Chris Barr, Technical Director at CT, explains the Dark Web and how to protect your business.
With the surge of home workers connecting to a remote system via the internet, cyber attacks are becoming even more of a problem for all businesses. As a result, here at CT we have noticed a marked increase in the number of customers requesting a ‘dark web’ scan. Whilst some people may already know what the ‘dark web’ is, we wanted to make sure all organisations understand the security risks posed by the dark web, why the scans are important and how simple steps can be taken to prevent business data reaching the dark web in the first place.
So, what is the Dark Web?
The dark web is a ‘hidden version’ of the web you already know and use, which requires its own browser (and typically a VPN) to access. It contains a range of websites that have forums, communications tools, online stores and more, similar to how the surface net does. The dark web websites usually end in .onion. To access them, you need to download a special browser called Tor and use its associated search engine, DuckDuckGo.
However the creators and users of these sites want to remain anonymous. There are of course legitimate uses for the dark web, but its anonymity also makes it a haven for criminal activity.
The sites that most often concern businesses are those that sell stolen data, such as passwords, credit card information, social security numbers and other sensitive information. Most of the data that gets lost or stolen in data breaches ends up on dark web marketplaces where criminals can purchase it. Criminals may use this information to make fraudulent purchases, access your accounts and potentially get into your network to steal more data and cause further damage. It’s crucial that businesses, employees and consumers take steps to protect their data from ending up on the dark web.
Recently, Ticketmaster, a subsidiary of Live Nation, disclosed a major data breach, with hackers on the dark web claiming to have stolen the personal details of 560 million customers, including names, addresses, phone numbers, and partial credit card information. Santander also reported that data from approximately 30 million customers had been stolen and was being sold on the dark web by the same hacking group responsible for the Ticketmaster breach. However, they assured that UK customer data was not compromised in the attack.
How can you protect your information from the Dark Web?
Dark web scans can help see if your data is for sale. These scans check the marketplaces that the company conducting the scan is aware of, but they can’t scan the entire dark web because of its scale and the fact that there may be private exchanges between parties on the dark web that they can’t access. BUT, the sooner you find out that your information is on the dark web, the faster you can act to protect your assets and prevent any further security breaches.
1. Create a Cybersecurity Plan
Preventing a data breach starts with planning. Create a plan for assessing your cybersecurity posture, monitoring for threats and recovering should an incident occur. As part of your planning, determine which data you need to protect the most and consider which regulations you need to comply with.
2. Provide Cybersecurity Training
A significant amount of data breaches are caused by human error, so it’s critical to train your employees on cybersecurity best practices. Offer training on how to recognise phishing scams, how to effectively use passwords and how to handle sensitive data properly. Provide this training to all employees who could potentially accidentally reveal data.
3. Follow Password Best Practices
Always use best practises for passwords and be certain employees do as well. Ensure passwords are at least eight characters long and contain letters, numbers and symbols. You can also use a password manager to help you create and remember complex passwords. Consider using multi-factor authentication, which requires employees to identify themselves in more than one way before granting them access to an account or device.
4. Dispose of Unneeded Sensitive Data
Whenever you’re done with a dataset or with a device or document that contains sensitive data, be sure to dispose of it properly. Shred documents before recycling them and completely delete all data from electronic devices before getting rid of them.
5. Close Unused Accounts
If you have accounts that you’re not using and don’t plan to use in the future, close them to eliminate any risk they may carry. This includes accounts with third-party apps or services as well as user profiles on your computers and networks. If an employee leaves your company, get rid of their account to prevent them, as well as hackers, from using it.
6. Install a Firewall
A firewall monitors and controls the traffic coming into and out of your network. Installing one helps keep outsiders from accessing your network and can protect you from hackers who could steal your information and eventually put it up on the dark web.
7. Encrypt Your Data
Encrypting your data transforms it into a code so that even if a bad actor accesses the data, they won’t be able to read it. Encrypt all sensitive data and install encryption tools on all of your devices.
8. Conduct Penetration Testing
Penetration testing involves checking your network for security weaknesses so you can identify them before hackers can. Regularly conducting penetrating testing helps you to improve your security posture continually and prevents potential future attacks.
9. Monitor for Threats
Set up a system for constantly monitoring for threats using anti-virus software, anti-spyware and other monitoring tools. Continually checking for issues helps you to address them quickly, minimising damage and protecting your data.
10. Keep Everything Updated
Be sure to keep all of your software, especially your security software, updated. Software updates often contain bug fixes and security updates, so install any updates as soon as you can.
It’s crucial that you keep your own systems as secure as possible, but you also need to ensure that any third parties you work with also have proper security protocols and technologies in place, especially if these vendors have access to data about your company, employees or customers. Look for security credentials and information about companies’ data security practices.
Here at CT, we offer a range of cyber security solutions including dark web monitoring. To find out more, please contact our Sales Team.
