Revamped tool identifies at-risk users through deep web searches and hundreds of breach databases for no-charge.

 KnowBe4, provider of the most popular security awareness training and simulated-phishing platform, today announced the release of the new version of its Email Exposure Check (EEC). The new version is called the EEC Pro, has powerful additional features and is still provided at no cost.

While employees give out their corporate email for various reasons, IT is hard-pressed to keep track and manage the risk. EEC Pro helps IT by identifying an organisation’s at-risk users by crawling social media information and scouring hundreds of breach databases to identify risk associated with user emails and identities. The more at-risk email addresses a company has, the bigger its attack surface, and the higher its risk.

EEC Pro only requires filling out a form, and works in two stages. The first stage performs deep web searches to find publicly available organisation data provided on sites such as LinkedIn and Facebook. This allows the EEC Pro to show what organisational structure an attacker would be able to easily pull together and use to craft targeted attacks.

The second stage of EEC Pro utilises the Have I Been Pwned data breach service to find users that have had their account information released in any of several hundred breaches. These users are particularly at-risk because an attacker knows more about them, potentially including their actual passwords. As the final step, EEC Pro provides a detailed summary report to the IT team, including an overview of the data found, a summary of organisational risk levels, and a link to a web report that contains a full list of all users found, the breaches the users were found in, and an overview of the data included in the breach. This allows IT managers to ensure exposed emails or exposed passwords are modified.

“Since 91% of data breaches start with a successful phishing attack, an organisation must act reasonably or do what is necessary or appropriate to protect its data and take steps to identify weaknesses that expose their employees,” said Stu Sjouwerman, Founder and CEO of KnowBe4. “Employees are the last line of defence within an organisation. We want to make it as easy as possible for IT professionals to reduce their attack surface and strengthen their weakest links. You need to create a ‘Human Firewall’”

Exposed emails and passwords can lead to recent data breaches such as those experienced by security companiesMandiant and Enigma where compromised passwords were not changed.

More information about EEC Pro is available here