In this first post in this series, we described what’s known as the Dark Web, and how information about your company, your employees, and your systems may be out there without your knowledge. If you haven’t already read that post, you may want to do so now.
As we mentioned in the first post, ongoing dark web monitoring is just as important as the other steps you take to protect the security and integrity of your data and IT system. After all, a system that’s clean today could easily be compromised tomorrow. What’s even more important than knowing your information is on the dark web is what you should do with that knowledge.
There are two primary areas of focus: the actions you need to take to remediate the current situation, and those you should take to prevent future instances.
Let’s say you’ve discovered that the email address and password of one of your managers — we’ll call him George — is available for sale on the dark web. What’s your next step? You probably thought of the most obvious: changing his email and password. Are you done? You might be if it was an old password and nothing is linked to it. But the longer that information has been on the dark web, the greater the potential damage.
Now that you know the information has been exposed, you need to evaluate the ramifications, consider the potential threats, and take steps to address them. So can you determine whether anyone had access to George’s email? What kind of information was in George’s emails that an attacker might be able to use to gain access to your secure systems or proprietary data? What information could the attacker use to commit wire fraud or set up a credible phishing attack, sending employees emails that duplicate George’s style and approach?
Once you get past the immediate issues, it’s time to focus on prevention. You may need to revise company policies to prohibit actions that create potential exposures. In the previous post, we recalled a situation in which a cybercriminal was able to gain access to digitized signature cards for a company’s bank accounts. So you may want to declare that nobody in the company should scan anything containing a signature.
If you discover that the information wound up on the dark web because an employee unwittingly shared access information after receiving a phishing email (the cause of a disturbingly large percentage of breaches), you’ll want to step up your anti-phishing training. Many companies regularly send fake emails in an effort to identify employees who are potential phishing targets. Doing that, you discover that George is particularly gullible, so you can work with him to make him warier. We can provide customers with excellent resources for security training.
You may also want to sharpen your approach to protecting sensitive information through strategies such as multifactor authentication or endpoint security. The better you understand the types of threats your company faces, the more effectively you can set up a program to combat them. One layer of protection is always good, but having multiple layers and strategies is much better.
Many business people don’t realize that threats like the dark web present a very real danger to the health of their companies. That underscores the importance of having a top-quality IT partner with access to the right resources.
Wondering whether your business has an unwanted presence on the dark web? Brightworks will be happy to perform a complimentary dark web scan of your company’s IT system. We’ll share what we’re able to find and discuss the steps you can take. There’s no cost and no obligation, so please contact us today.