It's hard to believe that most of us have some form of our personal data exposed on the dark web. Even if we practice the best data security practices, companies that harness are getting breached on a daily basis.
We’ve all seen the commercials admonishing us that our information may be on the “dark web.”
It’s scary to think that some nameless, faceless villain from a B-grade hacker film might be out there rifling through our personal data.
And, those commercials aren’t playing on a baseless fear.
With company data breaches happening almost daily, the idea of personal information ending up on the market on the dark web is a very real concern. That concern involves individuals data, but it can also have a negative impact on businesses.
What exactly is the dark web, though? Just how big is the risk to individuals and businesses?
And, perhaps most importantly, what can you do to protect yourself and your company?
What is the Dark Web?
The Internet, as most people think of it, is really just the surface layer of the web. It’s the place where a Google or Bing search pulls up a website in your browser. The surface web is how we access our bank account, social media, and pictures of cats. Even if you don’t know the exact IP address, your browser can find what you’re looking for.
The surface web, large as it seems when you’re trying to find something specific, makes up only about 1% of the Internet’s contents. The other 99% is in the deep web.
The deep web is filled with massive volumes of data. It was originally created by the U.S. government to house data related to government concerns and trading research data. It’s also been used by people in less free societies to communicate with the outside world.
Despite these good intentions and positive uses, parts of the deep web developed a more nefarious aspect, which was dubbed the dark web.
There are a few reasons for this. For one thing, data of all types can be traded anonymously on the dark web. That includes compromised data.
For another, the sites on the dark web aren’t like the type you can access with an average web browser. They aren’t indexed, and they’re difficult to find. Users have to know the IP address they’re looking for in order to locate the data markets, which have become useful for selling drugs, credit card and social security information, and other criminal activities.
That’s not to say that the deep web itself is bad. However, the dark web does pose some serious risks.
What’s the Risk?
The biggest concern about information on the dark web relates to personal data. That’s what all of those commercials are talking about.
There’s another risk, though.
In our society, business and personal identities have a tendency to blend. We have apps on our phones that are work-related. We tend to work from home more frequently than previous generations thanks to the ease of internet access. We reuse passwords for work systems that we have already used for our social media and other personal accounts.
All of this blending of the professional and personal springs from convenience. Memorizing 20 different password and username combinations, as well as what website or system that combination belongs to, is really inconvenient.
Likewise, companies find it more convenient to use cloud-based applications than investing in software to install and monitor in-house, which means that employees are using their work emails in places that might have less protection than the company network.
By bowing to convenience, it becomes easier for unscrupulous characters to obtain personal data and market it on the dark web. Worse, that personal data is so tied into the employees’ professional lives, that it can open a window for breaches of company data.
How Do You Mitigate the Risks?
The first step is to be aware of the risk. Many smaller companies don’t even realize that the potential for breaches in this manner exists until it actually affects them.
Monitoring potential breaches is a good first step. If an employee’s personal data has been compromised, you want to find out what that data is and how much of it overlaps with the business. By knowing a problem exists, you can tighten security measures to prevent the personal data breach from growing into a business data breach.
Of course, the best method is to prevent any data compromise from occurring in the first place.
Employees should be encouraged to vary their passwords and usernames across all channels, but especially anything even remotely work-related. Even derivatives of the same password can be a weak link in the data defense.
Don’t save those passwords to an excel sheet or any other program on your computer, either.
A great step towards mitigating the risks of information ending up on the dark web is to simply be aware of where your personal data is available and stay conscious of how easy or difficult it is to access your accounts.
The deep web wasn’t created to be a safe house for criminal activity, but it gave birth to the dark web, anyway. Both personal and business data are at risk due to the blending of our personal and business identities.
A lot of vigilance and the implementation of a few best practices for personal and business passwords/usernames goes a long way to mitigating that risk.