Nobody wants their sensitive data showing up on the dark web. But now that hackers have breached so many high-profile companies and organizations—from Equifax to Uber and even government agencies—it might just be a matter of time until your information ends up for sale on those furtive websites.
What is the dark web, exactly, and why is dark web security so important to businesses and individuals alike? Here’s a look at what it is, why you should care, and how you can keep your data from falling into the wrong hands.
Take a walk on the wild side of the dark web
The dark web is the portion of the internet on the wrong side of the digital tracks—an encrypted, hidden network, where hustlers peddle pilfered Social Security numbers, stolen passports and credit cards, weapons, and drugs. Script kiddies stay up past their bedtime to score malware there, so they can pwn unsuspecting businesses. Elite hackers that have designs on your data hang out on the dark web, too. All you need to do to get there is fire up the Tor browser. From there, you can access a largely anonymous digital underworld with its own search engines and shadowy marketplaces.
As the tech podcast Note to Self reports, the dark web is closely linked with the opioid epidemic. Chances are you’ve heard of the Silk Road, a notorious and now-defunct dark web site where people could anonymously buy drugs using bitcoin and have their contraband discreetly shipped to their front door. The Silk Road caught the Feds’ attention when its customers began overdosing in record numbers, and the FBI shuttered it in 2013. Other suspicious storefronts, including the Silk Road Reloaded, have since taken its place, however, so the electronic black market is still active.
The dark web is a nexus for criminal activity, but some also consider it a safe space where dissidents and marginalized people living under repressive regimes can anonymously communicate with journalists and fellow activists without fear of reprisal or worse. In the wake of Edward Snowden’s revelations about NSA spying and the demise (for now) of net neutrality, a lot of privacy-minded folk find it useful for keeping their communications hidden from what they see as intrusive government or corporate surveillance.
Keep sensitive information off the dark web
Everyone should have the dark web on their radar now, including businesses, for one simple reason: If your data has ever been breached—which, as tech pros know, often happens without your knowledge—it might be for sale there. According to Experian, a Social Security number trades for a measly dollar, whereas passports can fetch up to a cool $2,000 apiece. Clearly, dark web security is an issue for everyone now, even those who’ve never set foot into that part of the internet.
By improving your company’s computer and data security, you can go a long way toward protecting sensitive information from getting breached and leaked onto the dark web. First off, reimagine your password policies. If your users are not already using complex, unique passwords for every site they log into (including sites they haven’t visited in a while) and updating them regularly, hackers can easily nab those credentials to sell on the dark web. Once someone buys that data, it’s easy for them to waltz into your users’ digital accounts, set up shop, and steal their identity—or even make off with business funds.
Once you’ve got rock-solid passwords in place—using a password manager generally takes the headache out of that task—consider enabling two-step verification on all user accounts. If someone tries to hijack one of those accounts, your colleague will receive an alert right away via text message. If a trusted site offers them the ability to enhance security further by using an authenticator app, like Google Authenticator, they may want to take advantage of that option, too. You can even go full Jason Bourne with biometric authentication methods, such as fingerprint scanning and facial recognition.
An ounce of device security is worth a pound of cure
As an IT pro, you can also keep sensitive company data from falling into the dark web by boosting your firm’s overall security habits. After all, the dangerous journey to this shady realm often begins with a single click on a phishing email. You can help your users get smarter about staying safe on the internet by offering regular security awareness training sessions that focus on protecting personal information.
In the event a threat gets through, it’s best to have PCs and devices that can do the hard work of catching malicious code for you. Next-generation printers, for instance, can automatically fend off malware attacks in progress, giving IT the heads-up something’s rotten. Meanwhile, PCs with built-in security features can self-heal, triggering a reboot and restoring the BIOS if malicious activity is detected. With each layer of security you add, it becomes that much harder for hackers to do their dirty work—and they might move on to easier targets.
It’s a wild digital world out there, and the scary truth is it’s incredibly easy for sensitive information to end up on the dark web. Once it does, hackers can get it for a shockingly low price and use it to steal identities, empty financial accounts, or even get some popcorn and start watching Black Mirror on your Netflix account (if that’s their thing). In many cases, though, you can increase the likelihood of successfully protecting personal information by ramping up your password policies and strengthening device security. That way, no matter what transpires on the dark web, your sensitive data won’t be a part of it.