As a serious business owner, just hearing the term ‘dark web’ is enough for you to conjure up an array of concerning images where people engage in all sorts of illegal activities.
You go straight to the scare stories you’ve seen in the headlines and automatically assume the dark web is bad.
After all, if you’ve never ventured into the risky area that is the dark web – who wouldn’t?
The reality is though, the dark web is neither good nor bad. It's a place where all kinds of individuals and organisations, with both good and bad intentions, congregate. However, where it was originally created with security and privacy in mind, this had led to many using it as a venue for other illicit things.
If you fall into the latter category, your business, regardless of its size or nature of operations, could become a target. You have a wealth of sensitive information that could be very valuable to certain people. Indeed, stolen information, ransomware, malware, and hacking services are all hot commodities within the dark web.
While avoiding a dark web invasion is difficult at times, being aware of the threat and staying alert will help to mitigate the damage done. We discuss what the dark web is, how businesses are at risk, and some key steps you can do to stay out of trouble.
What is the dark web?
To put it simply, the dark web is a subset of the wider internet. A good way to visualise how the different layers come together is as an iceberg. For instance, on a daily basis, you and your employees will spend a substantial amount of time on the web, searching for information through search engines such as Google and Bing. This is the surface web, or sometimes known as the open web, and makes up a small 10% of the internet.
Below that, the part of the iceberg that sits below the water’s surface, is the remaining 90% called the deep web. Most people will use the deep web when they go online as this is the content that is hidden behind passwords and paywalls like company intranets and online banking.
The dark web goes beyond that, metaphorically the bottom layer of the iceberg, and is a small portion of the deep web. Unlike the surface and deep web, it cannot be accessed through regular browsers. Instead, users must install a dark web browser like TOR (The Onion Router). TOR allows users to access any site but bounces the request around multiple intermediaries, encrypting and decrypting the user's identity along the way to keep the data anonymous.
Since the content on the dark web is not searchable using standard search engine software, you must know where you want to go. Dark web directories are unreliable and most people on there don’t want to be found out by the wrong people.
The dark web business risk
As briefly mentioned, not all activity is for illegal purposes on the dark web. But ultimately, it’s not somewhere you or your employees need to be. Indeed, the number of dark web listings that could harm you organisation is growing – in 2019, a research study found that 60% of all listings could harm enterprises, and the number of those types of listings has grown by 20% since 2016.
However, even without any direct interaction with the dark web, businesses should be vigilant about the exposure. For example, information stolen from companies is often sold on the dark web: “Personally identifiable customer information such as home address and birthdays may be compromised and traded wholesale in such markets,” explains Pedram Amini, CTO of InQuest, a network security solution platform. “This includes customer account information, such as usernames and passwords.”
It is in fact a major operation with far reaching effects: “The dark web often acts as the catalyst behind corporate data breaches,” says Uzi Scheffer, CEO of SOSA, a global innovation platform. “Sensitive corporate information and digital assets are at risk. Criminals and hackers target this information, so they can steal the identities of customers and employees, as well as reveal unannounced company announcements that have the potential to sway stock value.”
Steps to take to avoid trouble with the dark web
Once data ends up on the dark web, there is not much that can be done. The best thing a business can do is be proactive and try avoid it from happening in the first place. These five tips are a good place to start when doing that.
- Prohibit staff from using TOR
Employees who access the TOR network can expose your business to potentially harmful content and/or malware. This can be particularly damaging to your network. You should provide all staff with clear guidance on ‘clean’ internet use and make sure you use software that blocks TOR and other forms of dark web browsers.
- Educate staff on security measures
We say it all the time, but we mean it: you are only as strong as your weakest link. All employees should be trained on cyber security measures, common attack methods and compliance with your business’ policies. The more knowledgeable and well-trained your staff are, the better.
- Limit employee access to data
When it comes to company data, it’s safer to operate on a need-to-know basis. This is because the fewer people that have access to sensitive client data, the less likely it is for your company to experience a breach.
- Employ comprehensive security programme
Cyber security experts say that if a company has good control over their sensitive information, it won’t end up on the dark web. Your privacy protections should be airtight and cyber security procedures need to be baked into your IT infrastructure and business processes. Moreover, efficient, and accurate security tools that monitor and detect threats in real-time are key.
- Set password protocols company-wide
Passwords are frequently traded on the dark web and criminals take advantage of the knowledge that people reuse passwords across accounts. Your business should be setting strict password protocols for all staff, and ideally clients.
Conclusion
Because the dark web doesn’t account for one direct attack on a specific company like phishing or ransomware, it’s something that is not often thought about as part of a business’ security strategy. The trouble with this is, it becomes a silent killer in today’s cyber world – a covert operation threatening to expose company secrets and harm reputations beyond repair. To fully protect your individual and business assets from all forms of threats in the cyber world today, including the dark web, it is crucial you have a comprehensive security strategy in place.
Luckily, a Managed IT Service provider such as one from within the entrust IT Group is the best way to do this. We get to know your business inside out, looking at your IT infrastructure and how secure it is, then will work closely with you to form a security strategy that fits your requirements and any industry compliance. Finally, as we have invested heavily in our business monitoring and security systems, you can rest assured everything is always up-to-date and protected.
Want to become a cyber security champion? Why not download our FREE White Paper – estimated read time 5 mins! >>
