If your employees used their work email addresses to log into Ashley Madison, and reused their work passwords, then you've got a problem.
"Based on reports, it appears that there are thousands of users who signed up using their company email address," said Jason Hart, vice president and CTO for data protection at Amsterdam-based Gemalto.
He hopes that these companies are using multi-factor authentication.
"I hate to kick the Ashley Madison users while they’re down, but it seems that the people who might have fallen for the Ashley Madison offer might also be the types who would use the same password on every site they signed into—including work," said Tom Pendergast, chief strategist for security, privacy and compliance at Bothell, Wash.-based MediaPro Holdings, LLC, a security awareness training company.
Enterprises that don't have multi-factor in place, or are only starting to roll it out, need to take other steps.
"Companies that find employee email addresses within this trove of information would be wise to require new passwords across all company services," said Adam McNeil, malware intelligence analyst at San Jose, Calif.-based Malwarebytes Corp.
In addition, companies need to have training programs in place so that employees know not to reuse their work email accounts or passwords on other sites.
"An alarming majority of employees don't understand the security risks of their behavior," said Darren Guccione, CEO and Co-founder at Chicago-based Keeper Security, Inc.
Training programs should also include mock phishing campaigns, he added. "This is a true test of an employee's ability to spot a suspicious email," he said.
Sign up for Computerworld eNewsletters.