The technology landscape is constantly growing and evolving, but with that growth comes an increase in the number of potential technological threats to individuals and businesses. One of those increasing threats is the Dark Web. While you’ve likely heard the term “Dark Web” before, you may not know exactly what it is. It’s an important thing to understand so you can protect yourself and your organization, so let’s learn more about it.
What is the Dark Web?
Simply put: The Dark Web is a part of the internet that does not get indexed by search engines in the way that a normal website would. It’s hidden and more difficult to access than the internet you use every day, and this hidden nature makes it a popular destination for criminal activity. Things like fraud and the sale of drugs, weapons, stolen credit card info, and much more are not at all uncommon on the Dark Web.
Because the Dark Web isn’t indexed by traditional search engines, it also can’t be accessed through traditional web browsers like Chrome or Safari. It can only be accessed through a specialized browser like “Tor”, which allows for anonymous, private access to the internet. This is a great benefit to bad actors who prefer to stay anonymous while conducting illegal activity on the Dark Web.
The Dark Web and Your Organization
So, how does all of this relate to your organization? The short answer is “cybercrime”. For example, a hacker could very easily find and purchase login credentials belonging to the employees at your organization. How is this possible? It typically starts with a data breach. Whether it’s LinkedIn or Target, the usernames and passwords involved in the breach are likely to make it into the Dark Web where they will eventually get sold for a large profit.
Anyone who wants to generate streams of illegal income by monetizing stolen credentials can easily buy them on the Dark Web. Once the credentials are purchased, the bad actors can use them to launch cyberattacks against your users, or even your business email or network. Think of this like a robber walking to the local hardware store to buy a copy of your house keys that you didn’t even realize were for sale. It really is that simple.
How to Protect Yourself and Your Organization
If you’re stuck wondering: “is there anything I can do to mitigate this?”, there are some simple steps you can take. One thing we recommend is checking to see if your email addresses and passwords already exist on the Dark Web. One easy way to do this is by visiting haveibeenpwned.com. Check your business and personal email addresses here regularly. If you find any matches, change the relevant passwords immediately.
Whether you found your credentials listed on the Dark Web or not, another reliable cybersecurity best practice to keep your and your organization’s data safe is to avoid using the same password across multiple platforms. There are many free password management tools such as LastPass or 1Password that can help you accomplish this. We also recommend enabling multi-factor authentication (“MFA” or “2FA”) on any personal or professional accounts that support it.
Lastly, contact your managed service provider to make sure they are proactively monitoring the Dark Web for any domains or credentials belonging to your organization. Catching compromised business data early can be the difference between a minor inconvenience and a cyber catastrophe. Have more questions about the Dark Web or need help implementing these safety measures?
