What Is the Dark Web? Is Your Business Data for Sale?

“Is my business safe from the dark web?

Since you’re here, you’re probably asking the same question. And given the dramatic rise of cyberattacks and data breaches over the last year and especially in the wake of the coronavirus pandemic this year, I can’t blame you for asking.

Right now, you’re worried your business data are being sold on the dark web this very moment. How do you have them removed? What do you need to do to mitigate the risks they pose for your business? And what can you do to protect your business from cyber threats in the future?

All great questions, and I will answer them in this blog post one by one to the best of my ability. But for the answers to make more sense, you need to understand first what the dark web is.

What is the dark web?

The dark web is the shady part of the internet that you can’t access via traditional search engines. Why is that? First off, the dark web runs on an encrypted network, allowing users to browse its contents without revealing their IP address (and by extension, their identity).

So it’s no wonder the majority of online illegal and criminal activity is happening in this unhallowed corner of the web. If people want to do something bad on the internet and get away with it, they’d be wise to do it on the dark web. It’s the internet version of the criminal underground. Clearly not a place for the faint of heart.

How do I access the dark web?

To access the dark web, you need to use a specialized browser called Tor or DuckDuckGo. How are they different from typical browsers like Google Chrome or Mozilla Firefox? For starters, these browsers keep you anonymous on the internet by redirecting your web requests through a network of specialized servers.

That anonymity comes with a price. Because the servers are decentralized, browsing the dark web can be maddeningly slow and unreliable.

Dark web websites look like just any regular website, but with some marked differences. One is that their URLs end in “.onion” (instead of “.com”). Wikipedia describes “.onion” as “a special-use top level domain suffix designating an anonymous hidden service reachable via the Tor network.” Try to open “.onion” sites using your regular Chrome or Firefox browser and you’ll get a “DNS address not found” error.

What information can be found on the dark web?

Lots of shady stuff. After all, the dark web isn’t known as the ‘black market’ of the internet for nothing. The dark web is teeming with criminal and unsavory activities that involve child pornography, illegal drugs, fake passports, stolen credit card information, social security numbers, log-in credentials to subscription services, and even hired killers.

Is the dark web illegal?

The dark web itself is not illegal. But most of the activities being conducted there are. In fact, a 2016 report conducted by King’s College in London found that out of 5,205 live sites on the dark web, 2,723 contained illegal content.

So browsing the dark web won’t land you in jail. However, if you engage in an illegal transaction (such as buying stolen bank login credentials or a stolen Netflix login), then that makes you criminally liable.

Is your business data being sold on the dark web?

There are services that can help you find out if your business data is being sold on the dark web.

Before we delve into these services, here are the types of business data being sold on the dark web:

  • Login credentials to software systems
  • Subscription credentials
  • Intellectual property information
  • Trade secrets
  • Operational, financial, and customer data
  • Etc.

Data breaches involving any of the above can put your business at risk in many ways, including:

  • Damage to brand reputation
  • Loss of competitive advantage
  • Fraudulent activity
  • Identity theft
  • Denial-of-Service (DoS) attack
  • Etc.

One simple and easy way to find out if your credentials have been leaked is to go to haveibeenpwned.com. Simply enter your email address and you get a list of “breaches you were pwned in” in an instant.

Another method is to perform a dark web scan. A dark web scan is a service that scours the dark web to check if any of your personal or business data are being sold. Some services, like Experian and Keeper Security, are offering this service for free. You can also subscribe to their paid service if you want deeper web scans (and better results).

Bear in mind that a negative search result doesn’t always mean your data hasn’t been breached or compromised. There’s a ton of debate on whether a dark web scan is ultimately useful. For one, a negative result can give you a false sense of security. In most cases, compromised data won’t be displayed on the dark web because they’re likely to be sold directly to a private buyer.

Remember, the dark web is a convoluted place, and there are many nooks and crannies there even the most thorough dark web scan can’t get into.

What to do if you discover your data is on the dark web

There’s nothing you can do to remove your information on the dark web once it’s there.

However, you can take immediate action to ensure your information won’t be exploited in ways that could be damaging to your business.

You can start by making password changes across the board. Of course, best practices still apply. You want to use strong passwords by including numbers, letters, and special characters. Don’t use a password that’s easy to guess (so “abc123” or your date of birth is out of the question) And make sure that you use a different password for each account. Change passwords regularly and never share your passwords with unauthorized users.

Better yet, use two-factor authentication to add an extra layer of protection to your business data. If you (or your employees) are worried about forgetting your passwords and having them mixed up, use a password manager to help everyone stay on track.

Improve your security posture

Hackers are getting better at cracking passwords year by year. If you want to keep your data secure, you better not rely on password-based solutions alone.

You must adopt a proactive approach to cybersecurity. You need to improve your security posture.

Keeping your information secure is just the beginning. You also have to regularly monitor your systems for potential cyber threats and put in place specific measures to counter them once they occur.

Prevention is better than cure, right?

The steps to improve your security posture include:

  • Set up the required technology to develop and maintain security controls that can stop cyberattacks and data breaches before they happen.

These include:

  • Strong firewalls
  • Security Information and Event Management systems
  • Business VPNs
  • Antivirus and antimalware programs
  • Data encryption
  • Risk assessment tools

All the technology in the world will mean nothing if your company doesn’t have a  solid infrastructure to support your cybersecurity efforts. If you don’t know where to start, our 7 Ways to Prevent a Data Breach in Your Business blog post should prove helpful.

  • Set up an action plan in response to future data breaches or threats.

You need to establish the steps that will be carried out once a data breach has occurred or a threat was discovered. You must establish the measures that will prevent your business data from being exploited in ways that may potentially harm your company (and your customers).

  • Check if your security measures are up to date and effective.

Your firewalls and VPNs might protect your business from theft and fraud this year, but will they be able to during the following year or the next?

As already mentioned, cyberattacks are continually evolving and becoming more sophisticated every year. You have to stay on top of the current security threats and vulnerabilities your company might get exposed to. Putting security safeguards in place is not enough. You need to make sure they’re up-to-date, effective, and relevant to your security needs.

Conclusion

Make no mistake, cyberattacks and data breaches aren’t going anywhere anytime soon. Unfortunately, the dark web is a reality we all have to live with. But that doesn’t mean you can sit by and allow your information to be exploited and compromised.

You can protect your business and customer data from getting into the wrong hands. If you truly love your business and what you do, it’s a responsibility you shouldn’t take lightly. All you need is the right approach, technology, and a dedicated team of experts to pull it off. And yes, a lot of patience as well.

We can help

We get it. Keeping your confidential data safe from the dark web can be expensive, complex, and time-consuming. If you don’t have the resources or the expertise to do it yourself, our team at National Networks will be happy to take the load off your shoulders. By using the latest security solutions, combined with our rigorous maintenance and monitoring processes, we can stop data breaches before they happen (and help you sleep better at night). Don’t let the Dark Web take down your business—contact us now.