INTELLIGENT BRANDS // Enterprise Security
Powered By
Other steps businesses should take to protect against credential
stuffing include:
1. Monitoring for leaked credentials of your employees. This will alert you to
instances of breaches including your organisation’s email domain.
2. Monitor for mentions of your company and brand names across cracking
forums. This can help to inform the security solutions you invest in. Use Google
Alerts for this as it can help identify the specific risks to your business.
3. Monitor for leaked credentials of your customers, allowing you to take a more
proactive response.
4. Deploy an inline Web Application Firewall. Commercial and open source
web application firewalls, like ModSecurity, can be used to identify and block
credential stuffing attacks.
5. Increase user awareness. Educate your staff and consumers about the dangers
of using corporate email addresses for personal accounts, as well as reusing
passwords.
6. Gain an awareness of credential stuffing tools. Keep an eye on the
development of credential stuffing tools, and of how your security solutions
compare to their capabilities.
7. Implement multi-factor authentication that doesn’t leverage SMS. This can
help to reduce account takeovers, but make sure this is balanced against the
friction it can cause.
60
INTELLIGENTCIO
www.intelligentcio.com