Posted 10th January 2020
In the deep and murky depths of the internet lies the Dark Web. It’s so hidden that users have to use a specific encrypted browser (TOR) to access it and its name describes it perfectly, a secretive place full of negative activities.
Because the Dark Web is anonymous and encrypted, it’s the ideal place for criminal activity to take place. Aside from being a spot where you can buy and sell weapons and hire criminals, it’s also the place where stolen data and information is traded. This information can include any personally identifiable information including names, dates of birth, banking details, and national insurance numbers. Any information stolen from businesses through hacking or phishing scams can be sold on the Dark Web.
The effects on business can be far reaching. Aside from potentially compromised security from employee logins and passwords being shared, there is also the possible impact of GDPR breaches resulting from stolen customer and employee information. No company or organisation is safe with even the American Bar Association finding that one in four law firms had experienced breaches (imagine the sensitive information that was sold as a result of those). With 53,000 known security incidents in 2018, the need to protect your data from the Dark Web is increasing daily.
We imagine you probably already have computer usage guidelines which let staff know what is and isn’t appropriate for the workplace, but it’s a good idea to revisit them. Let your team know that they are prohibited from using TOR on your devices. Where possible you should use software to block TOR, as not only is it a place for online criminal activity, it can also expose your company to damaging malware.
We realise that we say this a lot, but there’s a reason why we keep on repeating ourselves. Your team can be the weakest link in your cybersecurity, so keeping them educated and up to date reduces the likelihood of a data breach. Reusing passwords is a particular bugbear for us. Although it’s easy to remember a single password and use it for everything, it also makes it much easier for someone to access all your accounts with it. Poor password management also becomes an issue when staff use the same passwords for their work systems as they do for their home systems, this creates further risks to your business.
Two points here. Firstly, consider who in your company has access to sensitive data (you should be doing this under GDPR anyway). Keeping things on a need-to-know/access basis means that there will be fewer employees with access and therefore less likelihood of a breach.
Additionally, remember that you shouldn’t store sensitive information unless you really need to. For example, payments can be taken via third party apps. Keeping sensitive data to a minimum means that there is less available to be stolen.
Dark Web monitoring goes hand in hand with the rest of your cybersecurity measures. LP Networks’ monitoring checks the Dark Web for usernames and passwords connected to your company’s domain and reports back to you. We also alert you if any new information is listed for sale. This means that if you do suffer a breach, you have a heads up to update passwords and usernames and to notify your team.
To learn more about our Dark Web Monitoring Service, contact us today.