Rein in Privileged Users to Reduce Information Security Risks

“With great power comes great responsibility.”

That isn’t just a comic book saying; that’s reality. Ensuring that those who have great power use it responsibly can’t be left to chance; that’s also reality. That’s why having a process to monitor and control privileged account usage is a critical piece of ensuring your information security.

Privileged Account Powers

Privileged accounts are the ones with the power of creation and destruction. They’re the administrator accounts that create other accounts and grant powers to other users. They’re the accounts that turn systems on and shut systems down. They’re the accounts that define configurations that control how systems behave. They’re the superuser accounts that can read all data and make any changes. They’re completely necessary, and at the same time, completely dangerous.

Risks of Privileged Accounts

The big risk of privileged accounts is that if they’re compromised—if their credentials are compromised or an employee acts improperly—they can create big damage. Access to all data means all data can be tampered with or stolen. Access to configurations and controls means systems can be altered to behave in unapproved, ineffective, or dangerous ways. Because these accounts are so powerful, they’re tempting targets for hackers. Often, these accounts are ridiculously easy to break, because systems have built-in admin accounts needed to install and configure them for use, and the default settings aren’t changed.

Managing Privileged Account Risk

The first step to managing privileged account risk is to limit privileged account usage. You need to determine where the balance lies between empowering employees and protecting your business. Giving every employee admin access on their PC or to a critical business application may help some tasks get done more quickly, but it also increases risk. Because many companies don’t know where all their privileged accounts are, an audit is often necessary to identify them so they can be managed.

Once you know where the privileged accounts are, you can take steps to control them. This likely means removing privileges from some user accounts. Users should have the minimum set of privileges necessary to perform their job functions. Using role-based access controls can help ensure that only appropriate privileges are granted.

Ultimately, though, some users need privileges. They should each have their own accounts, and passwords should be randomized and changed frequently; passwords that don’t change are vulnerable to attack. Use multifactor authentication to enhance the security of these accounts. Users should access their privileged accounts only when needed to perform a privileged function; actions taken by the privileged accounts should be logged and reviewed.

The reviews don’t need to be manual; there are threat analytics programs that can first identify normal patterns of access and then identify any deviations that may indicate improper use. Should improper use be detected, you need an incident response process that shuts down the account and minimizes damage.

Tools for Managing Privileged Accounts

Tools can help you implement the necessary management and monitoring of privileged accounts. Credentials can be kept in a “vault,” with users required to request access through a workflow. This prevents these accounts from being shared and used without authorization. Delegation allows users to be granted a subset of admin functions. Session monitoring creates a record of user activity within the privileged account.

All user accounts need to be securely managed. CCS Technology Group helps businesses develop and implement comprehensive data security solutions to secure data, networks, applications, systems, and accounts. Contact us to learn more about implementing information security that protects your business.

Additional Information Security Resources

Don’t Overlook These Information Security Basics

Don’t Click That Link! Protect Your Business Against Phishing Emails

7 Common Mistakes That Place Your Data in Danger

Make Sure Your Disaster Recovery Plan Isn’t Just Words on Paper

A written disaster recovery (DR) plan is a good start towards making sure your business can resume operations after an outage, but you won’t know how good those words are until you put them into action. Because you don’t want to find out your plan is incomplete or incorrect during a crisis, it’s important to schedule periodic disaster recovery tests to try out your plan before you need to execute it for real.

Types of Disaster Recovery Tests

There are several different ways you can test your plan:

  • Circulate for comment. Distribute the plan to everyone who would participate in it and solicit their comments and feedback.
  • Walkthrough the plan. Gather everyone who would participate in the plan in a conference room or on a conference call. Read through the plan as a group—out loud, not silently. Because there is group interaction in this approach, you’re likely to surface issues that won’t be identified when individuals read through the plan separately.
  • Tabletop testing. Similar to a walkthrough, the participants are gathered together. Rather than read through the plan in isolation, they are presented with a typical failure situation and called upon to resolve it. This can identify planning gaps and failures that are not addressed by the DR plan. It’s important to choose realistic failure scenarios and that the participants are not informed of the scenario in advance.
  • Parallel test the plan. Bring up the disaster recovery systems and test whether they can execute a day’s work. The production systems run in parallel, so the only impact on routine business is that some personnel have to perform tasks on the disaster recovery systems.
  • Failover test. Simulate a production outage by gracefully shutting down the primary servers and failing over to the secondary site. This test method impacts ordinary production work so it may be better to execute this process on a weekend or other low volume time period. This process requires additional work to bring the primary servers back online after the test is complete.

