Is your data for sale on The Dark Web?

Most of us use the Internet many times a day, for both business and personal use. We have become very used to supplying whatever information is required, in order to access prod-ucts and services. This means more companies than ever hold information about individu-als, businesses and their clients.

The data protection legislation, brought into force last year, regulates how data is handled and stored, but this alone will not prevent a data breach. Many business owners are familiar with advice around cyber security (e.g. protecting passwords), but bury their heads in the sand, or convince themselves that it won’t happen to them. Statistically, over 50% of them will be wrong.

Consequences of a breach

When a business suffers a security breach, the motive is usually to steal money or to cause chaos to the business infrastructure. Both scenarios can be costly to mop-up, and cause damage to reputation, but unfortunately this may be just the beginning of the problem.

If a business is hacked, it is highly likely that the data will be sold on the dark web. Be that data that you are holding or passwords or other details that a supplier or service you use may be holding on your behalf.

This means that further breaches / attacks may well follow, as cyber criminals trawl the dark web for the data needed to commit identity theft. If sensitive data belonging to your cus-tomers is compromised, they may lose faith in your organisation, and choose to do busi-ness with your competitors instead.

So what is the dark web?

It is the collective term used for websites where the identity of both host and user are hid-den, usually via encryption. This gives the necessary anonymity for criminals to buy and sell data for improper use, often using Bitcoin for the transaction, as crypto-currency is notori-ously difficult to trace.

Data can be purchased via the dark web, at alarmingly low-cost, making it easy for criminals to source all the information needed to commit further acts of cyber crime. The cost to a business, however, can be huge – in the form of reputational damage, and fines imposed – should they be deemed negligent.

Assessing compromised data

There are a number of websites that enable users to establish whether their data is available on the dark web, for example https://haveibeenpwned.com. However, these will only offer any insight into how the data was obtained if exposed as part of a well publicised compro-mise, not by whom, or for what purpose.

As is so often the case, prevention is much better than cure. Taking the time to identify any weak spots in your security, preferably with expert help, will enable you to build better de-fenses against an attack.

Prevention via Education

Educating staff members is key, as up to 90% of breaches are initiated by a rogue email containing a seemingly genuine link. Once a member of staff has been tricked into clicking on the link, the cat is out of the bag – so to speak.

Training staff to recognise a potentially fake email (and think twice before following click-thru instructions) can therefore be a positive step in protecting against data being accessed and sold via the dark web.

Pro Drive helps businesses to protect themselves against attack by providing expert advice and effective security solutions, tailored to your business. We also run regular cyber security workshops. To find out more, click here, or call our Sales Team on 0330 124 3599 to find out more.