently tested the vulnerability against a Windows 2000 machine and achieved remote code execution, which indicates that it poses a severe threat of world-wide cyberattacks. Using BlueKeep, a malicious actor could add accounts; view, change or delete data; and gain the ability to install programs. BlueKeep is considered “wormable”, meaning malware exploiting this vulnerability on an affected operating system could potentially propagate to other vulnerable systems. The Cybersecurity and Infrastructure Security Agency stated in their warning: “a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017.” What Can You Do to Mitigate Your Risk? No matter who you are, the main thing to do is to make sure you have installed the most recent patches and updates of your software! If you think you may have an affected OS, it is vital that you make sure your information is secured. In addition to securing your data, the CISA recommends to “consider upgrading any End-Of-Life (EOL) operating systems no longer supported by Microsoft to a newer, supported OS, such as Windows 10.” ID Agent provides a robust suite of services to address the risks faced by MSPs and that of their SMB clients. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites. SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.

Read More

You’ve Been Breached: Now What?

by ID Agent

It can happen to anyone – you’ve taken steps to limit your exposure to a cyber incident. You’ve purchased and implemented top-of-the-line IT solutions. You’ve carefully thought about security best practices and strived to adhere to them. But somehow, you’ve just become the latest victim of a data breach. It might have been discretely packaged ransomware hidden in a seemingly innocent application file. Perhaps it was the result of poor password management. Maybe your employees were duped by a convincing phishing e-mail. But at this point, the only question racing through your mind is, “What do I do next?” Stop The Bleeding: Secure Your Operations Move quickly to secure your systems and fix vulnerabilities that may have caused the breach. The only thing worse than a data breach is multiple data breaches. Your first priority is to take steps to ensure it doesn’t happen again. To do this, you will need to assemble a breach response team to conduct a comprehensive review. Depending on the size and nature of your company, they may include forensics, legal, information technology, operations, or other concerned stakeholders. If you do not have an internal response team, you should contact your Managed Service Provider (MSP) immediately. A reliable MSP should be able to diagnose the source of the breach, or work with a digital forensics team to do so. Be sure to check your network segmentation. When you set up your network, you likely segmented it so that a breach on one server or in one site could not lead to a breach on another server or site. Work with your response team to analyze whether your segmentation plan was effective in containing the breach. If you need to make any changes, now is the time. Find out if measures such as encryption were enabled when the breach happened. You will also want to analyze backup data to ensure no vulnerabilities remain. Be sure to review logs to determine who had access to the data at the time of the breach. Finally, update credentials and passwords of authorized users. If a hacker stole credentials, your system will remain vulnerable until you change them, even if you’ve removed the hacker’s tools. Determine Your Legal Exposure Depending on the nature and location of your business, you may face some legal implications related to a data breach. Most states, the District of Columbia, Puerto Rico, and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. In addition, depending on the types of information involved in the breach, there may be other laws or regulations that apply to your situation. Check state and federal laws or regulations for any specific requirements for your business. The first step in determining your exposure is to verify the types of information compromised, the number of people affected, and whether you have contact information for those people. Once you have gathered this information, report the breach to your local police department immediately. The sooner law enforcement learns about the theft, the more effective they can be in thwarting identity theft. If your local police aren’t familiar with investigating information compromises, contact the local office of the FBI. If your data breach includes electronic health information, you will have additional considerations to account for. You will need to consult the Health Breach Notification Rule to see if your situation requires compliance, and if so, who you must notify, and when. Additionally, check if you’re included in the HIPAA Breach Notification Rule. If so, you must notify the Secretary of the U.S. Department of Health and Human Services (HHS) and in some cases, the media. HHS’s Breach Notification Rule also explains who you must notify, and when. Notify, Notify, Notify While you might want to sweep a data breach under the rug, it is highly inadvisable to do so – both for the above legal requirements, and for the ecosystem of other individuals and entities who depend on your disclosure to stay safe. You will need to notify individuals whose data was compromised as a result of the breach. If you quickly inform people that their personal data has been compromised, they can take steps to reduce the chance that their information will be misused. For example, criminals who have stolen names and Social Security numbers can use that information not only to sign up for new accounts in the victim’s name, but also to commit tax identity theft. People who are notified early can take steps to limit the damage through identity monitoring, among other measures. When notifying compromised individuals, the Federal Trade Commission (FTC) suggests that you: consult with your law enforcement contact about the timing of the notification so it doesn’t impede the investigation designate a point person within your organization for releasing information consider offering a year of free credit monitoring or other support such as identity theft protection or identity restoration services Most states have breach notification laws that tell you what information you must (or must not) provide in your breach notice. Unless your state law says otherwise, you’ll want to clearly describe what you know about the compromise, including how it happened, what information was taken, how the attackers have used the information (if you know), what actions you have taken to remedy the situation, and what actions you are taking to protect individuals and how to reach the relevant contacts in your company. Learn From Your Mistakes A comprehensive review of your information systems will eventually reveal the vulnerability that was used to compromise your data. However, in most cases data breaches are statistically caused by two key attack vectors: stolen user credentials and human error. To ensure that your organization is not breached again, you can get ahead of the hackers by regularly updating passwords and enrolling in a Dark Web Monitoring service. This will ensure that you are alerted any time your credentials are for sale in the marketplaces cybercriminals depend on to gain access to your critical resources. Lastly, you can take steps to transform your employees into your first and best line of defense. Consider a Security Awareness Training platform to execute simulated phishing campaigns and educate vulnerable users about security best practices. Otherwise, your organization is only one click away from yet another breach. ID Agent provides a robust suite of services to address the risks faced by MSPs and that of their SMB clients. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites. SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.

