The internet that you use is only a fraction of what is available on the world wide web. There is another whole segment of the web most companies don’t commonly think about – the dark web. The activities that take place on the dark web are frequently illegal – and some specifically target small businesses like yours.
It’s important to understand this hidden layer of the web so you can protect your company and personal data from falling into the hands of hackers.
Surface Web vs. Deep Web vs. Dark Web
The Surface Web
Most people think of the surface web when the internet comes to mind. Commercial search engines like Google rely on indexes for browsing purposes. The actual size is around 19 TB and holds nearly one billion websites. While that seems massive, the surface web represents only 10% of the internet.
The Deep Web
The deep web represents the rest of the internet most visitors never access. None of the content uses indexes, yet it is still extremely organized and filtered. Most of the material housed in the deep web is used for innocuous purposes. It stores academic information, medical records, legal documents and other resources. At roughly 7,500 TB, the deep web dwarfs the size of the surface web.
The Dark Web
The dark web represents a real threat to the security of businesses and individual users. It is an unregulated portion of the deep web where many illegal activities occur, which explains why the two often get conflated. This is where personal information, login credentials and business data are sold.
The dark web was developed by the military to create a space to send private communications. When the infrastructure went open-source, it became the platform for facilitating illegal activities. Surfing the dark web isn’t illegal but engaging in unlawful activities is still a crime.
Accessing the Dark Web
Accessing the dark web requires particular browsers like Tor, which was also developed by the military and was eventually released to the public under a general license.
Tor works by directing internet traffic through a free, worldwide volunteer network consisting of more than 6,000 relays which conceal a user’s location and usage from any internet traffic analysis or network surveillance. The security challenge with Tor and similar browsers is avoiding viruses and other malware, since they lack built-in security features that protect against these threats. So, if an employee decides to download Tor on a work machine and do some browsing on the dark web, clicking on links increases the chance a hacker will be able to infect the computer and, potentially, your business network.
Information Obtained from the Dark Web
Activities that come to mind when you think about the dark web probably include:
- Black markets for selling drugs and stolen weapons
- Communication between terrorist networks
- Trade of illegal pornography
These activities may not specifically affect your business. But, the creation of phishing sites cloned from legitimate webpages, the development of botnets that disrupt website traffic or suspend servers, or building websites dedicated to fraud can all impact your business. Especially, if your team lacks cybersecurity awareness.
Why Small Businesses Should Be Concerned
There is a growing market on the dark web for user passwords and login credentials. Email credentials are going for as little as 50 cents a pop and can wreak havoc personally and professionally.
It might not seem relevant that hackers get hold of your employees’ Amazon email credentials and sell them on the dark web. But, think about how most people sign up for internet-based services. You might use the same credentials to sign into your Amazon account as you do your office workstation. A hacker who only obtains your Amazon login info can use it to access your work computer and ultimately your network and servers. They can then launch ransomware or phishing attacks to gather even more confidential information.
How You Can Protect Your Company Data
Businesses can keep confidential data from being trafficked on the dark web by employing the following strategies:
- Conduct proper user training on the secure use of company systems.
- Establish email protocols that emphasize recognition of social engineering schemes and problematic URLs.
- Regularly scan the dark web space to locate information leaks.
- Enforce company-wide password policies.
If you are unsure about your ability to protect your data from the dark web, contact On-Site Computers today for an evaluation of your company’s information security.
Mike Bowe | Published on June 11, 2019