Learn more in Craft An Effective Disaster Recovery Plan.

Disaster Recovery Test Follow-up

Whichever test strategy you choose, the test process isn’t over when the final system is brought back online. After the test, the DR plan needs to be updated to reflect:

  • missing applications. It’s not uncommon for applications to be overlooked when the DR plan is written.
  • missing or incorrect steps. The processes for bringing up applications may be missing some steps, miss some dependencies, have steps in the incorrect sequence, or contain errors in the details of the commands to be executed.
  • incorrect timings. Every application should have a recovery time objective which the recovery plan attempts to meet. If the test shows recovery can’t meet those objectives, the plan needs to be revisited to determine how it can be altered.
  • missing communication. Plans often fail because important notification steps are omitted.

In addition, you should always consider how the plan would have worked if this was an actual, unscheduled outage.

Learn more in Don’t Improvise Your Way Through Disaster Recovery.

Repeat the Test

If there were major failures during the test, take time to revise the plan to reflect those problems and then schedule another test to verify the corrections. If the recovery process mostly worked as planned, you can wait until your next regularly scheduled test—usually annually, though some prefer twice annually or even quarterly—to test the update.

CCS Technology group offers disaster recovery planning services. Disaster recovery testing is an important part of your business continuity strategy. Contact CCS Technology Group to learn more about writing and testing your DR plan.

Digital Transform in the Distribution Industry and How Cloud ERP Can Help

Discussions about digital transformation often lead off with the phrase, “Just imagine if…” Just image that you could use Internet of Things (IoT) sensors to build a new kind of relationship with customers. Just imagine that you could track an order from receipt through delivery in real time. For a lot of companies, it’s pie in the sky. In distribution, the pie has already been served. You just have to order a slice. You don’t have to “just imagine” a digital transformation if you have the right tools.

Digital Transformation, the Concept

What is digital transformation? Briefly, digital transformation is a concept that started out in life as marketing hype but is quickly becoming reality. At its core, digital transformation involves using advances in application integration technology, cloud computing, data analytics and “edge computing” IoT devices to transform your relationship with customers, employees and partners. It enables you to venture into new business models and competitive strategies.

Digital Transformation in Distribution

The distribution business was actually an innovator in the practices that now comprise digital transformation. Distributors adopted computer-based order tracking, inventory management and the like years before anyone else. You may not remember, but before about 1990, if you shipped a package, you had a 0% chance of knowing when it was going to be delivered. You could call the carrier and ask, but they didn’t know.

Today, instant online or phone-based order tracking, along with dozens of comparable real-time processes, are simply an expectation of doing business. The problem with this is that once business practices become a given, they are no longer competitive. If every distribution company offers online order tracking, your distribution business is another dime, among dozens. Learn more in Looking at 2020 Distribution Industry Trends with ERP in Mind.

The challenge—and opportunity—for distribution companies is to use technology to take the business to new levels of efficiency and competitiveness. This is not always easy, but the tooling is definitely available to make it happen if you want it. With cloud ERP solutions like Acumatica, distributors can implement a range of digitally transformative processes and practices in their businesses. These include:

