Why Dark Web Monitoring is Smart for Your Small Business

Learn what Dark Web monitoring for business can do, what it can’t do, and how to keep your data off the Dark Web to begin with.

Is your company’s sensitive data for sale on the dark web? The information hackers need to access your IT network, financial accounts, or even your customers’ data could be out there. Fortunately, effective dark web monitoring allows you to uncover potential risks and take action before it’s too late.

What is the Dark Web?

The dark web is a sublayer of the internet that isn’t visible to standard web browsers such as Google and Bing. Cybercriminals use the dark web to sell stolen data, including credentials (such as user IDs and passwords) that unlock your business’s IT network and financial accounts. 

The anonymous nature of the dark web makes it a magnet for illegal activity. But it’s used for legal activities, too. You can find chatrooms, games, email, Facebook-like social media platforms, and other places where you may legitimately wish to keep your identity private. 

Journalists, law enforcement officials, and others use the dark web to protect sources and securely exchange sensitive information. 

But far more of the dark web consists of sites devoted to crime, including data theft aimed at company IT networks.

Typical dark web hubs of criminal activity include: 

  • Hacker community forums and chatrooms where cyber thieves trade tools and methods used to steal data, and to report software vulnerabilities.
  • Data auction sites.
  • Peer-to-peer file sharing programs or networks for exchanging stolen data.
  • Command-and-control servers that harvest data through malware and botnets.

Read VPN Overview’s report on typical dark web data theft sites if you want insights into what the standard cost for specific compromised data is worth, such as:

  • Full identities
  • PayPal transfers
  • Bank cards
  • Stock tips 

What Makes the Dark Web “Dark?”

Unlike the regular web (i.e., The “surface web”), the dark web isn’t indexed by standard search engines such as Google. 

Every machine that accesses the surface web has a unique IP (Internet Protocol) address that’s registered to a specific user, and kept in a central index that’s something like an immense phone book. 

For example, let’s say you use your PC to enter “Minneapolis plumbers” into Google. That search is routed through a number of web servers to return a list of local plumbers to your PC. 

Anyone with the basic know-how to track your search could do it easily, and see the IP addresses of your machine and all the web servers that routed your search. 

On the dark web, however, the users – and the servers that host a universe of encrypted networks – are anonymous. The dark web can still be searched, but the search can’t be tracked easily, if at all.  

Also, dark web users generally use cryptocurrency like Bitcoin for purchases, which can make these transactions difficult or impossible to trace. 

What Type of Company Data Can Wind Up on the Dark Web?

The most potentially damaging types of data that may be harvested from your company for sale on the dark web include: 

Online account credentials

Online account credentials, including the user ID and password for email, banking, and third-party services such as PayPal, DropBox, Mailchimp, etc.

Network credentials

Network credentials (e.g., user ID and password for your business’s IT network access) including administrative accounts that really give hackers the keys to your kingdom.

Customer data

Customer data including credit card, bank account and routing numbers, identity (e.g., name, address, phone, social security number, social media accounts, etc.), and more.

Employee data

Employee data such as your HR records, 401(k) and bank account information, and everything listed above under “customer data.”

Proprietary information

Proprietary information your company’s competitors or other bad actors might profit from by copying or compromising your products/services.

Vulnerabilities

Vulnerabilities that hackers have already discovered in your IT network but may not have exploited yet.

How Do Criminals Harvest Company Data for the Dark Web?

Any type of data breach can result in your firm’s data landing on the dark web, including those caused by: 

  • Outdated and/or unpatched software
  • Malware (often installed via phishing emails)
  • Insider fraud
  • Loss or theft of a company device
  • Human error, including weak passwords
Common ways your data can be breached on the dark web

One of the most common ways your data can be breached is when employees login to third-party providers.  

Example

When your employees use their work email on websites like those shown below, they’re at risk of having these emails and passwords exposed in a data breach, or actually used to create a data breach.

9 Ways Your Employees’ Work Credentials Can Lead to a Breach

HR and Payroll: ADP, Paychex, Ceridian  

Email Services: Microsoft Office 365, Yahoo!, Mail  

Customer Relationship Management (CRM): Salesforce, HubSpot, Zoho  

Travel Services: Expedia, Travelocity, Orbitz, Fastbook  

Communications: Verizon, AT&T, Adobe, T-Mobile  

E-Commerce: Amazon, Staples, Office Depot, eBay  

Banking and Finance: Intuit QuickBooks, Freshdesk, Bank of America  

Collaboration: Dropbox, Box, Citrix  

Social Media: Facebook, LinkedIn, Twitter, Instagram

What is Dark Web Monitoring?

