Technology opens up opportunities that businesses simply would not have had twenty or even ten years ago. The Internet in particular has grown to become the primary communication tool for many businesses. Without the Internet, global business would probably not be flourishing as it is today.

 

In the same way that the Internet creates opportunity and facilitates growth, it can also create risks. Recently, businesses have started to become aware of the Dark Web, an area of the Internet that is associated with nefarious and malicious criminal activity.  Businesses today have the responsibility of understanding the Dark Web, and the threats that it can create.

​

What is the Dark Web?

​

The Dark Web is a term that refers specifically to a collection of websites that exist on an encrypted network and cannot be found by using traditional search engines or visited by using traditional browsers. Almost all sites on the so-called Dark Web hide their identity using the Tor encryption tool. It is used for both criminal and reputable purposes.  Criminals exploit the network’s anonymity to buy and sell weapons, drugs and other illicit items, while organisations like the UN and Facebook use encryption to protect dissidents in oppressive countries.

 

How is the Dark Web accessed?

​

In order to access the Dark Web, it is necessary to download special browser clients (the most popular of which is Tor).  These tools do two things: they connect users to the subset of networks that make up the Dark Web and they anonymise every step by encrypting where you are, where you’re coming from and what you’re doing.  You will be anonymous, which is one of the most alluring aspects of the Dark Web.

​

What threats does the Dark Web pose to businesses?

​

While criminals have been using the dark web for years to sell illegal items, they’re also using it more and more to sell something more valuable — stolen and leaked corporate data.

 

Today, every business has a wealth of valuable data, whether it’s employees’ personal details, corporate credit cards or sensitive client information. Criminals want to get their hands on that, so they can then sell it on the Dark Web to make some easy money. 

​

And it’s not just the big firms who are targets. Small businesses are equally at risk, if not more so because they often lack the cybersecurity resources to deal with the problem. And every industry is equally at risk. Once perpetrators get hold of your data, they can wreak havoc with it. With corporate credit cards, criminals can buy what they want. With employee personal details, they can target victims with phishing attacks and fraud, and with client information, they can blackmail you.

​

How can businesses stay safe from Dark Web threats?

​

There’s no single security solution that can protect against all eventualities.  Criminal parties evolve their techniques to stay competitive with current security solutions, which is why businesses also need to take a proactive approach to network and systems security.

​

• Assume that your company is a target. Far too many businesses fall victim to a data breach by assuming that hostile actors are not interested in them. If your company has customer or client information, you are a target. If you store information about yourself and your employees, you’re a target.

 

• Implement robust firewalls and layer your defences.  Make sure your network is protected by secure firewalls that prevent unauthorised network access while facilitating outward communication. By installing firewalls and making sure your network is segmented correctly, you may be able to prevent outward attacks by hostile actors and can prevent them from moving laterally throughout your network if they can get in.

 

• Change your passwords.  Often the most straightforward security protocols are the ones that are most frequently overlooked. Make sure to change all of your passwords on all of your business’ devices regularly to prevent compromising your network’s security.

 

• Back up your data regularly. You should make sure to schedule regular backups to the cloud or to an external hard drive to ensure that all of your critical data is stored safely and can be recovered quickly in the event of an attack. This step is essential in case a user is compromised and their email gets hijacked. It is recommended that you schedule incremental backups every night, and a complete backup of your servers each week. Make sure that your cloud accounts or devices are not connected to the computers and network that you are trying to back up!

 

• Educate your employees on proper “cyber-hygiene. ”The most robust firewalls and most extensive network monitoring are useless if your employees do not practice proper cyber-hygiene (also known as Security Awareness Training (SAT)). Employees who click on harmful links, fall for phishing attacks, or use weak passwords can allow cybercriminals to gain a foothold in your network quickly.

​

​

​

​

​