The Dark Web: It’s the murky waters that you stumble upon if you venture too far in that big ocean, the Internet. This is where cybercriminals gather to sell, buy and trade illegal goods and services of all kinds, from scenarios that seem like a Law & Order plot line all the way to identity theft.
You know those robocalls insisting you’re far past due on your car insurance, but you always take the bus? The reason not to give out your Social Security and bank information to those scam callers is because of all the online purchases and accounts they could set up in your name afterwards. They can also, however, sell it to someone else who has their own nefarious agenda. That’s where the Dark Web comes in: These hypothetical thieves can meet up online, sell your information and part ways without leaving a trace – if they know where to go.
Don’t wait until it’s too late! Take these five tips for staying safe while you use the Internet, and start keeping your data off of the dark marketplace today.
Trust no one…
It’s convenient to let your best friend send a text for you or your coworker write a fast email from your account after they’ve shut down for the day. The problem is that even if they aren’t a direct insider threat, the more people who know your passwords, the greater the chances of a leak occurring somewhere. Even if they don’t do it maliciously, giving away your passwords create more chances to eavesdrop (either virtually or in real life) or make mistakes that threaten your cybersecurity.
Switch up passwords
It’s very common to have one password and simply change iterations to suit each account you hold. This seems the simplest way to remember your password without writing it down. However, it also leads to all of your accounts opening for compromised if even one is breached.
Let’s say that a cybercriminal hacked into your favorite rideshare app’s database and secured your account details. They then use that same username and password combo to find an online shopping account connected to a retail store or even Amazon, where they swiftly change your shipping address to send themselves items with the card you have saved. Worst case scenario, they steal all of the saved information they can locate and hock it on the Dark Web.
Regularly switch up passwords and maintain different ones for every account. A password manager such as LastPass, 1Password, NordPass or Sticky Password can keep these all safe and organized on your behalf.
Don’t Save PII to Autofill
It’s easy, when you make a lot of purchases or online orders, to allow your preferred web browser to save all that information so it can easily autofill the next time you need it. It’s a pain to enter in your shipping address and credit card information every time.
This presents a huge threat, however. Why is the practice dangerous? For starters, if your web browser is insecure then that database of private information can become compromised at any point, putting at risk all of that collected sensitive data. Even saving so much as a password is risky; cybercriminals can compromise vulnerable sites and inject code into their legitimate HTML that places invisible fields onto the website. When you click autofill, you don’t know how many invisible boxes are secreting your vulnerable credentials back to a hacker.
From a big-picture perspective, securing your network is the best way to prevent the illegal distribution of your private data. A Zero Trust framework doesn’t mean vigilance with security even around so-called confidantes; “zero trust” refers to an approach predicated on the assumption that your network is completely vulnerable and under attack. Rather than supposing your system is secured until proven otherwise, Zero Trust frameworks start in the opposite direction.
Every device, application and user needs to prove that it is safe before it may move freely within the network (inside the confines of their security clearance, of course). NIST-based assessments (those developed and evaluated by the US National Institute of Standards and Technology) can help determine whether your cybersecurity posture meets the nationally expected caliber. This is how you can assess your probable risk of becoming a cybercriminal target given the current threat landscape, and upgrade your systems accordingly.
The capabilities of AI have advanced rapidly in the past several years. The more you automate smart security tools, the lower the risk of human error. Consistent, correct procedures are the best way to guarantee positive results every time. Automation helps.
Finding what works best for the company will depend on the business, its people and the budget. This will determine whether they go with scans that check the network for unusual or unauthorized activity; Dark Web Monitoring that finds compromised data up for sale; response plans that launch the second a breach is detected; automated notifications, or any combination of the above. AI can learn from the data they’re given so as to always provide the most up-to-date threat detection capabilities, and that is an invaluable asset.
What if the worst happens, and you discover that your information has been compromised anyway? Investing in Dark Web Monitoring services can automatically and consistently scan the dark marketplace for signs of your PII, notify you immediately, and take action to scrub that information from the web ASAP.
Contact your IT team if you’re unclear what procedures to follow in the event that your organization is under attack or information becomes compromised. The sooner you take action, the less time criminals have to sell your data, and the more effective the response plan will be.