Alert Workflow

Immediate Notifications

When a breach is detected:

  1. Instant Alert: Organization admins receive immediate notification

  2. Affected User Notification: Individual whose credentials were found is notified

  3. Risk Assessment: Automatic severity scoring based on data type

  4. Recommended Actions: Step-by-step remediation guidance

Breach Monitoring Best Practices

Unique Passwords Everywhere: Use a password manager to ensure every service has a unique password. When a breach occurs, only one account is compromised.

Enable 2FA Universally: Two-factor authentication dramatically reduces the value of stolen passwords to attackers.

Monitor Personal Emails: Team members should add personal email addresses to monitoring, as breaches of personal accounts often lead to work account compromises.

Regular Password Rotation: For critical systems, implement regular password rotation policies (90 days).

Breach Drills: Periodically test your breach response process with tabletop exercises.

Password Manager Required: Make password manager usage mandatory for all team members.

Incident Response Plan: Have a documented process for handling breach notifications.

Understanding Breach Sources

Breaches come from various sources:

Service Breaches: Legitimate services get hacked (LinkedIn, Adobe, Dropbox, etc.). Not your fault, but you still need to respond.

Stealer Malware: Malware on devices exfiltrates stored passwords. Indicates endpoint compromise requiring immediate action.

Phishing: User tricked into entering credentials on a fake site. Requires security awareness training.

Supply Chain: Third-party service you integrate with gets breached, exposing your data.

Insider Threat: Rare but serious - someone with authorized access leaks credentials.

Breach Statistics and Trends

Organization Dashboard

View breach trends for your organization:

  • Total breaches detected over time

  • Most affected services

  • Average time to remediation

  • Password reuse patterns

  • 2FA adoption rates

Individual User View

Each team member can see:

  • Their own breach history

  • Services where they're at risk

  • Password hygiene recommendations

  • Comparison to organization average

Critical: When you receive a breach alert, treat it as an active security incident. Attackers monitor the same breach databases we do and will attempt to exploit credentials within hours of a breach becoming public.

PreviousTaking Action on BreachesNextEndpoint protection

Last updated