There’s a good chance that you’ve probably heard the headlines before:
Don’t let the people on the dark web get ahold of your information.
The dark web is a mysterious place.
You can protect your information against appearing on the dark web.
It turns out that all of these statements are scare tactics.
Spoiler alert: Your information is probably on the dark web.
The good news is that you can take action to prevent that information from being useful.
The dark web can be considered the “command and control” side of the Internet.
Originally developed by national defense organizations, the dark web requires special software to access it. Once people get in, they can use browsers to access websites and services much like the Internet most of us know.
The key difference between parts of the web we usually see and the dark web is that the dark web is encrypted. Search engine results do not return pages on the dark web. People’s browsing habits remain anonymous.
This anonymity can be used for legal and ethical means, such as exchanging proprietary business information.
However, the dark web is often linked to criminal activity. In fact, The Economist analyzed dark web data to find that illegal drugs and prescription drugs accounted for the bulk of the sales, but non-drug sales—such as credit card data and hacking services—made up a significant portion, as well.
Now that we know what the dark web is, let’s find out how your information gets there.
Your information is probably on the dark web because of the data breaches that occur on a regular basis.
In fact, Verizon reports more than 53,000 security incidents in the 2018 Data Breach Investigations Report, with 2,216 confirmed data breaches.
When a cybersecurity event happens, your personal information is compromised. The severity of the breach determines how much information is associated.
In some cases, breaches only reveal email accounts. Hackers may buy this email list on the dark web and then use it to send out phishing attacks.
“On average, 4 percent of the targets in any given phishing campaign will click it,” says Verizon. “And incredibly, the more phishing emails someone has clicked, the more likely they are to do so again.”
In more extreme cases, breaches can include passwords and social security numbers along with emails. Hackers may then, for example, create bots that try logging into financial sites with those combinations. If they get a hit, they can log into your bank account and begin withdrawing money.
There are two pieces of good news here.
First of all, the dark web isn’t that alarming once it sheds its mystique.
In fact, being on the dark web today is like being in the phone book used to be. Think about it: the phone book included your full name, your address, and your phone number—many of the same things a hacker is trying to access on the dark web today.
Second, even if your data winds up on the dark web, you can mitigate the potential for being hacked by following some basic security awareness protocols.
You don’t need to worry too much about the dark web if you have security awareness best practices in place.
With outdated information, the data isn’t valuable anymore.
