Most people have heard of the dark web but many are unsure of what exactly it entails and why it’s so dangerous for businesses. Today, we take a look at this murky part of the internet and go through some simple steps you should take to protect your business from criminals on the dark web.
What exactly is the dark web?
Before we can dive into what the dark web is, we need to understand the concept of the deep web. The deep web basically refers to areas of the internet that can’t be indexed by search engines like Google. Many websites on the deep web are not illegal at all – they just don’t use links to show up on search engine listings.
Examples of these kinds of perfectly legitimate sites on the deep web include government databases and ordinary internet user’s personal information like bank details. In fact, about 96% of online content exists on the deep web, consisting largely of confidential data that is protected under a layer of security and isn’t indexed by search engines because it’s exactly that – confidential.
The dark web makes up a small sliver of the deep web and consists of content that isn’t accessible without anonymising encryption software like TOR. This section of the internet is notorious for illegal activity like drug dealing, illegal pornography and weapons trading.
How Dark Web Criminals Target Businesses
The biggest threat businesses face when it comes to the dark web is the marketplace it offers for stolen and leaked company data. Businesses possess a wide range of confidential data from the personal details of their employees and client information to company financial details. This kind of data is very attractive to criminals who can sell it for a good profit or use it to commit ransomware attacks.
Company data can end up on the dark web in a number of ways. ‘Hacktivists’, for example, are malicious or agenda-driven criminals who seek kudos from their peers by being able to penetrate your cybersecurity. They will publish your stolen data online simply for kicks or because they want to damage the reputation of your business.
Your employees are often a weak link and can accidentally leak your data if they fall victim to something like a phishing email. That’s why security awareness training is so important. Disgruntled ex-employees could also be behind a data leak as they can easily copy data to a memory stick and share it. Meanwhile, ‘script kiddies’ or ‘skids’ are individuals who run automated scans to source poorly protected websites and servers for their next potential targets.
Big threats for SME’s
It makes the national news when a large bank has a security breach, but they aren’t the only ones at risk of dark web cybercrime. Small businesses are arguably facing a bigger risk because they often lack the cybersecurity resources needed to cope with these threats. In the eyes of dark web hackers, all data is equally valuable whether it’s stolen from a large company or a small one – especially if that business operates in the financial or healthcare industry.
Cybercrime is opportunistic by nature and this makes all types of businesses into targets. Once the perpetrators have access to your data, they can cause massive damage. Corporate credit cards can be used to purchase illegal substances on the dark web, employee personal details can be used to target people with fraud and phishing attempts and client information can be exploited for good old-fashioned blackmail.
Cybersecurity experts know that every day, millions of hidden web dumps of company data like this take place. Terrifyingly, the majority of organisations that fall victim to these data leaks are completely oblivious to this because the stolen data is obscured by the dark web. As the risk of getting caught for these data dumps is low and there’s an opportunity to make a lot of money, cybercrime like this is an incredibly attractive prospect for opportunistic crooks.
So how can I protect my business?
Fortunately, there are plenty of things you can do to safeguard your company’s data and reduce your chances of falling victim to hackers. These include some very simple steps your employees can take as well tools and software that offer an extra layer of security to your sensitive data.
Here are our top nine tips:
1. Always use sophisticated passwords. Make sure they’re a combination of lower and upper case letters, numerals and symbols. The more unique your password is, the harder it is to crack.
2. Change passwords regularly. It’s also a good idea to use memorable fake answers to security questions.
3. Have different passwords for each account. It can be a headache remembering a bunch of different secure passwords and since you should never write them down, we recommend using a reliable third-party tool like LastPass to keep track of them.
4. Install firewall, anti-spyware and antivirus software. Together, these provide a strong line of defence against malware attack and phishing attempts.
5. Have strong company guidelines on internet use. Make sure all your employees know how to use the internet safely by not clicking on unsolicited links. You could also consider restricting the use of personal devices on your company wifi.
6. Consider installing a Virtual Private Network (VPN). A VPN is one of the most effective tools for protecting your business from dark web criminals. A VPN hides your location and browsing history from anyone who may be trying to illicitly access it.
7. Use two-factor identification (2FA). This makes it virtually impossible for hackers to access online accounts.
8. Make sure the websites you use are secure. Make sure the web address at the secure checkout section of a website starts with ‘https’ rather than ‘http’ and has the padlock icon in the far left side of the address bar.
9. Protect your business by investing in quality IT services and products. Some things are best left to the experts. Here at Onestop IT, we work to provide custom IT security solutions that help you protect your business against dark web cybercrime.