This year at the Lancaster County Chamber of Commerce EXPO, our team ran dark web searches of visitors and their businesses. Of the dozens of searches that we ran throughout the event, only THREE came up clean, meaning the majority of visitors to the show had some level of personal data available for sale on the dark web. Unsurprisingly we were asked over and over again "What do I do, how can I fix this?". Unfortunately the short answer is, you can't. Once the info is out there, there's nothing you can do to retrieve it, however, there are things that you can do to make sure that your uncompromised data remains secure.
Create Secure Passwords
75% of all internet users use the same or similar passwords across all the websites they use. If a hacker obtains your credentials from one site, then all sites that you use become at-risk for compromise. Protect your credentials by following some basic rules when setting up accounts on different sites:
- DO NOT use the same password for all websites. If one site is compromised, then all sites become compromised.
- DO make sure passwords are at least 12 characters long. The longer a password is, the more difficult it is to guess/crack.
- DO use combination of Upper Case, Lower Case, Numbers, and Symbols to make the password more difficult to guess.
- DO NOT use patterns. Patterns are easy for a hacker to identify and crack.
Be cautious of emails with embedded web links
Many online services will send you emails with web links in them to make it easy for you to log into their site/service. Hackers know this and take advantage of this practice by creating fake emails that look legitimate, but are actually designed to steal your credentials.
For example: You receive an email from your bank indicating that you have a new message. The email contains a link to log into the message center to retrieve the message. You click on the link and log in with your bank account credentials, unknowingly providing your credentials to a hacker. You can protect yourself from this kind of compromise by taking the time to log into the bank’s site directly instead of using the link in the email. This will ensure that you are logging into the legitimate site, and not a spoofed or proxy site.
Use encrypted email for sensitive information
If you use email for sending or receiving sensitive information like social security numbers, credit cards, health information, usernames and passwords, or even things that seem as benign as your name, address, and phone numbers, you should be using encrypted email. There are many companies offering email encryption services, and most spam filtering companies will offer some type of encryption service as an add-on. Email encryption reduces the chance that a hacked email account can be used to compromise the information being sent.
For example: You might be asked to provide your social security number to someone. You send them an email with your SSN. That person’s email is then compromised. The hacker now has your SSN and may either use it or try to sell it on the Dark Web. If that email was sent through and encrypted email service, the hacker would not have been able to access or read the email, keeping your SSN safe.
bE CAREFUL ON Social Media Websites and Apps
Everyone uses them, Facebook, Twitter, Instagram, Snapchat, etc. While these sites seem fun and inviting, they are a haven for hackers and can be some of the worst places to visit. Posting personal information on social media sites allows the world to see everything about you. Additionally, these sites make money through advertisements. While the companies do their best to filter junk ads, occasionally a malicious ad will make it into the system. If you are an unlucky visitor and a malicious ad pops up on the page, you may be infected with anything from a benign (but very annoying) adware app, or something as bad as Ransomware, locking you out of your computer and encrypting all your files until you pay a ransom fee. Using Antivius/AntiMalware software that monitors both your files AND your web browsing can help protect you from these types of threats.
UsE a VPN service
Many people may have seen ads for VPN services to help keep your information secure. Using a VPN service will not stop viruses or malware, but it does protect your information from being scanned by your ISP or upstream service providers. Many service providers will monitor your internet traffic/usage and log where you are going and what you do online. While this may not seem overly concerning for the general user, if that ISP’s logs are compromised, then a hacker could have access to all that information. Do not be deceived by the SSL secure sites that you go to (HTTPS). While the sites are encrypted and your data to that site is secured, ISP’s, and even some businesses, are able to inspect that SSL traffic and still access the encrypted contents. A VPN service will keep them from being able to see that data. When looking for a VPN service, use one that has a written policy of not logging anything. This is the most secure as even if the service is hacked, there is no information for the hacker to retrieve.
Is your company in need of IT and CyberSecurity support?
We provide a range of technology services to support your growing business.