In our ever-increasingly connected world, cyber attacks are a real and daily concern. In fact, the global cost of cyber crime exceeded $600 billion in 2018.

Cyber criminals are stealing credentials using a wide range of techniques, tactics and procedures. The compromised data has a variety of uses and enables attackers to breach organisations and steal sensitive information.

All it takes is one stolen username and password to gain access to a business’ infrastructure to cause havoc or steal financial information.  So, it’s imperative to be prepared. But firstly, let’s take a closer look at the dark side…

What IS the dark web?

The world wide web can be broken down into three main sections. In fact, you can think of it like an iceberg – the section above the water is the surface web, or public web. This is easily accessed websites that are not locked off by privacy restrictions.

Then, if we look at the iceberg under the water, we have what’s called the deep web – private or gated websites like membership or subscription only, password encrypted sites like banking, Facebook, government and academic websites.

The dark web is part of the deep web, but like its name implies, it consists of a network of hidden and often illegal activity. Cyber criminals can use the dark web to obtain or sell counterfeit or illegal materials. But that’s not all they can do – they can use sensitive data and information to spy, stalk and steal from just about anyone.

In our ever-increasingly connected world, this is a real and daily concern. The reputation of your brand and your business can be put in jeopardy by a single attack.

Thankfully, there are now tools available to search the dark web and see if your details are listed. Head to https://haveibeenpwned.com/ and enter your email address to start the search.

How you can protect yourself

The best practices to protect your organisation from an attack using stolen credentials are:

1. Ensure you have a robust password policy with regular forced password changes.
2. Educate your staff to not use their work email to sign up for personal web-based services.
3. Be smart about your passwords – don’t re-use the same password on every website.
4. Activate Multi-Factor Authentication where available for all web-based services.

Follow these guidelines and ensure you don’t take the security of your organisation or personal information lightly – if you need any guidance on how to protect yourself and your business against online incidents, contact our team.