The dark web gained worldwide attention when Ross Ulbrict was convicted for the sale of illegal drugs and illicit goods on his dark web site, Silk Road, in 2015.
Since then, the dark web has become synonymous with the black mark of the Internet Age.
Although the dark web is notorious for facilitating illegal activity, its impact extends to law-abiding citizens and legitimate businesses.
To better understand how the dark web might impact your business, it helps to answer:
- What is the dark web?
- What type of business information is on the dark web?
- What can be done with information found on the dark web?
- How can you protect your business against dark web threats?
What is the dark web?
The dark web is a segment of the World Wide Web that requires special software, configurations, or authorization to access.
In other words, you can’t open up a typical web browser and start surfing the dark web.
As the black market for the Internet Age, it’s no surprise that the dark web is a popular platform for the illegal sale and purchase of drugs, arms, stolen goods, and other unlawful transactions.
But, it’s also the number one place hackers go to sell stolen information from businesses and individuals. The data for sale on the dark web is an increasing threat to your business and customers.
What type of business information is available on the dark web?
“While scanning the deep and dark web for stolen, leaked or lost data, 4iQ discovered a single file with a database of 1.4 billion clear text credentials–the largest aggregate database found in the dark web to date.”
The database included plain text combinations of usernames and passwords along with the associated login site.
This type of information being exposed is typically the result of a data breach, like the breach suffered by Target in 2013. As a result of this massive data breach Target was forced to pay 18.5 million dollars in settlements.
If one of your business names and passwords was included on this list, a hacker could easily access one of your online business accounts, and make decisions without your permission.
This increasingly popular type of criminal activity is called business identity theft.
Imagine what an unauthorized user could accomplish with your credentials for online bank accounts, credit cards, accounting platforms, or government sites.
The damage could be major and quickly executed.
Private Business Information
Data available on the dark web isn’t limited to login credentials. Hackers constantly scour the web for private information that might have a value on the dark web’s black market.
Experian recently reported the market value for various types of private information on the dark web:
- Social security number: $1
- Online payment services login information: $20 – $200
- Credit card/debit card number: $5 – $110
- Driver’s license: $20
- Loyalty accounts: $20
- Non-financial institution logins: $1
- Diplomas: $100 – $400
- Passports: $1000 – $2000
- Subscription services: $1 – $10
- Medical records: $1 – $1000
Login information obviously allows someone to get into one of your accounts and transfer money or other assets.
Personal data; such as a social security number, drivers license, and diploma; require more work for a hacker to damage your business. Once the hacker aggregates enough information about you or your business, the damage can be devastating and difficult to undo.
What can be done with information found on the dark web?
When you opened a bank account for your business or applied for a loan, what type of personal data did the financial institution require?
Your personal name, business name, address, and tax ID were obviously required. But, most of that information is public.
Scan the Experian list above. When you opened a bank account, you likely provided your social security number and Driver’s license number so the bank could verify your identity.
When a criminal combines publicly available information about you and your business with information potentially available on the dark web, the criminal can start to impersonate you and your business.
Much of the application process, if not the entire process, took place online. A bad actor could easily take out a loan in your name and direct the funds to his or her own account without you ever finding out.
After the loan funds are directed to the hacker’s account, the bills for loan payments will come to you and your business. If you don’t make the payments, you will receive default notices.
Eventually, your business credit is crushed, and you are left with the debt.
This is only one example of harmful events that can result from business identity theft. It all started from your private business information showing up on the dark web.
What should you do to protect yourself?
Some business owners question the likelihood of their personal or business data ending up for sale on the dark web.
Unfortunately, the question isn’t if your data will end up on the dark web, it’s when your data will end up on the dark web.
A recent study by OWL Cybersecurity found that every single Fortune 500 company had exposure on the dark web.
Since dark web exposure is a given risk of doing business in the modern market, monitor your exposure, and proactively respond to threats.
Conduct a risk assessment
Protecting your business starts with understanding your vulnerabilities. Not many small businesses have an IT department, let alone a cyber-security expert. If you are one of these businesses, you can still conduct a basic risk assessment. Maryville University suggests a four or five step risk assessment:
- Determine the scope of your IT system: How many devices connect to your network/Internet? What type of sensitive data are collected and/or stored on such devices?
- Evaluate potential threats: hackers are obvious threats, but also consider unhappy employees/ex-employees and threats that might arise from human error.
- Review access: Who within your company can access and control devices? Who has administrative and user access to your network?
- Likelihood and risk potential: Determining the likelihood of a security breach and the full risk might be too complicated for you to determine on your own. However, if you complete steps 1-3, you can consult someone on a limited basis to assist with step 4.
Dark Web Monitors For Small Business
Many companies now offer dark web monitoring as one feature of their larger financial or cybersecurity monitoring solutions.
For example, Quickbooks Detect & Defend monitors dark websites, chat rooms and forums for your sensitive business information.
Such monitors typically operate in three stages. First, they determine the information considered sensitive to your business.
Second, automated software scours the dark web for occurrences of your sensitive information.
Finally, when your information is discovered, the service alerts you to the discovery and offers best practices for resolutions.
Because the dark web operates through parties who intentionally remain anonymous, monitoring won’t stop or eliminate the existence of your sensitive business data on the dark web.
However, when you know that your data has appeared on the dark web, you can take proactive steps to eliminate its use in the legitimate marketplace (e.g. change credit cards, change passwords, etc.).
In addition to monitoring the dark web, it’s also a good practice to subscribe to a credit monitoring service.
Credit monitors typically alert you in two instances.
First, they alert you any time your credit is checked.
Second, they alert you when your business credit score changes.
Before granting a loan, the bank will conduct a business credit check. If you did not authorize the credit check, a credit check monitor will alert you so you can review the request. Hopefully, you can stop the loan process.
Some suggest freezing your credit score as a best practice. This disallows anyone to check your credit. When you need to have your credit score checked, you can temporarily unfreeze it, and refreeze upon completion.
The dark web: where a criminal’s gain is your loss
The dark web is an area of the web that most of us will never visit. Although it was traditionally associated with drug trafficking and illegal activity, your private business data is now a valuable commodity on the dark web.
Because everyone’s data is vulnerable, you should become familiar with your potential exposure. Consider monitoring services, and set a plan to proactively respond in the event your data appears on the dark web.