Is the Dark Web a Threat for my Business?

In general, the Dark Web sounds scary. It is a secret place where illegal trade happens, notably guns, drugs, and other nefarious items and services. However, from a business perspective, there are valuables for sale on the dark web that could pose a direct threat…personal information. Personal information such as usernames, passwords, credit card numbers, and social insurance numbers often find their way onto the Dark Web. Then, cyber criminals can purchase that information for identity theft, fraud, and to get past an organization’s first layers of defense. If cyber security falls under your realm of responsibilities, then it is important for you to understand the Dark Web and how it can impact your business.

What is the Dark Web?

The internet is like an iceberg. Only a small portion is visible, while the majority of it is rarely seen by the common eye. The top, visible portion of the internet is the part that we all know (Google, Wikipedia, etc.). The bottom part of the internet is known as the Dark Web and it mainly houses illegal and illicit trade and activity. The Dark Web can only be accessed using special software and operates using cryptocurrency to keep buyers and sellers anonymous. It came to mainstream attention in the last decade due to the creation and subsequent shutdown of the Silk Road, the first largescale online black market.

A quick overview of how passwords on the dark web can hurt your business.

One common type of trade on the Dark Web is personal data that can be used to impersonate you or access your online accounts…especially your business accounts. When personal data makes its way to the dark web, it could put an individual or business at risk of being compromised.

How Did My Data Get on the Dark Web?

One question that comes to mind is how my data got on the Dark Web in the first place. Personal information on the Dark Web is a result of a previous data breach at another organization. For example, any personal data that was uncovered from the 2018 Facebook breach is currently available on the Dark Web. So, if you are a Facebook user whose username and password was breached, and you haven’t changed your password, it is very likely that someone else is accessing your account right now.

For a business, this can be a problem when someone uses their work email for personal accounts or a business application that was compromised. The large majority of these breaches are caused by a flaw or vulnerability that allowed access into the system or to view personal information without the company knowing. 

Also, this will be a problem if employees have poor password habits and re-use their passwords for multiple sites. Again, using the Facebook breach as an example, if an employee used their same password for Facebook that they use to access their work email, it is very likely that hackers and cyber criminals might have access to your systems.

What Do I Do If My Information is on the Dark Web?

If you believe that your personal information has been compromised, the best thing to do is change all your passwords immediately. You can also start using more proactive means of protection by using a password manager or two factor authentication. For businesses, if an employee’s email has been compromised, make sure that they change it immediately, and consider improving your security awareness training methods to focus on password security.

How Do I Know If My Personal Information is on the Dark Web?

There are several ways to check if personal information is currently for sale. One of the most popular and free methods, haveibeenpwned.com, is a great site that allows you to enter your username and see if it was part of any known breaches. Also, there are several options available for proactively scanning the dark web and alerting you if any employee data is found. This is a great proactive way to assess potential risk, and a fairly simple and affordable solution to implement.

Conclusion

In short, yes, the Dark Web can be a threat to your business if you are not taking proper precautions. Make sure you enable multifactor authentication anywhere you can, use password managers, and encourage strong password practices across your organization. You will be glad you did.

Want more information? Check out our detailed Cybersecurity page for tips, tricks, and advice for staying safe and secure.