How to use Breach Scanner for your company

The results will show on the Dashboard page within 24 hours after the Breach Scanner is set up in the Admin Panel.

These statistics include:

  • Total number of breaches, scanned active members, and scanned domains;

  • High, low, and total number of risks;

  • Chart with a total number of breaches at the end of the month for the past six months.

Click on "High risk" or "Low risk" to see an ordered list of all breaches to get more insights.

dashboard.png

 

Data Breach Scanner page

Active members tab

Any active NordPass members' accounts found in any known breaches will appear under the Active Members tab. If a member is on vacation, you can "Ignore Member" and the breach scanner will stop reporting any breaches related to their account.

If you resolved a breach (i.e., changed the password of the compromised account) and no longer wish to see it in the list, you can mark this breach with a "Resolve Breach" button. To mark all breaches as resolved, select "Resolve All Breaches."

active-memebrs.png

Resolved breaches tab

Once you resolve breached accounts or specific breaches, they will appear under the Resolved Breaches tab. If you resolve them accidentally, you can select the "Restore Breach" button or apply "Restore All Breaches" for all of them.

restore-breaches.png

Ignored members tab

If you decided to exclude a member from the breach scanning, you can find this member in the Ignored Members tab. You can easily return this member to breach scanning using the "Restore Member" option.

ignored-members.png

Domains breaches

Any breached email accounts with your organization domain that are not active NordPass members will appear under the Domain breaches tab. You can invite them to become NordPass members and join your organization by clicking "Invite to NordPass'' or delete this email from the breach scanner report via "Delete Domain Email."

domain-breaches.png

How risks are classified?

We are counting breaches as a compromised data group on one website. If one website, phone, or address gets compromised, we are still counting it as a single breach.

A single breach can be classified as "High risk" or "Low risk" only. The risk level is assigned based on what data was compromised. For example, a leaked date of birth or company name is treated as "Low risk." "High risk" data is considered to be:

  • Third-party systems API keys;

  • Bank details;

  • Credit card details;

  • Passwords;

  • Social security numbers.