  • Maintaining a real-time view of your customer’s activities across all your operations. This is made possible by integrating field service operations software with back office systems.
  • Tracking customer engagement from first contact through opportunity creation, price quoting order processing, scheduling of installation and follow up field services—connecting mobile devices with ERP and accounting software as well as with data analytics and reporting tools.
  • Using data visualization to spot issues in field service quality—and react in real time with route optimization
  • Leveraging Artificial Intelligence (AI) for predictive maintenance that optimizes field service and keeps customers happy
  • Discovering the optimal marketing processes to identify and convert the best prospects into high-grossing accounts—by analyzing account performance data with marketing campaigns
  • Increasing back office productivity by automating workflows and becoming more efficient at document management, e.g. for contracts and sales orders
  • Integrating with partner firms for better supply chain management and customer service

Acumatica Distribution Edition delivers, giving your business control over their supply chain and logistics activities, including warehouse management, inventory management, and order management. Built in the cloud and customized for your needs, Acumatica helps companies improve customer satisfaction, reduce order times, and control costs across the entire supply and distribution chain.

CCS Technology has considerable experience in the distribution vertical, equipping clients with industry-specific tools that ensure a smooth process, top-notch security, and consistent reliability. We’ll make sure your clients can count on you. Contact us to learn more.

Additional Distribution Resources

Benefits of ERP Software for Distribution Business Management

Making the Most of KPIs in Distribution

5 Reasons Distributors Need ERP Software

Choose the Right IT Service Type to Best Meet Your Business Needs

IT services come in several different forms. If the service type you choose doesn’t match your requirements, you won’t get the benefits you expect and will likely be disappointed by your experience. Make sure you know what different IT services offer so the one you select is a good fit for your business.

1. Break-fix

Break fix services provide support to fix problems after they occur. When hardware breaks or software fails, you can call the break-fix company to investigate and resolve the problem. This approach is entirely reactive and doesn’t look beyond the immediate problem.

2. Contractor

A contractor is effectively an addition to your staff without adding a permanent employee. Through the contracting agency, you’ll select someone with the appropriate skillset for the job. They then work under your direction on whatever assignment you give to them. While contractors are sometimes called consultants, a contractor’s services are less independent than true consulting.

3. Consulting Services

Consultants are brought in to solve specific problems. Unlike contractors, consultants are expected to think independently to develop solutions to larger problems. The scope of the consulting work is up to you. Generally, you provide the consultants a statement of the problem; they investigate to determine the requirements, propose a solution, and complete the project implementation.

4. Outsourcing

When you outsource your IT to a provider, you hand over control of your IT resources to the outsourcing firm. They handle all the ongoing support. Unless you request a project to expand or upgrade your IT technology, the focus is on maintaining your current infrastructure.

5. Managed Services

With managed services, as with outsourcing, you rely on a provider and their staff to provide you with IT services including monitoring and support. However, unlike outsourcing, the managed services provider looks towards your future needs. Outsourcing is “outside” of your business. Managed services providers are partners with your business and take ownership of resource-related issues, including making sure the infrastructure will support your business as it changes. They can recommend and implement the infrastructure you will need tomorrow, not just support the infrastructure you need today.

Learn more about the benefits of partnering with a managed services provider.

Be clear: none of these services is better than any other, but one might be a better fit to your business. It entirely depends on what your IT challenges are, the level of IT expertise you have in-house, and how much control of your IT resources you’re willing to turn over to a third-party. Contact CCS Technology Group to discuss how our IT services match your business and IT needs.

Interested in learning more? Find out the benefits of working with IT pros.

Balance Risks and Rewards When Making the Cloud Decision

Deciding to invest in cloud technology, like making any IT investment, requires balancing the risks against the rewards. This scale will tilt differently for every business depending on its internal priorities and the challenges of its internal IT. How do these numbers stack up for you?

Assessing the Cloud Risk Balance

There are a number of cloud risks you should consider, along with ways they can potentially be mitigated.

Risk: Security

For many businesses, the security of cloud remains a major concern. With data in a shared environment that isn’t completely under your control, there are new threats to data security.

Balance:

There are threats to data security within your own data center. Many businesses lack security expertise on staff, and they are behind on basic security measures such as patch installation. In the cloud, you have the benefit of the cloud provider’s security team, and they handle much routine support and maintenance.

