Every October, the National Cyber Security Alliance and the Cybersecurity and Infrastructure Security Agency team up with the security industry to host National Cyber Security Awareness Month. We think this is a great opportunity to recap some of the things we’ve been teaching our clients regarding security.
Recently, our clients received a DarkWeb report. This report listed accounts that have been compromised in one way or another. But, how did they get there? What does it mean?
Surface web, Deep web, and Dark web explained
Let’s start with the three levels of the internet. These are often explained using an iceberg as an example.
The Surface web includes all items available to the public. If you can get it to show up in Google, it’s a part of the Surface web. You are currently reading a page that is in the Surface web.
The Deep web is simply all items that are not available to the public. These pages will not show up in your search engines. This isn’t necessarily bad. Items such as your Gmail inbox or Amazon shopping cart are technically part of the deep web. These pages are not going to show when you search for them. The deep web can also be pages that aren’t necessarily bad but are purposefully kept from search engines. These could be any number of things and used for many purposes. Facebook has a deep web page, used primarily by people in places that censor users.
The Dark web is where things get dicey. The dark web is only accessed using special software/browsers and allows the user to remain anonymous. While not all activity is illegal, because of its anonymity, it is a breeding ground for illegal activity. You cannot accidentally find yourself in the dark web, you have to be looking for it.
How Your Information Can End Up on the Dark Web
When there is a security breach that you hear about in the news, what usually happens is someone has found a way to hack into a database that contains user information. This information is then placed in the dark web and is usually put up for sale to other bad guys who plan to do harm. There is a very high chance that your information is out there on the dark web right now! This does not mean that you have personally been hacked, but you are susceptible to hackers.
These security breaches don’t necessarily make it to the news every time. You cannot trust all of your account holders to report a breach. Sometimes, they don’t even know about a breach until much later.
What Our Dark Web Reports Reveal
This report comes from a service that we use. What they do is crawl through the dark web for any information that is posted using your domain (@yourcompany.com). They go through chatrooms, open forums, and other sites where the “bad guys” who have obtained information can post it for other “bad guys” to have access to. The items that show on your list are associated with an account that was most likely part of a data breach somewhere.
This doesn’t have much to do with your Microsoft 365 accounts, just the email address that was used to create an account. The biggest threat to watch out for is users who use the same password on multiple accounts. If a password for someone’s Google account is part of a breach, and that same password is used on other accounts like Facebook, Amazon, banking accounts, etc. Then ALL of those accounts are at risk.
What to do if Your Information Shows up on these Reports
The first thing that you will want to do is change all of your passwords on ANY account that uses the email address found on the report. Use the following criteria to create complex passwords:
- At least one Capital letter
- At least one lower case letter
- At least one numeral
- At least one special character
- Do not use common words
- Do not use personal information such as addresses or dates
- Use the max amount of password characters that the account will allow for.
Using MFA (Multi-Factor Authorization) wherever possible is your best option to thwart hackers from getting into your accounts. If your accounts allow for it, we advised turning it on immediately.
There is little we can do to prevent data breaches that come from other companies. Unfortunately, this is a part of the world we live in now. Technology gets better and better at thwarting attacks, but the “bad guys” are quick to find ways around the measures put in place. Using complex passwords, MFA, and checking for items in the dark web are some of the best ways to keep your data safe!
About Harbor Computer Services
Harbor Computer Services is an IT firm servicing Southeastern Michigan. We work exclusively under contract with our clients to provide technology direction and either become the IT department or provide assistance to the internal IT they already have. We have won many awards for our work over the years, including the worldwide Microsoft Partner of the Year in 2010. We’re the smallest firm to have ever won this most prestigious award. Most recently we were recognized as one of the top 20 visionaries in small business IT by ChannelPro Magazine (2015). And in 2016 as the top Michigan IT firm for Manufacturing. There are a few simple things that make Harbor Computer Services the best choice for your business. •We are Professionals •We are Responsible •We are Concerned About The Success of Your Business