The Dark Web is not an ‘old wives’ tale’ or a story made up by the IT industry to sell more services. It’s a real online world that’s essentially a marketplace for cyber criminals. If they get their hands on stolen data, the Dark Web is the online ‘underground’ where they go to trade it. Just as in every other walk of life, people wait to exploit everyday mistakes—like accidentally sharing your company’s account information with someone who pretends to be a bank employee—and then sell it to the highest bidder so they can then use that information to transfer your funds or cut your access for a ransom. This kind of thing happens every day.
What might this mean for you if you find you’re on the Dark Web?
Most critically, it puts your business and your customers at risk. For example, as a business, you probably store a lot of the Personally Identifiable Information (PII) about your customers which, if leaked, can even shut down your business by:
- Inviting lawsuits that require you to shell out large sums of money in the form of fines or settlements
- Causing serious damage to your brand (who trusts a company name that’s known to leak personal information?)
- Resulting in the loss of customers and new business
What are Dark Web monitoring services?
One of the most direct ways to reduce the risks of being on the Dark Web is by signing up for Dark Web monitoring services.
As a part of a Dark Web monitoring service, you can keep an eye out for any information that is related to you. There are a variety of Dark Web areas where your information might be available on the Dark Web. Examples include:
- Chat forums
- Blogs
- Social media platforms (yes, there’s a Dark Web equivalent of Facebook and other social medias)
- Online marketplaces (the Dark Web’s version of eBay or Craigslist)
Vulnerability Alerts can be set up as the next step to monitoring. These notify you immediately if anything that might be related to you becomes available in the Dark Web. To be honest, sometimes these alerts prove to be false positives, but a little investigation—sometimes no more than a few minutes—is all you need to know if an alert needs action or not. And when you consider the possible consequences to having your data in a criminal marketplace, it’s better to spend a few minutes to ensure you’re safe.
Even better, companies that offer Dark Web monitoring services may also be able to offer you industry insights, trends, and benchmarks that can help you proactively tighten your cybersecurity. Not to mention provide cybersecurity services that dramatically limit the likelihood your data will be stolen in the first place.
What you can do: Protecting your data against the Dark Web
Paying for monitoring services might not be an option for everyone. So in the interest of keeping you safe, here are a few things that you can do to keep your data safe in the first place.
NOTE: No company is too small to follow these guidelines. Even 1-person owner/operators have online credentials.
Password hygiene
Follow password hygiene best practices. Establish clear password policies and rules and regulations regarding password sharing. A big one is stopping the use of the same passwords for multiple accounts, or the use of passwords that are too simple or obvious like the user’s name, birthday, or numbers in sequence, etc. You’d be shocked to know how often “password” and “secret” are used.
Train your staff
Train your staff to identify spam, phishing, and other malware traps. Conduct tests and mock drills and re-train those who don’t pass them. Keep your staff updated when there’s a new kind of threat surfacing for small businesses.
BYOD policies
If you allow your employees to bring their own devices to work, establish a clear BYOD policy that includes how and when they can be used on your network. This will help you manage the risks associated with unknown devices.
Access permissions and roles
Establish different user roles for your staff and give them role-based data editing, copying, or sharing permissions, so that each employee only has as much access to information as they really need.
Dark Web monitoring may already be available to you
Many Managed Services Providers (MSPs) provide Dark Web monitoring services. In fact, we have our own solution that can also include employee training, testing, and regular reinforcement along with other services that reduce common security gaps.
Being exposed in the Dark Web can be exhausting, scary, and unfortunately life-threatening to a small business. Teaming up with HDCav and our cybersecurity specialists can help keep you safe. Contact us if you’d like to learn more.