Mitigate:

You can mitigate data security risks in the cloud by taking advantage of tools that help ensure a secure environment and authorized access to data. Many cloud providers have documented best practices and can analyze where your configurations don’t follow those suggestions. You can often implement your own security measures with firewalls, cloud access security brokers, and encryption. Learn more in 6 Ways to Keep Your Cloud Secure.

Risk: Over-spending

Although cloud can be lower-cost than on premises infrastructure, it’s easy to spend more than expected. These unexpected expenses can come from higher demand than anticipated or through self-service, on-demand instantiation of new, unapproved services.

Balance:

Although cloud spending figures can be substantial, they are generally nowhere near the scale of the capital expenditures associated with on premises infrastructure. In addition, on-demand cloud access gives you greater flexibility and agility than if you have to provision needed resources in your own data center.

Mitigate:

Use tools to help you track changes in your cloud configuration so you can identify new instances and new services. Track utilization numbers and look for opportunities to consolidate. Automate money-saving policies such as shutting servers down at end of day. Learn more in 9 Ways to Get Cloud Costs Under Control.

Risk: Lack of control

Managing cloud resources is complex because there’s a loss of visibility, especially if you use multiple clouds. Until your team develops expertise in the cloud systems, you’ll also find management challenging simply due to lack of experience.

Balance:

Controlling systems in your own data center is challenging, as well. And because the cloud provider handles many of the routine maintenance functions, you’ll have more time to devote to analyzing the data you access.

Mitigate:

Use managed cloud services from CCS Technology Group to add expertise to your team. Our experts can help you select the right cloud, migrate your infrastructure, and provide the support needed to make sure your cloud continues to meet your business needs.

Those are just a few of the risk tradeoffs you’ll want to consider when you’re deciding whether to switch to cloud. Contact CCS Technology Group to learn about other risks and rewards to evaluate and to get help successfully switching to cloud.

5 Benefits of Better Collaboration for Businesses

Who doesn’t want better collaboration? It’s the corporate version of Mom and Apple Pie. Yet, for all of its attractiveness, collaboration has turned out to be harder to achieve than people expect. There are many reasons for this, including cultural obstacles that prevent people from wanting to work together, e.g. in a hyper competitive work environment, people tend to help themselves, not others. Learn more in 5 Risks of Poor Collaboration in the Workplace.

Assuming the will to collaborate is present, the technology has to be available to make it happen. This, too, has proven difficult, though today the corporate world can choose from a rich array of sophisticated collaboration tools. Microsoft Teams, for instance, is powerful because it accommodates different personal work styles while integrating with the universal “productivity infrastructure” of the Microsoft Office system.

If you’re contemplating a program to stimulate better productivity, here are five benefit you’ll realize in the process:

1) Higher profits

Companies that don’t foster strong collaboration experience a host of hidden costs as a result. These may arise from invisible but expensive problems like people sending multiple emails and making phone calls to get a single task accomplished. Every person/minute in your business costs you something. The more time people waste in non-collaborative processes, the higher your costs will be. Collaboration drives productivity, which drives profits.

2) Stronger growth potential

Collaborative organizations move faster than those without. This enables them to take on more work and facilitate revenue growth. A good collaboration culture, backed by the right technologies, can also adapt to new modes of business—enabling agility and strategic advantage.

3) Improved morale and organizational cohesion

People who don’t like their jobs make their feelings known in ways that can be hard to see, but are nonetheless toxic to an effective organization, e.g. passive aggressive slowdowns, counter-productive perfectionism and so forth. This phenomenon can range from simple frustrations about getting work done to outright battles between people who can’t find ways to work together. Collaboration technology will not solve all of these problems, of course, but it can create a digital workspace where people can find ways to cooperate without cramping their individual styles. The results include better moral and organizational cohesion.

4) Better recruitment results

Prospective employees, particularly those from the newer generation entering the workforce, want to work in positive, collaborative environments. This is a digital native generation that is accustomed to mobile chat apps, social networks and the like. The office should be an extension of that experience.

