The one constant in the IT world is change. So it should come as no surprise that a new threat has emerged in recent years to compromise your business's security, steal your sensitive data, or even put you out of business.

No, this isn't a new virus or malware threat. It's an entire network of websites where identities, passwords, credit card information and corporate secrets are sold to the highest bidder. It's the home of hackers, thieves and criminals seeking privacy for illicit activity. It's called the Dark Web.

Whether you're aware of its presence or not, the Dark Web poses a grave threat to every business. Here's what you need to know to minimize your risks and avoid becoming the next Dark Web statistic.

What Is the Dark Web & How Does It Work?

The Dark Web, also known as the darknet, is a network of websites that contain encrypted content. This network of sites is only accessible through the use of secure browsing tools, like Tor.

Tor stands for The Onion Router, a package of open-source security applications that were created to work with a customized version of the Mozilla Firefox browser. Tor is compatible with all major operating systems including Windows, Mac OS X, and Linux.

The main function of the software is to encrypt user traffic and pass the IP address of the user through a complex set of nodes or layers. These onion-like layers serve to protect a user's anonymity.

 

Sites on the Dark Web range from informative, wiki-like pages and forums to blogs and even e-commerce sites. These sites function much like sites found on the traditional internet (also called the clearnet), with one crucial exception. Everything on the Dark Web is almost completely anonymous and not governed by any central authority.

Unfortunately, the encrypted, anonymous environment of the Dark Web encourages criminal activity. Made up of approximately 100,000 websites at any given time, the Dark Web has become one of the world's largest black markets where anything from human organs and guns, to illegal drugs and stolen credit card information is for sale to the highest bidder.

Who Uses the Dark Web and Why?

While the Dark Web has a well-earned reputation for scams and illicit activity, criminals are not the only users of this encrypted network.

Journalists use the Dark Web to share information or receive tips from anonymous whistle blowers. The anonymous nature of the Dark Web makes it possible for many who are in danger to tell their stories or provide vital information that can help investigators solve a crime or journalists to break a story.

According to Lifewire, "The New York Times has a secure lockbox on the Dark Web that people can send files to anonymously. It's [the dark web] becoming a haven for those who need to share information safely."

The Dark Web is also home to those who value privacy. So much of the traditional internet is tracked and monitored by advertisers, that many use the Dark Web to escape the endless deluge of ads and tracking cookies. In fact, Facebook's Dark Web site receives over 1,000,000 visits each month from users who are concerned about privacy.

The FBI and other government agencies use the Dark Web to monitor illicit activity. In fact, the most famous Dark Web market, Silk Road, was brought down by the FBI in 2013. Silk Road was a haven for criminals, where buyers and sellers met to conduct anonymous transactions for drugs, guns, human beings, stolen identities, credit card information, and malicious software. Since the demise of Silk Road, many other illicit vendors have popped up on the Dark Web to take their place.

Why the Dark Web Puts Businesses at Risk

While you may have heard about the Dark Web in the news, you probably haven't given this network of nefarious websites much thought. But every business owner needs to be concerned about the Dark Web, whether they are a small one-man operation or a larger business with dozens or even hundreds of employees.

The price for complacency is high. Just ask the most recent victims in the Amazon Marketplace.

According to Blog Against Fraud, "many of Amazon’s third party sellers experienced a massive data breach thanks to authentic credentials obtained through the dark web. Fraudsters reportedly logged into the accounts of these sellers – some of them dormant – to sell fake items at deeply discounted prices and changed the associated bank account information to divert the fraudulent profits into their accounts. Nearly hundreds of thousands of dollars were lost before the legitimate business-owners could catch up and reclaim their accounts."

Linked to the famous 2013 Target data breach, the Dark Web has become a source for point-of-sale (POS) attacks, as well as a testing ground for malware and ransomware developers. The Ransomware, WannaCry was sold from the Dark Web.

But the development of malicious software and the sale of credentials is only the tip of the iceberg. Thanks to the Dark Web, those with a score to settle no longer need the necessary skills to carry out a cyberattack. Instead, they can simply hire a hacker via the Dark Web.

According to a recent article published by Business 2 Community, "Hacking as a service is now in high demand, and common criminals are able to obtain malicious code on the black market, meaning that the days of high technical literacy as a barrier to entry for committing white collar crime is gone."

Employees on the inside can also cause lots of damage. For example, an employee with access to the Dark Web could easily solicit anonymous bids for sensitive corporate data, software code, or even access into your system.

Finally, employees who spend work time browsing websites, whether on the traditional internet or Dark Web, are a big source of unproductive time. In fact, their time on the Dark Web could even expose your organization to charges that you encourage or promote illegal activity. As a business owner it is your responsibility to ensure that the resources you provide to your employees aren't being used for illicit activities.

How Businesses Can Limit Risk from the Dark Web

Fortunately, many of the same best practices that keep hackers out and your network secure can also help you combat the growing threat of the Dark Web. In fact it's more important than ever to have strong cybersecurity measures in place and limit access to your vital resources.

Use strong encryption on ALL sensitive data. No exceptions

Be sure to change your encryption method regularly, since outdated encryption makes it easier for hackers to gain access.

Build a strong network

Your network should include multiple intrusion protection, including a high-quality, business-grade firewall and network traffic monitoring. We covered this in our previous article 12 Ways to Protect Your Business from a Ransomware Attack. Detecting intrusions early is the key to handling potential threats before they get out of control.

Establish clear acceptable use policies

Every business needs to establish clear policies on the use of all company resources, particularly workstations and internet access. Make the consequences for accessing the Dark Web or visiting illicit websites clear from day one. Be sure to put your policy in writing and get signatures from all employees as part of your onboarding process.

Setup regular monitoring

All employee workstations and network usage should be monitored regularly to uncover Dark Web activity as soon as possible.

Review access permissions

Be sure to review all access permissions throughout your organization and limit access to those employees who truly need it to do their assigned jobs. Each employee should be given the minimum access they need and no more. This minimizes any employee's ability to leak critical information and narrows down the list of suspects if a breach should occur.

Prepare for Breaches

In addition to securing your network from outside threats and making it more difficult for employees to sell your information to the highest bidder, you'll also need to prepare for inevitable breaches. Detecting problems as quickly as possible will keep you ahead of the problem and may prevent widespread exposure of your vital information.

One way to do this is by monitoring Dark Net Marketplaces (DNMs) for activity that concerns your business. We recommend working with a cybersecurity firm that specializes in Dark Web monitoring to avoid unsafe browsing on the Dark Web, which can open you up to other security issues.

Plan Your Response

Establish a plan to guide your response when sensitive information appears on the Dark Web. Consider how you will inform customers of the breach and assess the legal issues and stakeholders who will be affected. Having a plan in place is crucial to containing the damage from a breach quickly.

It's no secret that businesses today have a lot more to watch out for than they did even a decade ago. But understanding the threats that are out there and taking preventative measures to limit the damage is one of the smartest things you can do to ensure your business continues to thrive in the years ahead.

At FrogWorks, we've made it our business to secure your network against threats and prepare your business to meet the challenges ahead. In fact, our experienced IT consultants have been supporting business owners throughout the greater Washington DC area since 2002. You don't have to go it alone! Give us a call today at 1-240-880-1944 or visit our site to request an onsite consultation.