The Dark Web is Scary (But It Doesn’t Have to Be)

It’s easy for employees to reuse passwords just to make things easier for themselves; after all, why use different passwords when you have a dozen accounts to remember passwords for? Unfortunately, this habit will come back to bite you, especially if your business is ever involved in a data breach. These credentials could be put up for sale on the dark web… and that’s just the beginning of your problems.

Explaining the Dark Web

Before we touch on the dark web, you first need to understand how the Internet works.

The Internet is an Iceberg…

In reality, the Internet itself is made up of two (or two and a half) parts:

• The Surface Web - This is the part of the Internet accessible by search engines without login or payment, and it only accounts for about 5-10% of the Internet as a whole.
• The Deep Web - The deep web encompasses all the parts of the Internet that cannot be searched for or accessed without a login or payment. This includes employee inboxes, account pages, internal company sites, and private or protected pages. This makes up about 90-95% of the entire Internet.
• The Dark Web - Then you have the dark web, which is technically part of the deep web. It’s accessed through a specific web browser designed for anonymity. Most of the activities possible on the dark web are illegal, like the sale of contraband, illicit services, and stolen goods, but it’s also ideal for sharing and selling information. Activists, whistleblowers, and journalists, for example, might use it to get the word out about something that they would never be able to share otherwise.

Hackers Love the Anonymous Nature of the Internet

The big thing we’re focusing on in regards to the dark web, however, is that it’s the ideal vehicle for hackers to peddle stolen data—including your data, if you’re so unlucky.

Returning to the previous example of employees reusing passwords, let’s walk through how the process works:

• The credentials are stolen during a data breach; this could have nothing to do with your own defenses and instead be an issue with your provider’s security methods.
• The hacker takes all of the credentials and puts them up for sale in bulk on the dark web in exchange for cryptocurrency, all to mask their identity.
• Other hackers can purchase these credentials and try them out on various websites, including common business apps and social media services.

It’s not so difficult to imagine how many accounts could be devastated by such an occurrence; especially when you consider that the credentials need not be stolen from the individual outright.

Credential-Stuffing and Why You Need to Worry About It

There’s also credential stuffing, which is basically just throwing a bunch of credentials at various websites to see which ones work (and where). A hacker can do this through automated services that can input credentials into thousands of websites, email platforms, banking accounts, and business software like your customer relationship management platform.

This is why it’s so scary for those who routinely use the same passwords for all their different accounts and services; you’re just one bad day away from a data breach disaster.

A Little Warning Goes a Long Way

Hopefully, you never end up in this situation in the first place, but as things go in cybersecurity, you focus on what you can control and prepare for what you can’t. You’ll want to be notified somehow if your usernames or passwords end up on the dark web, which affords you time to address the issue in advance of the credentials actually being exploited. You can accomplish this through dark web monitoring services.

We have tools that can help us keep tabs on the dark web for signs of your company’s email address domains, for example. We can then notify you so you can have the employee take appropriate action to change their passwords.

It’s important to note that this is not password recovery—we cannot take your data off the dark web—but we can warn you ahead of time that a breach is imminent if you don’t take action now.

The Dark Web is a Danger to Your Business

If the dark web has you worried, know that JensenIT can help. We’ll make sure your business isn’t taken advantage of by hackers. To learn more about our proactive monitoring services, contact us at (847) 803-0044.