5) Better talent retention

Once hired, people tend to stay in places where they like the work experience. This may seem obvious, but so many companies fail to connect the dots—proclaiming the value of collaboration but failing to deliver it, in tech terms. For some employees, this may be the factor that drives them out the door. A costly, productivity-sapping recruitment process arises as a result.

Learn more in Improving Collaboration With Microsoft Teams.

Interested in Microsoft Teams? Achieve Ultimate Collaboration in Just 2-3 Weeks

Get a head start with the Teams Quick Start Program from CCS Technology. We can get you up and running on the Microsoft Teams platform in 2-3 weeks so you can transform productivity and translate into more effective meetings, greater revenues, and profits. Click here to learn more.

The Importance of Project Cost Management

Project-based businesses need more than basic accounting. The income statement has a section for revenue and a section for costs. This is great for preparing the tax return or reporting to shareholders. If you want to know how much you’re making or losing on projects, you won’t find it in the income statement. You’ll need specialized project accounting software.

Acumatica Cloud ERP can help. It includes Project Accounting Software that integrates with General Ledger, Accounts Payable, Accounts Receivable, Sales Order Management and other business management modules. Project accounting management enables project cost tracking (covering materials, services, labor and inventory items), budget reporting and billing based on specific project, task progress or completion percentage. Users can compare project costs with original and revised budgets while considering all project costs.

Project accounting figured prominently in Acumatica:

  • Split the budget into Revenue Budget, which can be defined by task or task and item, and Cost Budget, which can be linked to a revenue budget line to enable more flexible analyses of project balances and profitability.
  • View and track budget commitments for large projects lasting longer than a couple of weeks. With this functionality, you can monitor potential cost overruns, connected purchase orders, negotiated rates and other information from one location.
  • Bill for time, material and fixed price and manage the billing workflow without configuring the allocator, which makes it easier to bill for simple projects. Users outside the accounting department can review and edit invoices.

Relevant Project Accounting Applications in Acumatica 2019 R2

Acumatica 2019 R2 carries forward a full set of project accounting features. It incorporates useful applications to help businesses analyze and monitor the cost of projects, including:

  • Project Cost Accounting: View all project-related costs and use formulas to allocate shared costs and overhead expenses to specific projects. This is a benefit for marketing, construction, engineering and other project-based businesses.
  • Advanced Billing: Cost plus, fixed price, contract-specific pricing, milestone and time and materials billing can be managed. Resource billing rates can be modified as needed and labor and materials can be billed based on the type of work, the customer or project contract.
  • Time and Expense Management: Timesheets can be entered by employees, contractors and partners from any device or web browser. This improves accuracy and adds convenience to the Project Accounting Software.

Other Benefits of Project Cost Management

Cost tracking, budget reporting and flexible, accurate billing are just a few advantages of using Acumatica for project accounting. Other beneficial functions include:

  • Change Order Control: Make changes to the scope of a project, using all relevant documentation such as revenue/cost budget, class and commitments while defining workflows and approval processes. Audit trails and full visibility ease the release of change orders.
  • Project Quote Management: Improved control and management help simplify project sales and pricing while Acumatica provides support for more complex quote processes. Quotes can be created, updated and linked to CRM within the system.
  • Company-Specific Financial Periods: For organizations that have different fiscal year-end dates, financial periods can be defined at the branch level, especially if related business entities share vendors, employees and stock items.

Acumatica also supports multi-currency project accounting. Project managers and accountants can see actual revenues and costs and calculate profitability using the project currency, while customers can see costs in their native currency. With revenue recognition, billing rules can be defined to identify revenue from completed tasks or a percentage of project completion.

To learn more about Acumatica Project Accounting, contact us for a free product tour or software demo.

Additional Resources

How ERP Software Solves Your Business’s Top Financial Management Challenges

5 Benefits of ERP for Accounting and Financial Management

The Value of Implementing an ERP for Professional Service Organizations

Discover the Dangers of the Dark Web

It’s too late for a Halloween story, but year-round, it’s the things in the dark that scare us. This is true in the online world as much as the real world.