Read More

Migrate With Caution: Microsoft Office 365 Security

by ID Agent

The benefits of moving your business to the Cloud have become crystal clear in recent years. It allows you to empower your aging IT infrastructure, integrate your existing tools seamlessly, scale as your organization grows and work anywhere on any device. However, as is often the case, convenience comes at a cost to security. Cloud services are no exception. In fact, the Cybersecurity and Infrastructure Security Agency (CISA) has released an Analysis Report after having conducted interviews with customers who used third-party partners to migrate their email services to O365. It found that these organizations had a mix of configurations that lowered their overall security posture and led to user and mailbox compromises and vulnerabilities. Here is what you need to know about the risks involved in transitioning to O365 and other cloud services. Default settings = Defeated settings CISA found that multi-factor authentication for administrator accounts was not enabled by default by either the customer or third-party integrator. Azure Active Directory (AD) Global Administrators in an O365 environment have the highest level of administrator privileges at the tenant level. This is equivalent to the Domain Administrator in an on-premises AD environment. The Azure AD Global Administrator accounts are the first accounts created so that administrators can begin configuring their tenant and eventually migrate their users. Multi-factor authentication (MFA) is not enabled by default for these accounts. These accounts are exposed to internet access because they are based in the cloud. If the password has been compromised on the Dark Web or elsewhere, these cloud-based accounts could allow an attacker to maintain a constant presence in a customer’s critical O365 services from the very start of migration – essentially giving them the keys to the kingdom. Solution: Ensure that multi-factor authentication is enabled from the beginning of your migration to the cloud. If you are unsure how to do this, a reliable Managed Service Provider will be able to implement this step. Think Before You Sync Azure AD Connect integrates on-premises environments (non-cloud) with Azure AD when customers migrate to O365 (cloud). This technology provides the capability to create Azure AD identities from on-premises AD identities (or to match previously created Azure AD identities with on-premises AD identities). The on-premises identities then become the authoritative identities in the cloud. In order to match identities, the AD identity needs to match certain attributes. If matched, the Azure AD identity is flagged as on-premises managed. Therefore, it is possible to create an AD identity that matches an administrator in Azure AD and create an account on-premises with the same username. One of the authentication options for Azure AD is “Password Sync.” If this option is enabled, the password from on-premises overwrites the password in Azure AD. In this particular situation, if the on-premises AD identity is compromised, then an attacker could move laterally to the cloud when the sync occurs. Solution: Ensure Azure AD password sync is planned for and configured correctly, prior to migrating users. A knowledgeable Managed Service Provider will be able to guide you through proper implementation of this precautionary measure. Just Following (Legacy) Protocol? Azure AD is the authentication method that O365 uses to authenticate with Exchange Online, which provides email services. It is important to keep in mind that there are several protocols associated with Exchange Online authentication that do not support modern authentication methods with multi-factor authentication features (such as POP3, IMAP and SMTP). Legacy protocols are used with older email clients and can be disabled at the tenant level or at the user level. However, if your organization requires older email clients as a business necessity, these protocols will not be disabled. This leaves email accounts exposed to the internet with only the username and password as the primary authentication method. Given the rampant exposure of credentials on Dark Web markets and elsewhere, a breach is highly likely to follow. Solution: One approach to mitigate this issue is to inventory users who still require the use of a legacy email client and legacy email protocols. Using Azure AD Conditional Access policies can help reduce the number of users who have the ability to use risky legacy protocol authentication methods. Taking this step will greatly reduce the attack surface for organizations. Again, an experienced Managed Service Provider will be able to ensure that your business is using the proper protocols. ID Agent provides a robust suite of services to address the risks faced by MSPs and that of their SMB clients. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites. SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.

