Identity theft is an all too familiar occurrence for most business owners, but where does the compromised data end up? There is a virtual marketplace where stolen data is purchased and sold by cybercriminals; a place known as the “Dark Web”. The question isn’t IF your information is available on the Dark Web, because chances are it already is. It’s how much of your information is on the Dark Web, and how can you protect your small business from the cybercriminals who have access to it? First, let’s talk more about the Dark Web.
What is the Dark Web?
The Dark Web, which is not accessible through traditional search engines is often associated with a place used for illegal criminal activity. While cybercriminals tend to use the Dark Web as a place to buy and sell stolen information, there are also sites within it that do not engage in criminal activity. For many, the most appealing aspect of the Dark Web is its anonymity.
What is for sale on the Dark Web?
Information available on the Dark Web varies, and can be sold to cybercriminals for as little as $1. Even more alarming, the Dark Web contains subcategories allowing a criminal to search for a specific brand of credit card as well a specific location associated with that card. Not only can these criminals find individual stolen items on the Dark Web, but in some cases, entire “wallets” of compromised information are available for purchase, containing items such as a driver’s license, social security number, birth certificate and credit card information.
What happens to stolen personal information?
When stolen information is obtained by criminals, it can be used for countless activities like securing credit, mortgages, loans and tax refunds. It is also possible that a criminal could create a “synthetic identity” using stolen information and combining it with fictitious information, thus creating a new, difficult to discover identity.
Stolen user names and passwords are becoming increasing popular among cybercriminals, but why? Identity thieves will often hire “account checkers” who take stolen credentials and attempt to break into various accounts across the web using those user names and passwords. The idea here is that many individuals have poor password practices and are using the same user name and password across various accounts, including business account such as banking and eCommerce. If the “account checker” is successful, the identity thief suddenly has access to multiple accounts, in some cases allowing them the opportunity to open additional accounts across financial and business-horizons.
“I’m a small business so I don’t need to be concerned about the Dark Web, right?”
Wrong! Since the Dark Web is a marketplace for stolen data, most personal information stolen from small businesses will end up there, creating major cause for concern. With the media so often publicizing large- scale corporate data breaches, small businesses often think they are not a target for cybercriminals, however that is not the case. Cybercriminals are far less concerned about the size of a business than they are with how vulnerable their target is. Small businesses often lack resources to effectively mitigate the risks of a cyberattack, making them a prime target for identity theft as well as other cybercrime. Check out How to Hacker-Proof Your Business From Costly Attacks for steps you can take today to protects your small business.
Download our Best Practices Guide for our checklist of 21 recommendations you can implement today to secure your organization.
At a recent Federal Trade Commission (FTC) conference, privacy specialists noted that information available for purchase on the Dark Web was up to twenty times more likely to come from a company who suffered a data breach that was not reported to the media. The FTC also announced at the conference that the majority of breaches investigated by the U.S. Secret Service involved small businesses rather than large corporations.
How are the prices of data determined on the Dark Web?
The four main factors driving the cost of personal information on the dark web include:
1. The type of data and the demand for it.
The cost often depends on the type of data and the need or ability to use that data.
2. The supply of the data.
If there is less data available for a cybercriminal to purchase, the value of that data increases.
3. The balance of the accounts.
The higher the balance in the stolen account, the higher the cost of the data. The balance could be the amount of money in a particular account as well as points value (i.e., a loyalty account).
4. Limits or the ability to reuse the data.
If the data being purchase can only be used once, the value of that data is worth less to a cybercriminal than data that can be reused multiple times or across various platforms.
Information can be bought and sold a variety of ways on the dark web, however the most common include: purchasing data as a single item, such as a Social Security number, purchasing bulk data, such as batches of the same information, or purchasing bundled data containing various types of information bundled together.
How can you protect your small business?
To reduce the risks of a cybercriminal gaining access to your company’s information/network, you must ensure you have proper security measures in place. Download our Small Business Cybersecurity Best Practices checklist, and take a look at the FTC’s webpage for resources to assist with security options you can implement today.
It is also recommended to run a dark web scan on your email address, utilize a dark web monitoring tool and monitor your credit report for potential red flags that your identity may have been compromised. B2B tech publication, Tektonika, recommends “the best way to really mitigate against the threat of the dark web is to understand and monitor it.”
What exactly is a Dark Web scan and how does getting one help secure your business? Take a look at our Dark Web Scan Guidebook to learn more.
What to do if your business information is detected on the Dark Web ?
Notify your financial institutions immediately.
Change all your passwords.
Continue to monitor your credit statements and order your credit reports. You can order one free copy of each of your reports once a year from AnnualCreditReport.com.
Consider freezing your credit.
Don’t panic. We can help. Check out our risk assessment tools if you’re ready to take the next steps in protecting your small business.