Do you know about the “Dark Web”? It’s the part of the Internet where your private data – passwords, social security, credit card numbers, etc. – could be for sale right now. Do you know how to check if they are?
The Internet isn’t all funny videos and social media.
Between phishing, malware, and a seemingly never-ending list of scams, there are a number of serious dangers that are important to be aware of.
But there’s an even a darker corner of the web where few people dare to venture that can have a wide-reaching and severely damaging effect on your business: the Dark Web.
Recently, cyber thieves released a huge list of compromised emails and passwords known as Collection #1. It contains 773 million records, making it one of the largest data breaches to date. If your information has ever been breached, it’s most likely on this new list – and that list is on the Dark Web.
Even the federal government has had a hard time locating those responsible and stopping them. The Department of Homeland Security made their first bust involving criminals selling illegal goods on the Dark Web just last year. The arrests were made after a year-long investigation. Though this is good news, it doesn’t even scratch the surface of all the criminal activities taking place on the Dark Web.
The bottom line is that you can’t wait around for the government or anyone else to protect your business from cyber thieves. You have to be proactive about securing your database. Your personal and business information should not be for sale on the Dark Web, but how can you stop this?
What Is The Dark Web?
The Dark Web is a small part of the much larger “deep web” – the common name for an extensive collection of websites that aren’t accessible through normal Internet browsers. These websites are hidden from the everyday Internet — or Clearnet — users through the use of overlay networks.
They’re built on the framework of networks that already exist, and there are a lot of them. In fact, the Deep Web makes up the majority of the information online. Which, when you consider how vast the corner of the Internet you frequent is, is nothing short of terrifying.
This unseen part of the Internet is a perfect place for less than scrupulous individuals to connect, network, and share tools, tips, and information. And it should go without saying that whatever their up to on these sites is nothing good.
Personal information such as school and medical records, bank statements, and private emails are all part of the immense Deep Web. To gain access to this information, you must be able to access an overlay network using specialized software and passwords. This is a good thing, because it keeps sensitive information safe, and prevents search engines from accessing and indexing it.
Why Is The Dark Web Used To Sell Private Information?
The added security of the Deep Web makes it attractive for those who want their online activities to remain anonymous. Unlike the Deep Web, which prevents outsiders from accessing information, the owners of Dark Websites allow anyone with the right browser to access their sites. One of the most popular of these is The Onion Browser, more commonly known as Tor.
The Dark Web is like “The Wild West” of the Internet. It’s an area beyond the reach of law enforcement, hence the complete lack of regulations or protection. Although not everyone who uses the Dark Web engages in illicit activities — it has a history of being a platform for political dissidents and corporate whistleblowers — many visitors are there for less than upstanding reasons.
Cybercrime costs US businesses billions of dollars each year. The majority of information hackers steal from businesses ends up on the Dark Web for sale to identity thieves and corporate spies.
But, the real danger is that it provides communication and educational training ground for hackers and would-be hackers. Although the competition among different hacking groups is fierce, there’s still a willingness among cybercriminals to share techniques and assist one another.
It’s this access to the “tools of the trade” and the guidance required to pull off successful hacks, attacks, and scams that makes the Dark Web so dangerous to your business. Anyone with the time and inclination to learn how to steal valuable data from your business can check out an online tutorial or two, pay for some basic hacking software from one of these marketplaces, and set their sights on you.
While they might not be the stories that make national headlines, small and mid-sized businesses are targeted every day by cybercriminals looking to make a fast buck.
How can you protect yourself?
When a news story comes out about a large corporate hack, businesses often scramble to learn how they can better protect their businesses – but that’s the wrong time to start thinking about it.
Don’t wait until a breach occurs – start protecting yourself now. The advice you should follow centers around educating your employees about the dangers of online crime and developing company procedures to prevent it from happening.
The first step is to make sure you (and your staff) use stronger passwords…
Top 4 Password Mistakes To Avoid
Length and Complexity
Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out. That’s why short and simple passwords are so common – users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers.
It is quite common for people to reuse passwords across their digital accounts. While it may be easier to remember one password, it makes it extremely easy for bad actors to gain access to every account once that password is compromised.
Many users assume that information specific to them will be more secure – the thinking, for example, is that your birthday is one of a 365 possible options in a calendar year, not to mention your birth year itself. The same methodology applies to your pet’s name, your mother’s maiden name, etc.
However, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook, LinkedIn, and other sites to determine when they were born, information about their family, personal interests, etc.
Pattern and Sequences
Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.
Maybe you think your passwords are fine.
It’s certainly possible – but it’s one thing to skim over a list of common password mistakes and assume you’re probably still OK.
Sure, maybe that one password is based on your pet’s name, or maybe that other password doesn’t have any capitals or numbers – what’s the big deal, really?
If you’re so confident, then why not put it to the test?
Probably not as well as you’d hoped, right? The reality is that truly complex passwords can be difficult to come up with, and even more difficult to remember.
Top 3 Tips To Keep Your Data Off The Dark Web
Train staff members on the proper handling of corporate data and procedures to limit data loss, including ways to handle phishing scams.
Besides an initial onboarding training session, all employees should attend refresher courses throughout the year. The vast majority of cybercriminals gain access to a company’s network through mistakes made by employees.
Require the use of strong passwords and two-factor authorization.
It’s advisable that you assign strong passwords to each individual employee to prevent them from using passwords that are easy to guess, as well as implementing two-factor authorization.
Unfortunately, all these tips are meant to be preventative – they’ll increase your security and protect against cyber criminals taking your data in the first place. But what if you’ve already experienced a breach?
How can you find out if your data is already up for sale?
What About Dark Web Scanning?
There’s only so much you can do on your own – but there are now more direct ways of checking whether your data has been compromised on the Dark Web. Many security vendors now offer cyber-surveillance monitoring solutions that can scan the dark web for your credentials.
Our Dark Web monitoring solution keeps tabs on the shadiest corners of the online world 24 hours a day, 7 days a week – no exceptions.
Features of KTG managed security services include:
Security Awareness to keep your staff prepared to spot and stop hackers from harming your business
Password Manager to help you and your staff maintain complex, hard to crack passwords
Multifactor Authentication to prevent external parties from accessing your systems with stolen passwords
Data Leak Prevention to make sure the integrity of your business data
Vulnerability and Patch Management to make sure no weakness in your cybersecurity is overlooked.
This isn’t a matter of “what you don’t know won’t hurt you”. In fact, it’s the opposite. You can’t afford to ignore the dark web.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.