What is the Dark Web and Why Should I Care About it?
We hear technology professionals use the term “dark web” a lot but, what exactly is it and why should you care? The dark web is like Google and Amazon for criminals. Why should you care? Because thieves can buy anything from drugs and stolen guns, to participating in human trafficking however, one of the hottest items for sale is data. Your data, your employee’s, your customer’s and their customer’s data.
Most everyone at some point and time, has received letters from hospitals or banks notifying them that their systems were compromised and that their personal data had been stolen. This is usually followed by an offer for a full year of identity theft protection for you at the hacked company’s expense. Hooray! A whole year.
They may mention that the hackers didn’t acquire any social security numbers, that they probably only stole login credentials which often gives us a false sense of security. so, just change all your passwords and move on. Well, it’s not that simple. Did you know that the average person recycles and reuses passwords and logins simply so they don’t forget them. We’ve all done it. Because of this, hackers use tools that run algorithms that can best guess your credentials on most of your accounts. Due to the convenience of reusing passwords, the odds of someone getting into your bank accounts, charging on your credit cards, or even buying phones on your wireless account are pretty good.
Aren’t businesses required to keep our data safe?
You maybe thinking, hey I thought hospitals and banks had regulations and compliance standards to adhere to so things like this don’t happen. Well, they do, but they’re not always as protected as possible beacause hackers come up with new ways to steal every week! But you’re not doomed. There’s hope.
Here’s a few relatively inexpensive things you can do right now to protect yourself and your customers:
- Train your employees:
- Make sure they understand to never use company email or related passwords for personal use.
- Train them on the different methods of how usernames and passwords are stolen.
- Tell employees not to reuse passwords or make them similar.
- Test your employees after their training.
- Retain your training records for later reference.
- Deploy secure password management software so they don’t have to worry about remembering passwords. Use a minimum of 16 characters for your vault password. Use complexity, so include numbers, upper and lowercase letters, and alphanumeric characters. Rotate your passwords every 30 days and remember not to reuse or share passwords on any other account. Also remember that private lives often spill over to work environments, so encourage employees to use password management software on personal accounts too. Many password management programs have personal password vaults as a part of corporate subscriptions.
- Use a monitoring system to ensure emails haven’t been compromised.
- Deploy mandatory MFA Multifactor Authentication for all applications. Force the applications your staff are using to use an authenticator application with a onetime passcode. Try not to use SMS codes, but if it’s the only option available please use it. Yes, it seems like a pain however, it’s one of the best ways to keep hackers out because even if they do have your credentials, they won’t have your phone in their hand!
- Pre-emptively lock credit reports across all the credit bureaus (securely retain the PIN numbers) and temporarily unlock them when you need to use your credit. This will help automatically deny any fraudulent loans applications.
- Set up a PIN number with your cell-phone provider. The provider must have this number before they add numbers or make changes to your account.
- Routinely monitor credit card and banking accounts for fraudulent transactions. If they occur, notify the bank immediately. The more quickly that fraud is reported, the faster it can be stopped.
Remember, hackers play the long game. They can get into your systems and stay there for an average of 200 days collecting all sorts of information before doing damage like holding your data for ransom. But that’s another blog for another day.
To see if your employee’s credentials are out on the dark web, contact us for a free scan!