The data breaches tab can be found under the Security area of the feature set (Security > Data Breaches).
The emails listed under this section are the same ones that are imported from the PSA and Office 365 connections into the client company.
How does CloudRadial obtain the data breach information?
Once the emails are loaded in, CloudRadial relays the information to the website Have I Been Pwned (you can check out their website here) to see whether their personal data has been compromised by data breaches. Once the results are found, CloudRadial will automatically relay the information back.
Have I Been Pwned's service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts. CloudRadial picks that information up and cross-checks it against the loaded-in email address, allowing users to see their breach status from within their portal.
Furthermore, selecting a specific user from within the Security > Data Breaches section will show the user exactly which breaches they were found in, and when.
How should partners be using this information?
The following is true of the data breaches tab:
- The query to the HaveIBeenPwned database happens on a multi-month basis
- Partners can force a manual sync by selecting the Sync button under Security > Data Breaches
- New data breaches do not trigger an email or other notification
- The list of data breaches is not exhaustive - there could be many more areas the user's data has been exposed
- When connected to Office 365, CloudRadial will display their multi-factor authentication (MFA) information next to their email
As such, the data breaches tab is not meant to be an active reporting section.
The data breaches tab is best utilized when discussing appropriate cybersecurity and compliance postures. Partners are encouraged to educate their customers of the “When, not IF” mentality of data breaches.
In short, this section is best used to generate conversations with the client that lead to active efforts to mitigate the risks associated with data breaches.
MFA reporting troubles? Check this article on MFA status debugging.