How can I keep my company safe from 'credential stuffing' hacks?

Zenefits is committed to keeping your employees' information and data secure. Therefore, we’re sharing context here to help you reinforce the safety of your employee’s personal information from a cyber fraud called “credential stuffing.”

What is credential stuffing?

Credential stuffing is a type of cyber attack using stolen usernames and passwords from one organization (obtained in a breach or purchased off of the dark web) to access user accounts at another organization. For example, cybercriminals often try to reuse passwords and usernames to attempt access to media streaming accounts, ecommerce and bank accounts. 

How to protect yourself and your people

To insulate your people from these types of attacks.

1. Enable Multi-Factor Authentication (MFA) on critical or sensitive accounts. Multi-factor Authentication (MFA), also called two-step login, is required for all administrators’ accounts in Zenefits. It is also offered free of charge for all customer’s employees. It is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN. You should ensure that any application you use with access to personal identifiable information be protected with MFA.
   
   
2. Get a good password manager for your business that can assist you in ensuring your people can not have duplicate passwords across multiple services.
   
   
3. Stay alert. Unfortunately, there are no absolute guarantees of security, and many cyber frauds, like credential stuffing, are done incrementally over time.

Zenefits has an automated alert system that is always monitoring to ensure if any changes are made to critical passwords, banking or healthcare information, the impacted employee will get an email notification directly to verify there were no bad actors involved.

If you receive any of the alerts mentioned above or suspect you might be at risk please don’t hesitate to reach out to our support team to assist you. 

For more information, click here for a podcast on Credential Stuffing Mitigation.