In the previous article we explored how the growing technological landscape of the planet is opening doors for cyber criminals that were previously closed. We also realised that this isn’t the only reason cyber criminality is on the rise – business owners aren’t educating their teams sufficiently on the methods used by criminals or the potentially disastrous effects it could have on the organization should they be successful.
Now we know what the Dark web is and some of the most common methods used by cyber criminals to get access to your data, let’s take a look at the consequences of your data being exposed on the Dark web and some ways to prepare your systems and team to prevent the worst from happening.
Why should I care about my credentials being exposed on the dark web?
Many business owners take the denial approach, telling themselves ‘they won’t bother with my little business’, and ‘my assets aren’t valuable enough for them to bother with me’ – both common statements, but neither of which are true.
As we have made very evident, the Dark web is nothing to just cast off or presume your immunity to, as it has the potential to ruin your organization from the inside out if your defences are not prepared and managed adequately.
As we have already explored, cyber criminals use the Dark web to trade illegal commodities and services, and the most prominent of these commodities is stolen Data. For a cyber criminal carrying out an attack their mind is often on the Dark web as the place for them to make money on their illicit activity, so if you are a victim of an attack the likelihood of your data ending up on the Dark web is high.
Some individuals (whether within an organization or otherwise) don’t help themselves, by using the same password for multiple different systems. Once a cyber criminal gains access to your system with the intention of releasing your Data onto the Dark web, your very presence online could be at jeopardy, let alone just that particular string of Data they have begun stealing. The attacker will have no need to use brute force to gain access to your systems – simply logging in as you elsewhere will suffice. Remember, the modern world has changed everything, to the extent that now if your online presence is in jeopardy then so is the very survival of the entire organization.
How to be best prepared for a cyber attack
Educating your employees on the basics of cyber security is by quite some way the most important method of being prepared for an attack. Education is integral, as most of your employees will have little to no idea what their role is in the protection of the system – this must change as soon as possible.
Every online profile should have its own unique, complex, lengthy password – not the same one but something which is slightly different, and completely unique. Each password should bear no similarities with any others, and it is recommended to avoid using words, phrases, or number/ letter sequences that have a personal connection to you – for example, it’s no good having ‘LALakers1’ because that is too easily guessable. Ensuring each password is unique is particularly important, as using identical or similar passwords for multiple accounts may allow hackers to wreak havoc across your digital estate using a technique known as ‘credential stuffing.’
You probably haven’t heard of this one – Credential Stuffing is the process of cyber criminals either acquiring or buying a large bundle of stolen account credentials and then trying each login on other sites on the off-chance that they get access to that too. Even if a user changes their password on the breached account, the stolen credentials may be the key to unlocking another account somewhere on the web.
Multi-factor authentication requires additional access criteria to be met in addition to a correct username/password combination. This additional information is most commonly something that only the authorised persons would know (like a pin number or answer to a personal security question), something only the authorized person would possess (like a code that is sent to a personal device), or biometric data (like a fingerprint or facial recognition device).
There are many password testing tools on the market that will determine the strength of your password for you. If you use Microsoft’s suite of tools their Safety and Security Centre contains a tool exactly for this purpose.
Secure Mobile devices
Mobile devices are becoming an ever increasingly important part of business functions, naturally meaning that device security has never been of greater concern. If your device is stolen or lost it can easily be accessed unless you implement strict security measures on it. You therefore need to secure all portable devices with pin/ password protection as well as fingerprint or facial recognition controls wherever possible.
The security of your IT landscape is of the utmost importance but achieving this doesn’t rest solely on your shoulders and the tools you implement; your team are the most important tools to ensure the security of your systems.
The human Firewall
The first, last, and most important line of defence for your systems is your users. Your users play a huge role in the continued safety of your systems against cyber criminals and online threats and, as we explained throughout the articles, they are often the link between the tools you have implemented and your IT landscape. Without a competent team you will struggle to believe that your data is safe.
We hope these articles have familiarised you with the Dark web, the potentially dire consequences of your data ending up there, and the ways in which you and your team can avoid this happening.
Your small business – secured
At Grapevine, our team of dedicated engineers can meet any technical challenge you may come across. We take our time in getting to know you, your business, employees, and your goals for the future so we can then find the best technological solution for you to guarantee constant security. Our years of experience leave us primed and ready with all the tools needed to ensure a top-quality service, now and into the future. Contact our team and let us start our journey together today.
Contact our team and let us start our journey together today.