The Dark Web Defined

The web lets us instantaneously access information and resources all around the world by typing a URL into a browser, but there’s a part of the web that’s not easily accessible. URLs that aren’t known to the search engines are called the deep web, and much of that is innocuous, such as pages under development that aren’t yet released to the public. A small corner of the deep web is the more dangerous dark web, where anonymity is preserved and criminality thrives.

The dark web is a vibrant marketplace, filled with stolen data (account numbers, social security numbers, passwords, and other personal information) and tools for hacking. When a data breach occurs, it’s often made possible by malware sold on the dark web, and the stolen data often ends up for sale there, as well. For all the value this data has to its owners, there’s so much of it that it’s cheap for criminals to buy: according to Experian, social security numbers sell for just one dollar.

Dark Web Dangers for Business

As both the source of hacking tools and the destination for stolen data, the dark web is a threat to data security. The dark web is also an inspirational source for criminals. There are those hacking kits that are available, plus guides on how to deploy malware and ransomware, and how to open fraudulent accounts. Wannabe criminals who don’t have their own technical skills can rent a botnet to execute a DDoS attack or buy admin credentials to gain access to a company’s systems.

It can be used in other ways to harm businesses, too. There are sites that aggregate personal information—not just your accounts but also your social media—that can be used to threaten executives.

Learn more in What is the Dark Web and Why Should We Care?

Shine Light into the Dark Web

For businesses to protect themselves against the dark web’s dangers, the first step is to know when the dark web is brushing up against them. Monitoring tools allow companies to detect if any data stolen during a breach has been made available on dark web sites. You can make sure the data is yours through watermarking or fingerprinting.

In addition to monitoring for data from your business, you should also monitor the dark web for references to your business, including names of employees. Monitor for references to specific software and hardware you use, as that chatter can reveal vulnerabilities and potential attacks.

Beyond monitoring, make sure you have a strong cybersecurity process in place. Ensure patches are applied quickly, firewall rules are correct, and consider intrusion detection and data loss prevention software to help prevent theft of data. Make sure your employees are trained to detect phishing emails and to use safe computing practices such as strong passwords.

CCS Technology Group provides security services to help businesses against the dangers of the dark web. Get a dark web scan to learn how to stay safe at Halloween and year round. What you don’t know will hurt you. A Dark Web Scan can uncover if your data is for sale, and tell you if your personal or business data may be at risk.

Additional Cybersecurity Resources

Create An Information Security Culture to Protect Your Data

6 Ways to Keep Your Cloud Secure

The cybersecurity employee training checklist

Choose the Right Backup Strategy to Meet Time and Space Requirements

There are multiple reasons businesses need to backup their data. You need the ability to restore data if it gets lost or corrupted, or if a disaster requires shifting processing to an alternate site. Compliance policies may require retaining copies of data for a lengthy period of time. Analytics projects may need years’ worth of history, and new software projects often require copies of production data for development and testing.

Given all these reasons for making backups, implementing an effective backup process is a critical IT function.

Types of Backups

All critical systems need to be backed up daily, but not every piece of data needs to be backed up every day. There are different kinds of backups that allow the process to run more efficiently.

  • Full backup. Every system needs a full backup to be made at least once. This is a complete copy of the data, and serves as a baseline state for the system.
  • Differential backup. A differential backup includes all the data that changed since the last full backup.
  • Incremental backup. An incremental backup includes only data that changed since the last incremental backup.

Once you’ve made a full backup, you can use either differential or incremental backups to copy only the changed data. This makes the backup process faster and requires less storage space. However, it makes the recovery process longer, as recovering means first restoring the full backup and then applying the changes on top of that.

Creating a synthetic full backup every week or month allows you to use incremental backups and shorten the recovery process. On a regular schedule, the incremental changes are applied to the last full backup. This effectively creates a current full backup that can be restored rapidly.

Backup Capabilities

In addition to the different types of backups described above, there are some backup features that can help speed recovery in specific scenarios.

