There is a lot of mystery around the Dark Web and like all good mysteries, everyone talks about it but few people really understand what it is or what you can find there.
In simple terms, the Dark Web is very much like the dark, dingy alleyways behind buildings where people wishing to remain anonymous lurk, peddling their wares and services. In the pre-internet times, it was in those hidden spots that you could purchase stolen and high-end items for a bargain basement price. It was also there that you could get conned or knocked over the head, and could even lose your wallet!
The Dark Web is much like that illustrative example and the things you can buy on there range from stolen credit card details, usernames and passwords through to drugs and “hitman” contractors. If only this was the description of the next block buster movie, but sadly no, it is the reality of the world we live in!
The Dark Web is a bad and creepy place (you start to get that!) but you may ask “if I don’t plan to go and check for myself, why should I care?”. The answer is simple. Whilst you might not plan on delving into the Dark Web, it doesn’t stop malicious actors from selling your sensitive information there.
Indeed, they can get this information from a range of different sources; from simple apps like Facebook and Instagram as your details are publicly available, or through hacked websites where they will gain passwords and potentially credit card information. Once your sensitive data is hacked, hackers put a price on it and sell it. Sometimes the information is sold as a one-time bundle to the highest bidder, other times information is sold multiple times for a low price to multiple parties. Unfortunately, once the cat is out of the bag, you can’t get it back!
Considering the dark web is not exactly like a News site where you would receive a notification if your sensitive data was found, the question is “how could you know”? Therein lies the problem – you won’t know until the information is being misused. It could potentially be your iTunes account used to buy iTunes gift cards, or your credit card used to rack up a massive bill on the other side of the world. Put it simply, you won’t know until it’s too late.
However, such misadventures can be avoided with the help of a Dark Web monitoring service. These are designed to go where no respectable person wants to go and send an alert as soon as sensitive information is found on the Dark Web. This way you can quickly act to prevent potential unwanted exploitation.
There are a few “free” Dark Web monitoring services available that can offer some level of protection. However, given those are free, the response you get from them is often less timely than that of a paid service, leaving plenty of time for your information to be sold and misused.
Correct Solutions’ Dark Web monitoring service keeps an eye on the seedy side of the Internet 24/7 and reports if anything is out of the ordinary, allowing you to immediately assess what needs to be done, such as checking where else you used the breached password (which of course you shouldn’t be doing anyway, but that’s another story) or place a hold on your credit card before the bad guys have a chance to rack up charges on it.
What can you do to protect your sensitive information better?
- The first step would be to invest in a Dark Web monitoring service so you can better protect yourself and your organisation. With this in place, you will know quickly if information is out there and you’ll have the ability to do something about it.
- The second step is to ensure you train your staff effectively for all IT related security issues. Train them in how to identify scams, phishing emails, etc. so they don’t enter real usernames and passwords into sites that are only designed to capture information and then funnel it to the Dark Web.
- The third step is to review your password policies. Look at how you handle passwords within your business and how complex they are as well as how often they are changed. Look at enabling Multi Factor Authentication for as many websites and resources as possible, so that if a password is leaked, it can’t easily be used by malicious actors.
- The fourth step is to do a complete review of your network security. This would include reviewing which of your staff can store information on devices you might not own, looking at who has access to what in your business and evaluating if they really need it to do their job.For example: We’ve seen the case of a customer’s team member who was granted access to a finance folder “to do a quick job for the team” but the access was not revoked upon completion, leaving critical information open to those who shouldn’t have access.
- And the final step, which should actually be the first step really, is to talk to us. Talk to us about reviewing all of the above items on a regular basis. Your requirements change as business evolves, therefore so should your security policies. Don’t become complacent in thinking because you checked this recently it should be all right. That’s exactly what the malicious actors are hoping and looking for. Call us. Call us NOW!