Nobody wants their sensitive data showing up on the dark web. But now that hackers have breached so many high-profile companies and organisations—including Equifax, Uber, and even government agencies—it might just be a matter of time until your information ends up for sale on those furtive websites.
What is the dark web, exactly, and why is dark web security so important to businesses and individuals alike? Here’s a look at what it is, why you should care, and how you can keep your data from falling into the wrong hands.
The dark web: The dark side of reality
The dark web is the portion of the internet on the wrong side of the digital tracks—an encrypted, hidden network where hustlers peddle pilfered Social Security numbers, stolen passports and credit cards, weapons, and drugs. Script kiddies stay up past their bedtime to score malware there so they can “pwn” (leetspeak for dominate) unsuspecting businesses.
Elite hackers that have designs on your data hang out on the dark web, too. All you need to do to get there is fire up the Tor browser. From there, you can access a largely anonymous digital underworld with its own search engines and shadowy marketplaces.
As the tech podcast Note to Self reports, the dark web is also closely linked with the opioid epidemic. Chances are, you’ve heard of the Silk Road—a notorious and now-defunct dark website where people could anonymously buy drugs using bitcoin and have their contraband discreetly shipped to their front door. The Silk Road caught the Feds’ attention when its customers began overdosing in record numbers, and the FBI shuttered it in 2013. Other suspicious storefronts have taken its place, including the Silk Road Reloaded, and the electronic black market remains active.
The dark web is a nexus for criminal activity, but some also consider it a safe space where dissidents and marginalised people living under repressive regimes can anonymously communicate with journalists and fellow activists without fear of reprisal or worse.
In the wake of Edward Snowden’s revelations about the U.S.’s NSA spying, a lot of privacy-minded folk find it useful for keeping their communications hidden from what they see as intrusive government or corporate surveillance.
Protect yourself from dark web dangers
Everyone should have the dark web on their radar, including businesses. And there’s one simple reason for this: if your data has ever been breached—which tech pros know often happens without your knowledge—it might be for sale there.
According to Experian, a Social Security number trades for a measly dollar, whereas passports can fetch up to a cool $2,000 a piece. Clearly, dark web security is an issue for everyone, even those who’ve never set foot into that part of the internet.
By improving your company’s computer and data security, you can go a long way toward protecting sensitive information from getting breached and leaked onto the dark web. First off, reimagine your password policies. If your users are not already using complex, unique passwords for every site they log into and updating them regularly—including sites they haven’t visited in a while—hackers can easily nab those credentials to sell on the dark web. Once someone buys that data, it’s easy for them to waltz into your users’ digital accounts, set up shop, steal their identity, and maybe even make off with business funds.
Once you’ve got rock-solid passwords in place (note: using a password manager generally takes the headache out of this task), consider enabling two-step verification on all user accounts. If someone tries to hijack one of those accounts, your colleague will receive an alert right away via text message. If a trusted site offers them the ability to enhance security further by using an authenticator app, such as Google Authenticator, they may want to take advantage of that option, too. You can even go one step further with biometric authentication methods, such as fingerprint scanning and facial recognition.
Tight security is worth its weight in gold
As an IT pro, you can also keep sensitive company data from falling into the dark web by boosting your firm’s overall security habits. After all, the dangerous journey to this shady realm often begins with a single click on a phishing email. You can help your users get smarter about staying safe on the internet by offering regular security awareness training sessions that focus on protecting personal information.
In the event a threat gets through, it’s best to have PCs and devices that can do the hard work of catching malicious code for you. Next-generation printers, for instance, can automatically fend off malware attacks in progress and quickly alert IT that something is awry.
Meanwhile, PCs with built-in security features can self-heal, triggering a reboot and restoring the BIOS if malicious activity is detected. With each layer of security you add, it becomes that much harder for hackers to do their dirty work.
It’s a wild digital world out there, and the scary truth is, it’s incredibly easy for sensitive information to end up on the dark web. Once it does, hackers can get it for a shockingly low price and use it to steal identities, empty financial accounts, or even get some popcorn and start watching Black Mirror on your Netflix account (if that’s their thing). In many cases, though, you can increase the likelihood of successfully protecting personal information by ramping up your password policies and strengthening device security. That way, no matter what transpires on the dark web, your sensitive data won’t be a part of it.