Can you monitor the dark web’s stolen data markets yourself for data tied to your firm? I do not recommend doing it yourself. The hacker communities know how to detect amateur detectives – and how to make them pay an even higher price for poking around.  

Instead, work with a firm that specializes in dark web monitoring for SMBs, such as ID Agent

ID Agent can do an initial dark web search for data from your company, such as compromised company email addresses and passwords, and then update you whenever new comprises are detected. 

If you use an IT managed services firm such as Teal, that firm can handle the dark web reports from providers like ID Agent for you, and alert you when necessary. 

Can you get Your Company’s Data off the Dark Web?

Chances are, if you find your company’s data in one place on the dark web, it’s been shared and stored on multiple servers. Unfortunately, monitoring tools can’t remove your data from the dark web; however, they can tell you it’s there. 

Based on the type and location of your data that’s found on the dark web, you can get valuable clues about how it got there. That can be a strong wake-up call about how to prevent further breaches. 

Can you get Your Company’s Data off the Dark Web?

Human error is the most common cause of data breaches. Hackers often succeed only because employees don’t follow basic cyber hygiene.

So, here’s what you need to do to make it more difficult for the bad guys to target your business.

3 Ways to Keep Your Data off the Dark Web

1. Regular Cybersecurity Training 

This should include phishing training, because phishing and other email compromise attacks are the most prominent method for cyber thieves to sidestep your firewall and other network protections.

To be effective, cybersecurity training needs to be provided more than once per year.

How to Create a Cybersecurity Awareness Training Program Ebook

Learn how to implement an engaging and successful cybersecurity awareness training program.

2. Use a Password Manager

Weak passwords are among the most common data for sale on the dark web. Especially those that employees use on multiple sites like the third-party sites listed in the section 9 Ways Your Employees’ Work Credentials Can Lead to a Breach.

Use a password manager such as LastPass to create strong, unique passwords for every site.

Related content: Password security to avoid breaches.

3. Enable two-factor authentication (2FA)

2FA adds a second layer of security to passwords, to make it more difficult for attackers to gain access to a network or a device.

Example

In addition to entering a password on a laptop, a user needs to enter a code that is texted to the user’s cell phone, or provided by an app. 

Make sure you protect your email account with 2FA. Microsoft 365 supports this. Plus, audit your online accounts and turn on 2FA for any that support it.

Get a Sophisticated Cybersecurity Assessment

Beyond these three cyber hygiene practices, you should have your complete IT system reviewed by cybersecurity experts with experience serving small to mid-sized companies. That’s my line of work, of course, so while this is a self-serving recommendation, it’s the truth. 

System-level protections, such as antivirus/malware installation, firewalls, and VPNs, should be handled professionally and updated regularly. 

Human error and hackers can still circumvent these protections – even at the biggest and best-protected companies. But the key is to make it harder for the bad guys to do their dirty work, so they just move along to easier prey. 

I’m not trying to add to the litany of fears we have as business owners. Instead, I’m hoping this basic roadmap of dark web threats will help you make informed decisions about how to protect your data, IT systems, and clients from these threats. 

If you’re a small- or medium-sized business leader looking to enhance your security, Teal can help. Contact us today to discuss how we can take your cybersecurity program to the next level.

Latest Teal News

Subscribe to Our Newsletter

Join Teal Exclusive now to be notified of the latest news, tech tips, and more.

Recent Articles
Categories
Don’t Stop Here

More To Explore

Developer, man and programmer code on computer screen with cybersecurity hologram, analytics and seo or working at night. Technology, coding and hacker on dark software, safety and iot password

MDR for Small Business: Why Your SMB Needs a SOC 

Getting cybersecurity buy-in from small to midsized-business (SMB) executives can often feel like trying to reboot a server that’s locked in a perpetual loop – stubborn and unyielding. But to

Local vs cloud backup

Cloud vs Local Backup: SMB Advantages & Disadvantages

In today’s digital age, data is everything. Even for small and medium-sized businesses (SMBs). Data enables digitally transformed SMBs to drive growth, increase productivity, and maintain a competitive edge. However,