Read More

“BERN” App Divulges 150 Million Voter Records

by ID Agent

The future of community organizing or the latest flagrant violation of online privacy? That’s the debate currently raging over the Bernie Sanders presidential campaign’s roll-out of its new “BERN” application. The campaign positions it as a new organizing tool that assists volunteers in tracking potential supporters – permitting them to log the name and background of anyone they talk to: from friends and family members to complete strangers on the street. But skeptics argue that the database of personal information could open non-supporters up to harassment. While a sizable proportion of the data the app requests is publicly available for savvy political operatives who know where to look, critics say that having the data neatly compiled — while not giving people a way to opt out of it — presents online and offline safety concerns. So how did this hotly debated application expose private information of up to 150,000,000 American voters? It seems that an error in the app’s source code caused personal voter identification numbers to be exposed for several hours before ultimately being corrected. Visitors to the website could simply use the F12 Developer Tools shortcut to inspect HTML elements, displaying results like this: (personal information redacted to protect user privacy) Defenders of the application note that information like this has long been accessible by campaigns through the use of CRM tools like NGP VAN and others. However, opponents argue that there are some important caveats. Traditionally, campaign staff using the above tools are limited to data about the precincts they work in, data packets are coded, and personnel are monitored – the BERN app contained no such restrictions. Publishing voter files online is illegal in every state – and for good reason. In some states, voter ID numbers are identical to other identifying numbers like those found on Driver’s Licenses or Social Security cards. This is deeply troubling as hackers and criminals could use these legitimate records to make counterfeit IDs and subsequently use them to open bank accounts and commit other types of fraud. Setting aside critical identifiers like Social Security numbers, the exposed information such as a user’s age, residence, gender, zip code and other “banal” data can be cross-referenced with personal records already compromised on the Dark Web. For example, a cybercriminal typically purchases stolen credit card information on the Dark Web for less than $10 per record. To carry out an online purchase, a hacker would have to know your address and ZIP code – and thanks to the BERN leak, this information is already out there. For in-store purchases, a hacker could simply clone your credit card and, in the rare case that a store associate asks for a photo ID, use the Driver’s License number found on BERN to create a convincing and scannable counterfeit ID. (sample Dark Web advertisement for stolen credit card information) So how do you protect yourself from becoming a victim of identity theft? Organizations have proved time and time again that they are unable to ensure complete security of your personal information; therefore, it would benefit private citizens to enroll in an Identity Monitoring service. By enlisting the help of a trusted provider, online users can monitor their credit cards, driver’s license, Social Security number, medical records and even their passwords – and be alerted when they are for sale on the Dark Web, the world’s largest marketplace for stolen information. ID Agent provides a robust suite of services to address the risks faced by MSPs and that of their SMB clients. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites. SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.

