With all the talk lately about AI and how it may open the door for bad actors, it’s easy to overlook a hidden part of the internet that’s been a haven for hackers for more than 20 years. The Dark Web thrives on anonymity, and it’s the perfect marketplace for cybercriminals looking to sell or buy stolen business passwords, Social Security numbers and other information.
Criminal activities on the Dark Web have contributed to alarming cybercriminal statistics across the globe. Sadly, the influx of AI has opened new avenues for hackers who collaborate on anonymous Dark Web forums about how to use AI for nefarious purposes.
But there are measures you can take to protect your company’s digital assets and sensitive data. Our IT experts gathered these helpful tips and insights.
Display Our Cybersecurity Tips for Employees Infographic in Your Office!
How to Know if My Information is On the Dark Web
First things first, you need to determine if your personal or company’s email, passwords, credit card numbers or other sensitive personal information is on the Dark Web. Thankfully, there are ways to find out without having to venture into the darkness yourself or scour nefarious search engines.
A Dark Web scan or monitoring service will look for your data on key Dark Web services in real-time. They’ll report back to you on what they found, if anything.
Note that a Dark Web scan does NOT automatically remove your compromised information from the Dark Web. It simply alerts you that the information is out there. There is no Dark Web manager to call to request its removal; it’s up to you to take action from there.
RELATED ARTICLE: Is Outdated Business Technology a Security Risk?
What to Do if Information is On Dark Web
Did your scan reveal that some of your private information made its way to the Dark Web? Time for damage control.
Step one is to change your passwords. Create new passwords for your email and any compromised accounts. And make sure you’re not using your old, stolen password; it’s also a good idea to change your security questions for the compromised account.
Alert the appropriate people depending on what has been stolen. For businesses, alert your IT department or technology services provider to take corrective actions. Then…
- For credit card or bank account numbers, contact your credit card issuer or lender. They will help you close the compromised account and open a new one. You may also want to issue a credit freeze until the issues are resolved
- For a driver’s license or passport, contact your Department of Motor Vehicles or the U.S. State Department, respectively
- For Social Security numbers, report it to the Social Security Administration and the Internal Revenue Service right away
How to Get Email Off Dark Web
Did your Dark Web scan show your email address is for sale? You’re probably thinking: “It’s just my email address and lots of people already know it. Why worry?” Actually, it’s a big deal for three reasons.
- If a hacker knows your email address, it’s that much easier for them to break into your account and snoop on the sensitive data within.
- A hacker can spoof your email account, tricking others into thinking they’re receiving messages from you. This is a common phishing attack scam that could put your contacts in harm’s way.
- Many business professionals use their email addresses as their user IDs for logging into online accounts. Armed with your email address, a hacker can crack your logins and start messing around in your accounts, putting your business at risk.
If your email address is your user ID for any online accounts, change your ID and passwords right away. And if you notice spoofed emails coming from your address, alert your email provider and IT department. If any of your personal data or business information appears on the Dark Web – even something as seemingly harmless as an email account – always take it seriously.
All that said, once your email is on the Dark Web, you likely can’t take it off. However, that doesn't mean you can't take steps to prevent someone from gaining access to your accounts. That’s why it’s so important to update passwords and take the additional steps noted above.
Better yet, here are some tips to try to prevent it from happening in the first place.
Tips to Keep Your Business Data Off the Dark Web
It’s a lot easier and less stressful to not have your data stolen in the first place. Taking these proactive IT precautions can help you keep sensitive information out of the hands of hackers and off the Dark Web.
Avoid public or unsecured Wi-Fi. These networks are dangerous because there’s nothing stopping a hacker from breaking into them. A bad guy can easily see what sites your employees visit and what login credentials they use to access accounts.
Use a password manager. Every one of your business accounts should have a unique, complex password. A free password manager stores all of those passwords for you so you don’t have to remember them all. It’s a simple, streamlined way to protect your passwords and the accounts they access.
Use two-factor authentication. Always. This simple additional step between entering your login credentials and accessing your accounts typically involves entering a code texted to your phone or using your fingerprint. Enabling two-factor authentication means a password alone isn’t enough to access your account, so even if a password falls into the wrong hands, a hacker can’t get in.
Make a garbage email account. Create a separate email address to use when logging in to unimportant accounts. If one of these less important sites experiences a data breach, your primary email won’t be the one floating around on the Dark Web. You can simply scrap your secondary account and make a new one.
Monitor your credit. Don’t wait to find out about a data breach on the news. Regularly check your credit reports with credit bureaus for suspicious activity. Doing so can tip you off to identify theft before the damage becomes too severe.
Use AI for the good. Even though AI may be used by hackers on the Dark Web, it can also be used by IT professionals to help scan the web for unauthorized data.
Regularly monitoring your accounts for potential Dark Web activity is a cybersecurity best practice that shouldn’t be put on the back burner. To get an idea of how your business is doing overall when it comes to online security, take our free, online Cybersecurity Risk Assessment. Answer 15 questions to see your results. Once you’re done, reach out to us to learn how to improve your score.
At Elevity, we leverage the latest cybersecurity technology and use a step-by-step 4S approach to mitigate and respond to risks. Let us help your organization take the necessary steps to secure your systems.