  • Snapshots. A snapshot is a copy of a dataset at a specific point in time. Unlike backups, snapshots are typically stored on the same device as the original data. This makes them suitable for recovering rapidly, but you can’t recover from them if the device fails.
  • Replication. Replication copies data changes to a second site nearly instantaneously. This allows recovery with almost no downtime if the primary device fails. However, the second site only has the latest copy of the data, so it doesn’t support recovery if data is corrupted or deleted or if an older version is required.
  • Deduplication. Much data is stored in multiple places throughout an organization. Deduplication reduces the size of backups by identifying and reducing this duplicate data. However, recovery times are made longer by the need to reverse this process.

With all these options, choosing an appropriate backup strategy requires careful consideration. Contact CCS Technology Group to develop and implement a backup solution that protects your data and your business.

Additional Backup Resources

Effective Backups Need to Address These Challenges

The Differences Between Backups, Disaster Recovery, and Archiving Matter

Understand the Different Cloud Options for Your Backup and Disaster Recovery Strategy

What is the Dark Web and Why Should We Care?

You’re happily humming along on the internet, thinking you’ve got a pretty good understanding. You can navigate your way around Google, Facebook, Amazon, and news sites. You’re actually only visiting four percent of the internet. There’s a whole world hiding beyond these safe surface-level sites, known as the Dark Web and it’s a much less hospitable place.

What exactly is the Dark Web?

The Dark Web is a conglomeration of websites that cannot be found on search engines or accessed via traditional web browsers because their location and identity is hidden through encryption tools such as TOR. TOR was originally created to protect military communication but now has a much broader utilization for both Dark Web purposes and highly secure communication. You typically have to access Dark Web sites utilizing TOR.

People create sites on the Dark Web in order to hide where they’re operating from, as well as to remain anonymous (TOR hides all IP information, identifying information, as well as data transfers). Over half of the sites on the Dark Web are used for criminal activities.

Why Do People Use the Dark Web?

One of the most prevalent uses of the Dark Web is buying and selling illegal goods, such as recreational drugs, weapons, fake identities, and organs. The proliferation of cryptocurrencies—like Bitcoin—has facilitated these sales. People living within totalitarian societies that restrict communication also take to the Dark Web to share their thoughts freely.

The most dangerous use of the Dark Web for businesses is the exchange of credentials (usernames and passwords) and identities. An individual’s stolen credentials can typically be sold on the Dark Web for as low as $1. Hackers utilize these purchased credentials to:

  • Gain access to important financial information and steal identities (access to a Bank of America account holding $50,000 can be purchased for $500)
  • Access accounts for further phishing attacks
  • Threaten people with exposure of sensitive information (Remember the Ashley Madison hack from a few years back? Those credentials were dumped onto the Dark Web and hackers leveraged them to expose users).
  • Compromise other accounts using the same passwords and perpetuate the sale of personal Information

What can you do about it?

The average citizen will never have a reason to access the Dark Web, but their credentials could easily be floating around, endangering their offline livelihoods. Once your credentials are released on the Dark Web, there is precious little you can do to have them removed. However, you should, at the very least, know when you’ve been compromised so that you can immediately act, like changing your passwords and activating two-factor authentication.

We recommend utilizing a full Dark Web monitoring service that alerts you if credentials appear on the Dark Web. These services constantly scan the Dark Web for your information and alert you whenever something suspicious appears. These alerts don’t necessarily mean a breach has occurred, but they are very good heads up that something bad may be coming. You can then create a plan of attack before any damage is done. Granted, there will be your fair share of false positives, but we firmly believe in operating in the better safe than sorry camp.

How should you get started with Dark Web monitoring?

Our team can run a preliminary scan of your domain revealing the likely breaches in the last 36 months. We’ll then review that report with you and come up with a plan of action to alleviate any major dangers. Click here to request a free dark web scan.

Or learn more in our other article Discover the Dangers of the Dark Web.

Additional Dark Web Resourcs:

What is the Dark Web & How to Access it

Battling the dark WEB

What is the dark web? How to access it and what you’ll find

Dark web data monitoring: 6 questions to ask