Read More

Game of Thrones: An SMB Cybersecurity Analogy

by ID Agent

***SPOILER ALERT: this article contains some plot details up to Season 8, episode 2*** The epic struggle of Jon Snow, Daenerys Targaryen and their fragile coalition of allies against the looming undead army of White Walkers bears a striking resemblance to the growing specter of cyberthreats against small to medium sized businesses in recent years. So how do you make people care about cybersecurity as much as they care about who will reign supreme over Westeros? Simple – frame these threats in the fantastical terms they already understand from Sunday nights watching HBO. Westeros as an SMB Westeros, the fictional continent where much of the show’s action takes place, is an excellent metaphor for your organization's IT environment. It has a clear perimeter as an island surrounded by water and contains significant assets – food, weapons, livestock, infrastructure and its citizens (just as a business owns personal data, payment information, intellectual property and other sensitive material). While there is some warring between the Lannisters, Starks and other houses, it’s helpful to think of them as various departments within the same organization – jockeying for resources, much as different business units might fight for limited budget. A united Seven Kingdoms allows us to recognize the true existential threat to the security and prosperity of Westeros’s inhabitants – the White Walkers. The most direct cybersecurity parallel to this horde of undead would be a malware botnet. A botnet is a collection of internet-connected devices such as computers, smartphones or IoT devices whose security has been breached and control ceded to a third party (the ice-cold third party being The Night King in this scenario). Much like The Night King is able to raise his victims from the dead to join his ranks, hackers are able to fool unsuspecting users by implanting and executing malware on their devices, oftentimes through advanced phishing attacks, to take control of them. This malware could restrict access to business-critical systems for a ransom and harvest user credentials to grant hackers access to financial resources -- two techniques that could potentially bankrupt an SMB. The hacker can also use infected devices to carry out ever larger-scale attacks, such as Distributed Denial of Service (DDoS) attacks against your website. As we learned in the latest episode of Game of Thrones, The Night King is seeking to launch a DDoS attack on Westeros and beyond, with the goal of permanently shutting down the living. Another similarity that Game of Thrones superfans will appreciate: neither the White Walkers nor hacking tools were originally conceived with destructive purposes in mind. The White Walkers were originally human-like figures created with magic by the Children of the Forest to protect them from the First Men. They were defense weapons created with good intentions that eventually became so powerful, they threatened all of humanity. Similarly, cyberweapons like StuxNet were originally developed as tools of defense to limit the advances of Iran’s nuclear program, but have since fallen into the hands of third-party criminal groups, who continue to leverage the techniques that made StuxNet possible. Speaking of hacking tools that were previously only available to national governments but are now utilized by criminals, the White Walkers currently have access to more powerful resources than ever before – namely, a terrifying ice-fire-breathing dragon. This parallels the now widespread use of tools like those released by The Shadow Brokers in 2016. The exploit EternalBlue, developed by the NSA in the name of national security and leaked by The Shadow Brokers, was used in the infamous worldwide WannaCry attack that affected over 200,000 computers across 150 countries. Similar to the defense measures that many SMBs implement, Westeros has indeed taken steps to protect itself from the murderous throngs of ice zombies to their north. The most notable example of this would be The Wall. 300 miles long, 700 feet tall and fortified with ancient magic, this rock-solid ice wall could most easily (and ironically) be compared to a Firewall. It’s the first line of defense against intruders, and it takes a Night’s Watch of IT Administrators to maintain it, guard it and analyze for vulnerabilities. As any cybersecurity professional knows, a firewall is a significant defense but can be bypassed by a savvy hacker who knows how to exploit human error, compromised credentials and unpatched applications (or in GoT, by a savvy zombie sociopath with a seemingly unstoppable ice dragon). How to fight back So what can be done to keep your digital kingdom safe? First, you want to make sure your organization’s leadership isn’t like Cersei Lannister – Queen of the Seven Kingdoms who is unwilling to address the existential threat from the North. Much like the wise Maesters of the Citadel, you’ll need to educate decision-makers about the consequences of inaction. For example, 60% of SMBs go bankrupt within the first 6 months following a major cyber incident. Because the vast majority of data breaches are due to human vulnerability and compromised credentials, you’ll want to focus on cybersecurity best practices; these practices are your weapons forged from dragon-glass and Valyrian steel – the only ones proven to be effective against White Walkers. Just as Arya Stark is lethally trained by the Faceless Men, make sure your employees are trained to recognize phishing attempts that may contain malicious files or requests. You’ll also want your very own Three-Eyed Raven. That’s to say, you will want to implement a Dark Web Monitoring service to detect when your users' credentials are compromised on the Dark Web. Leveraging visibility of your business’s weak spots will give you a *Stark* advantage against hackers (pun very much intended). Be sure to implement strong password phrases and modify them on a regular basis. Lastly, enlist the help of a dragon of your own. Managed Service Providers are a powerful resource for SMBs, armed with knowledge and experience in fighting off cybercriminals. A reputable MSP who focuses on the above techniques like Security Awareness Training and Dark Web Monitoring will be a fiery champion for your digital realm. ID Agent provides a robust suite of services to address the risks faced by MSPs and that of their SMB clients. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites. SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind. Send us a raven to schedule a demo today!

Read More