by Not everyone knows about the dark web. That puts many people and businesses at a disadvantage when it comes to protecting business and customer data. Even if you run a tight ship with network security, there is always the possibility that risks to your business are out there where you can’t easily see them.
The best way to combat these risks is to understand what the dark web is, and what you can do to prevent severe and expensive data breaches.
What is the dark web?
It may surprise you that there are parts of the web that are virtually invisible to most search engines. This is the dark web. Standard search engines do not index its contents, and Google won’t be of any help. The only way to access the dark web is to use a specific browser called Tor and its search engine, DuckDuckGo. Accessing the dark web on Tor means going through layers of built-in encryption, which hides users and user locations from scrutiny.
What’s on the dark web?
A lot of bad stuff. There are networks of underground communities that often deal with criminal activities, including weapons dealing, child pornography, and illegal drugs.
There is also a huge market for stolen data. Possibly your data.
There are quite a number of dark web websites where hackers sell stolen data to other criminals. Some of these bad actors use this stolen data to commit identity theft, fraud, or as a means to infiltrate your network to go after your business and financial accounts.
Is your information on the dark web?
Good question. If the dark web is not accessible through traditional means, how will you know if your business data is being traded on the black market?
You could try going down the rabbit hole yourself. That would mean setting up a secured connection, downloading and installing Tor or similar dark web browsers, and learning how to navigate it safely. You’ll have to figure out where to look and what to avoid for just your peace of mind.
Seriously, the dark web is not a place for casual browsing.
Businesses such as Norton, Experian, and others offer dark web monitoring, which scans dark web sites in search of available data for sale. Searches often use personal information and email addresses (yours or your employees’) to see if account information is up for sale. If you find that is the case, you now know you need to take immediate steps to protect your data: Across-the-board password changes, firewall updates, data encryption protection, and notification to account holders of the breach.
Yeah, that last one hurts, but better to warn customers now and show how serious this could be than to let them find out the hard way. If you’re in the health or financial industries, failure to take steps tend to result in hefty fines.
It pays to take immediate action.
Even if dark web monitoring doesn’t come up with anything related to your business or your account holders, don’t think you can let your guard down. It’s challenging to see every corner of the dark web, so there is still a chance that your sensitive business data is out there somewhere.
Set company-wide password protocols
A lot of stolen data found on the dark web comes from business or online accounts you or your employees are likely to have. These could be financial accounts such as Capital One to innocent, recreational accounts like Words With Friends. Facebook compromised information on over 540 million users in 2019 by leaving records exposed on an unprotected server.
Breaches happen and will likely continue to occur despite the best efforts of cybersecurity experts working all over the world. What cybercriminals take advantage of, however, is the knowledge that many people use the same password across all their accounts. Their Facebook password is often the same as their Adobe password and their Marriot password (two other companies who recently experienced significant breaches).
When a bad actor purchases data on the dark web and that data contains passwords to one account, they may find they have access to multiple accounts — even your business accounts — thus making data theft, identity theft, and fraud that much easier.
Your business can combat this by setting strict password protocols for all employees and, ideally, clients. There is no shortage of good advice on how to promote good password practices in the workplace. Some good ways to start would be:
- Strong passwords using numbers, letters, and special characters
- Not using passwords using names, birthdays, or other “guessable” information
- Use two-factor authentication
- Change passwords regularly. Never repeat passwords. Never share passwords
- Use a password manager to handle multiple passwords
A cybercriminal’s efforts will only be successful if you or your employees or clients fail to practice proper password usage.
More than just passwords
Just as there are thousands of websites, blogs, and articles advising you on safe password protocols, there is also no shortage of good advice on other ways to protect your business networks from cyber attack. Some ways to guard your networks include:
- Build strong firewalls
- Have a disaster recovery plan
- Using Security Information and Event Management (SIEM) systems
- Use VPNs, avoid public WiFi
- Have a mobile device security protocol
- Apply data encryption
- Train employees on safe email practices and how to avoid phishing scams
You can keep your business and customer data safe, but it takes effort and will. Knowing that the dark web exists is a good start. Taking steps to guard your business against the dangers of theft and fraud is then critical. You owe it to yourself and your customers to take the threat seriously. Even if you don’t have any evidence that hackers are selling your data online, it’s best to be prepared.
