Is your data being sold on the Dark Web?
Did you know the internet is made up of three different layers?
The first layer is the surface web we use most days to find everything from a bargain to a place for dinner.
The second is the deep web, the level of sites that have serious passwords and encryption so they don’t show up on web searches. These are password-protected pages such as your bank login or IRD account. If someone Googles your name, your banking information or IRD number won't show up in the results.
Then there’s the dark web. This is where untraceable online activity happens, and you need specific software, configurations, or authorisation to access it. It is used by lots of different people to do things they don’t want others to see … such as buying and selling your hacked data.
Think Concepts monitors the dark web and provides a peace of mind solution which alerts us to any transactions or leaks relating to your organisation. This includes when a third party website that has your information is breached.
Our team specialise in keeping data safe. To appreciate the level of protection our dark web monitoring service offers, it is helpful to know a bit more about how cyber security works.
Who created the dark web?
Like many inventions, the dark web started as one thing and grew to become something very different.
US military researchers developed the technology, known as Tor (The Onion Router), in the mid 1990s to allow spies to stay anonymous online. As a smoke screen, they opened up The Onion Router to the general public so that it would be harder to spot messages between spies among the thousands of other things people were using the system for.
But it went a bit sideways. Tor now hosts roughly 30,000 hidden sites.
It's called The Onion Router because it uses layers of encryption to make websites anonymous. At first look you see a site, the whole onion, but if you dig into it there are several layers underneath.
Those layers make it hard to track who is behind a site and where they are located. This is ideal for those who want to operate illegally, such as people who sell your hacked data.
Is my data being sold on the dark web?
Quite possibly. The little drips of personal data leaked from every major data breach – such as your name, email, passwords, mailing address, IRD number, or driver’s licence number – end up on the dark web.
The biggest cause of concern is if your business reuses the same passwords for multiple sites.
A third-party site can get hacked, and their customer list of emails and passwords are then leaked to the Dark web. Hackers would then purchase this list and try the same email and password combination on a site that can create a transaction, like PayPal for instance.
On the surface, some of these leaks might seem relatively insignificant, but there are plenty of people ready and waiting to exploit your personal data for profit. Even worse, they may use it to help criminal operations prosper.
The dark web is where the transactions that use your data for profit happen. The most common example of this is when our personal records are packaged with the records from tens of thousands of other people and sold – like a mega mailing list.
This year, the seemingly endless parade of hacks and data breaches included several New Zealand banks and government sites, the video game Fortnite, and even Dunkin' Donuts.
The initial breach can seem like nothing but drama designed to make us change passwords. In fact, the real harm is that once your data is for sale on the dark web, it's likely to remain there for years. Data is often repackaged, resold, or re-released. So, if you're exposed once, your data will likely be used hundreds, thousands, maybe even millions of times before it's all done and dusted.
Armed with this insight, the importance of protecting your data becomes clear.
Dark Web Monitoring Services
We can help give your business peace of mind with Dark Web ID. This product scours the internet for compromised valuable and sensitive data relating to your organisations domain name and notifies us immediately before anything can be used.
We would immediately alert you to any breach of your email or domain details so that you can then take action to update your passwords before they are used to access files or information.
Why prevention is always better than the cure
Let’s look at some statistics for cyber breaches in 2020
· 94% of malware was delivered by email
· 48% of malicious email attachments are office files
· 1 in 13 web requests lead to malware
· 53% of companies had over 1,000 sensitive files open to every employee
· 61% of companies have over 500 accounts with non-expiring passwords
Looking at those statistics you can see why setting up a cyber security program for your business is so crucial.
Changing user behaviour is the best thing you can do for your business.
Our cyber security services are designed to prevent attacks through setting up protection and protocols that minimise your risk.
One of the most important parts of a robust cyber security program is to educate your staff on best practice security protocols that they should follow to minimise the opportunities for hacking and malware to your server. That’s why we also offer cyber security training so we can help you to avoid an attack by teaching your workplace to be safer through following the best security protocols.
We also offer a secure back up of your data with our Think Safe product, so whatever the cause of a data breach or data loss event we can quickly restore your data and get your system back up and running in no time at all.
If security is important to your business, give the Think Concepts team a call. We can assess your IT systems and your risk profile to create a plan that will put your mind at rest.