How to protect your company’s sensitive information from being traded on the dark web

Did you know that your employee identity or customer details can be illegally sold  for as little as £7 to £10?

Businesses may or may not have heard the phrase “dark web”, and even if they have, it may be difficult to understand what it is and what it can mean to their business. In today’s digital world, online interactions have increased tenfold with digital payment systems, online databases with sensitive information, personal identities and digital corporate information. It has led to an explosion of digital crime with hackers stealing sensitive data and selling them on the dark web.

The three levels of the Internet:

Level 1 – Surface Web: The surface web is accessible by all and is what we all know as the internet. The surface web represents about 4% of the internet. Surface web is also known as the public web which is anything that can be indexed by a search engine like Google, Bing, etc. Online shopping, sharing posts in social media, searching for information, etc. are all part of the surface web.

Level 2 – Deep Web: Deep occupies around 93% of the internet. Internal company sites, intranets, databases, members-only websites are examples of the deep web. These sites are not indexed in search engines, i.e. they won’t show up in searches unless either you are connected to your company’s network or you know the web address and have access to it.

Level 3 – Dark Web: 3% of the internet belongs to the dark web. It is intentionally hidden and is inaccessible through regular web browsers. Multiple layers of encryption and security help it in maintaining its anonymity. It is the go-to place for large scale illegal activities and online crimes.

Why should SMEs be Wary about Dark Web?

Criminal activities on the dark web can directly affect your business. For example, your customer data, employee information or other sensitive information can be stolen and sold.

Recently security specialists at m3 Networks recently uncovered alarming results from research investigating more than 600 businesses which are members of Dundee and Angus Chamber of Commerce. Almost 24,000 security breaches with an average of 39 per company were found on the dark web – over 57% of all these businesses appeared on the dark web with breached credentials.

How can SME’s Protect themselves from the Dark Web?

  1. Ban employees from using TOR: Don’t allow employees to access the TOR network; they can easily expose your business to malware. TOR is the most common software client used to access the dark web. Provide clear and strict employee guidance on how to cleanly use the internet.
  2. Train employees on security protocols: Cyber security experts always advise that employee error plays a major role in a successful cyber-attack. The fact that most businesses are unaware of the dark web is argument enough that additional training on IT security is essential. This will help increase employee awareness about cyber security measures and compliance so that they follow your businesses security protocols.
  3. Treat passwords carefully: Don’t use the same password for multiple accounts. Creating a strong password is best practice as well as storing these with a reputable password manager such as LastPass or OnePass – but this is not a guarantee. You could have the strongest password but if your business does not protect it in a secure format then it could be stolen. Knowing your password has been breached as soon as possible is critical so you can change it in all the locations it has been used. Or it WILL be used against you.
  4. Limit employee access to sensitive information: Many SMEs cannot differentiate between sensitive data and publicly accessible information thereby offering a much larger possible attack surface. Limiting employee access to sensitive data can limit a cybercrime incident. Therefore, it is advisable to restrict access to sensitive data on a need to know basis.
  5. Take help from dark web monitoring experts: At m3 Networks, we offer dark web monitoring services to alert when a business has been compromised so that passwords can be changed quickly. We have tools that can trawl more than 600,000 forums and websites on the dark web.

We also offer a suite of other security services such as security awareness training, penetration testing,  real-time network and security event monitoring, incident response and virtual CISO services, amongst others

Our technical director Mark Lamb recently gave an interview on the dark web to The Courier “Personal details of thousands of workers from Tayside firms being sold on dark web”. Follow the link to learn more about our investigation and what Mark Lamb’s recommendations are for enterprises.