Once upon a time, before entering a cave or mine shaft, coal miners would lower a cage with a canary to see if the cave had enough oxygen to work safely and to check for harmful gases such as carbon monoxide.
If the cave was safe, the canary would be pulled back to the surface, most likely singing for joy. If the cave wasn’t safe… well, at least the miners were warned.
Though we don’t use canaries when it comes to cybersecurity (to a canary’s delight), we do have a tool that warns you if your credentials have been compromised before you get into trouble.
That tool is dark web scanning.
If you’re unfamiliar with the idea of the dark web, here’s a helpful article that we’ve written covering the difference between the dark web and the internet we know and love. To summarize, the dark web is a multi-layer-encrypted network that criminals use to sell, exchange and exploit confidential information such as your identity, bank information, and more.
Because this platform exists but successfully evades detection, it’s a powerful tool that criminals use to make money off of your stolen information, if you don’t know your information has been compromised. In other words, the dark web thrives on your lack of awareness. So how do you protect yourself from the dangers of the dark web? You guessed it — gaining awareness!
How does dark web scanning protect me?
Dark web scanning applications do exactly what the name implies: they scan the dark web to see if your information exists anywhere on the platform. Once your credentials are on the dark web, there’s unfortunately no way to remove them or be fully assured that they're not in a criminal’s possession. However, being aware that your credentials have been compromised gives you the ability to cancel credit cards or alert the FTC (Federal Trade Commission) of potential identity theft before the exploited information is used to harm you.
While there’s no fully-effective method of guaranteeing your credentials stay off the dark web, you can instantly remove their value and protect yourself from harm if your dark web scanner alerts you to any information breaches.
How can I prevent my credentials from being stolen in the first place?
Companies that suffer a security attack lose the trust of 60% of their customers instantaneously, and that lack of trust causes many to reconsider whether or not to continue services.
Just because there aren’t 100% guaranteed methods of keeping your information off the dark web, (just like there are no 100% guaranteed ways to ensure your physical belongings will never be stolen), you can still do a lot to protect your information online. There are many security precautions and applications — both free and paid — that go a long way in preventing your business’s information from being stolen.
Cybersecurity habits to implement with your team – yesterday:
- Password management: Passwords are so important, yet so easy to forget. (Just like important dates: I’m sorry about your birthday, Mom!) Using password management tools like V-Doc™ My Glue, you can create secure passwords that are all stored in a secure location for easy access. Yes, it takes a few seconds longer to get into your computer than just typing “1234,” but it puts you miles ahead in keeping your information secure.
- Two-factor authentication: Alongside password management tools, using two-factor authentication (2FA) is one of the most effective roadblocks in preventing unauthorized users from gaining access to your information. It can be a hassle as well, but we strongly recommend that you implement 2FA with your team today.
- Enforced password policies: There’s a reason we include this after the password management and 2FA recommendations. It’s because those password protection strategies can be frustrating and inconvenient, and sometimes your employees just won’t want to do them. That’s why it’s critical to have strong password policies in place that you regularly encourage (and enforce) with your team.
- Reporting suspicious emails: We know you’ve heard this before, but it’s critical that you and your team know to never open emails from individuals you don’t know or trust. This is a primary method attackers use for launching a phishing attack to gain private information. Here’s how you and your team members can report suspicious emails before they cause harm.
- Dark web scanning: Yes, it’s on this list, too! No matter what preventive measures you take, always, always ensure your data hasn’t been compromised by using tools that perform dark web scanning.
And if you need more, here are six other quick tips you can apply to protect your information online!
Following a fairly typical pattern of human behavior, attackers usually take the path of least resistance when it comes to stealing information. The harder you make it for your information to be accessed by unauthorized users, the higher chance you have of keeping it safe.
What dark web scanning tools can I use?
Here are some of the free dark web scanning tools that we stand behind for individuals, families, and small businesses with less than 20 employees:
- Have I Been Pwned? Well, after entering your email into haveibeenpwned.com, you’ll find out! This is a free web service that performs a search to determine if your email (or any personal information attached to your email address) is on the dark web.
- Dashlane. Dashlane is a great dark web scanning app that has both free and premium services. It also offers individual, family, and business plans to meet your needs without incurring costs that you don’t really need. We love Dashlane!
For larger commercial clients, we recommend using a paid dark web scanning application or service to stay aware of any potential information theft. The more people you add into the equation, the more targets criminals have to steal from, so paid applications or services for businesses with 21+ people are highly recommended.
Here at Varay, we use an advanced automated ticketing system that performs consistent scans of the dark web, alerting us and our clients the moment a compromise is found. This way, our clients can update passwords and change private information the moment it’s available to be exploited.
We understand how intimidating it can be to stay vigilant and safe online. But we’re also here to guide you through the process! Download our trophy phishing ebook to learn more about how hackers target specific roles within a company and contact us for specific security questions you have about your business.