We don't often discuss online security or the Dark Web. While companies did a good job of securing their internal networks, working from home has opened up businesses to additional threats of intrusion and hacking.
20% of companies stated they faced a security breach as a result of a remote worker.
Cybersecurity is no longer just a CTO's responsibility. Since trust is the most valued currency on the web, it's critical that marketing executives build their awareness of the risks as well as how to manage any public relations issues that could follow the fallout. As well, with marketing teams working remotely with precious client data… the opportunity for a security breach has significantly increased.
The Types of Deep Web
The Internet is loosely classified into 3 regions based on how accessible the information is there:
- Clear Web or Surface Web – the region of the Internet that most of us are familiar with, this is publicly accessible web pages that are largely indexed on search engines.
Everything that we can find on search engines makes up just 4 to 10% of the web.
- Deep Web – the Deep Web are regions of the Internet that are hidden from the public but not meant for malicious activity. Your email, for example, is the Deep Web (it's not indexed by search engines but fully accessible). Marketing SaaS platforms, for instance, are built in the deep web. They require authentication to access the data within. 96% of the Internet is the Deep Web.
- Dark Web – within the Deep Web are regions of the Internet that are intentionally and securely hidden from view. It's an area of the web where anonymity is critical so criminal activity is more prevalent. Breached data, illicit criminal activity, and illegal media can be found, bought, and sold here. There have already been reports of the COVID-19 vaccines being for sale on the Dark Web!
The Dark Web Explained
It's important to state that the Dark Web isn't purely for criminal activity… it also empowers people through anonymity. In countries that restrict free speech or closely monitor their citizen's communication, the Dark Web can be their gateway to being uncensored and finding information that isn't propagandized or used by the government. Facebook, for instance, is even available via the Dark Web.
Only a small fraction of users globally (∼6.7%) are likely to use the Dark Web for malicious purposes on an average day.
Source: The potential harms of the Tor anonymity network cluster disproportionately in free countries
In a free country with free speech, it's simply not a place that one needs to be, though. In the three decades I've worked online, I've never had a need to visit the Dark Web and most likely never will.
How Users Get To The Dark Web
The most common access to the Dark Web is through a Tor network. Tor is short for The Onion Router. Tor is a non-profit organization that researches and develops online privacy tools. Tor browsers disguise your online activity and you may even need to be invited to access specific .onion domains within the Dark Web.
This is accomplished by wrapping every communication in multiple layers of encryption that are transported through multiple routing points. Tor communication initiates at random to one of the publicly listed entry nodes, bounces that traffic through a randomly selected middle relay, and finally resolves your request and response through a final exit node.
There are even sites to search for resources even the Dark Web. Some can even be accessed via a typical browser section… others are Wiki-style directories that are assembled by users. Some utilize AI to identify and exclude illegal information… others are open to indexing everything.
Dark Web Monitoring
The majority of criminal data that is bought and sold on the dark web are breached databases, drugs, weapons, and counterfeit items. Users utilize crytpocurrency to make every currency transaction decentralized and anonymized as well.
Brands don't want to find their breached data on the Dark Web… it's a PR nightmare. There are dark web monitoring solutions out there for brands and you're likely already being monitored by other organizations for your personal information being found.
In fact, when I used my iPhone to login to a site and store my password with Keychain, Apple warned me when one of my passwords was found in a breach… and it recommends that it be changed.
- Keep all your software up-to-date, not just your anti-virus software.
- Use many strong passwords – don't have a single password for everything. A password management platform like Dashlane works well for this.
- Use a VPN – public and home wireless networks may not be as secure as you think. Use VPN software to establish secure network communications.
- Check all your privacy settings on your social media accounts and enable two-factor or multi-factor login everywhere you can.
I don't have a single critical account that I don't have to first enter my password and then get a second passphrase texted to my phone or looked up via a mobile authenticator app. That means that, while a hacker may procure your username and password, they would have to have access to your mobile device to retrieve the passphrase via text message or an authenticator program.
Look for a padlock or HTTPS in your browser window – especially when online shopping. That's an indication that you have a secure, encrypted connection between your browser and the destination you're visiting. This basically means that someone snooping in on your network traffic can't see the information you're passing back and forth.
- Don't open or download attachments from unknown email addresses.
- Don't click any links within email messages if you don't know the sender.
- Make sure your VPN and firewall are enabled.
- Have a set-limit on your credit card for online transactions.
If you're a business and have been alerted to a data breach and the information being found on the Dark Web, deploy a PR crisis communication strategy immediately, notify your customers immediately, and help them to mitigate any personal risk.
Disclosure: I am using affiliate links for external services in this article.