Password combination with your user id is only your entry into a website.  When a company is hacked, it usually starts with obtaining usernames and passwords.  Are your employees using multiple passwords for logging into software or websites or is it generally the same password?  When cybercriminals find this information, they can use it multiple ways.

If an employee’s credentials are compromised, cybercriminals can sell the information on the black market.  As stated before, cybercrime is a very profitable business.  This sold information allows a less than honorable person to login websites pretending to me you.  If you use the same password across accounts, a cybercriminal cannot get to one website but many other websites.  If you notice, many websites ask
if you want to login using your Facebook or Google Gmail account.  This is not recommended.  A unique password should be used instead.  There are several encrypted password vaults to store passwords.  If one is used, a unique strong password should be used for creating your credentials.

Another recommendation is to use 2-factor authentication when possible.  TechSage Solutions uses this tools for all of our company tools.  Two-factor authentication identifies users by using a combination of two different components.  If one of our employees' credentials are compromised, the cybercriminal can’t proceed unless they can penetrate the next level.  You probably noticed when logging into most banking institutions, they will either email code or send a text before you are allowed to completely login into your website destination.  This is highly recommended for all business related websites.

Another tip is to set-up alerts on all financial sites.  This has saved me several times from fraudulent charges.

Monitor the companies email accounts to identify any breaches.  Any compromised employees email credentials should be addressed immediately