The Dark Web? Why Small Businesses Should Concern Themselves With the Threat.

Part of the problem starts with the fact that organizations simply don't know there is a black market for the buying and selling of stolen goods.

learn more about Jim Anderson

By Jim Anderson

PeopleImages | Getty Images

Opinions expressed by Entrepreneur contributors are their own.

In the wake of the big corporate data breaches and social media scandals being reported, small businesses across multiple industries are concerned they may be next on a hacker's hit list. But lacking the cash and resources needed to maintain a robust IT department, 54 percent of U.S. small businesses, a Ponemon Institute report revealed, experienced a data breach in 2017.

Related: U.S. Shuts Down Huge Online Dark Web Market, AlphaBay

Not prioritizing -- or simply ignoring -- cybersecurity is no longer an option for small businesses. All it takes is one attack to wipe out an organization's financials and force its owners to shutter for good.That's why many companies have already begun taking the necessary steps to protect themselves from direct cyber threats that could impact their business.

But when that protection isn't in place, what happens to the data that is stolen in a successful breach? While small businesses are aware of the dangers posed by phishing schemes and network probes, many are overlooking an equally dangerous threat that lurks out of sight: the dark web.

Demystifying the invisible part of the web and why small businesses should care

Unlike most places on the internet, the dark web is difficult to access because it lives on a part of the web that isn't indexed and cannot be crawled by search engines.

While such anonymity is not considered illegal, it has turned the dark web into a hotbed of criminal activity. Because thieves can mask their true location and identity, thieves have leveraged the dark web to buy and sell valuable data, like personally identifiable information stolen from private citizens. A $50,000 bank account, for example, could sell for as little as $500; one Experian report found that social security numbers can go for less than $5, while a driver's license costs $20. You could think of all this as the Digital Black Market.

Related: Crime-as-a-Service Could Be the Next Big Threat to Your Business

That brings us back to small businesses. For these businesses in particular, the dark web is a cause for concern for three reasons:

Not everyone knows it exists. Part of the problem starts with the fact that organizations simply don't know there is a black market for the buying and selling of stolen goods. A data report by my company, Switchfast, found that 26 percent of small business employees don't even know what the dark web is, let alone the role it plays in exacerbating data breaches. Even worse, some small businesses might not even be aware they've been compromised until after their data has been bought and used by someone else.

Sensitive information is up for grabs. In addition to stealing company-trade secrets, hackers are also looking for data like customer data to resell on the black market. The exposure of information like credit card numbers can put customers at risk of identity theft and lead to repercussions like future lawsuits and loss of consumer trust.

It's not easy to access -- or search. Even if small business employees know what the dark web is, accessing and navigating the internet's underbelly is no simple task. Once you've connected to it, you'll find that the dark web is messy and volatile, with websites constantly changing addresses to avoid becoming the victim of widespread malware. For small businesses, trying to manually search the dark web for stolen information can expose them to even greater threats.

How organizations can address the threat of the dark web before it's too late

As long as there is a demand for stolen goods on the dark web, cybercriminals will continue launching attacks against small businesses for data that will return a profit on the black market. Luckily, small businesses don't have to wait for their sensitive information to pop up on the dark web in order to act. From educating employees on good cyber hygiene habits to employing malware detection software, small businesses can make moves to push back against the threat of the dark web:

Deploy dark web monitoring and response tools. Whenever an organization is breached, there's a very real possibility the stolen information will find its way on to the black market. Small businesses should utilize dark-web monitoring tools to alert companies when any activity associated with sensitive information is detected on the dark web.

By using these tools, companies can choose what identifiable information to monitor and receive timely notifications when that data is discovered on marketplaces, bins and dump sites. This can help alert these businesses to breaches they may not even be aware of and shorten disaster recovery-response times to mitigate further damage.

Eliminate vulnerabilities through training and security exercises. A separate survey by Lastline revealed that 84 percent of employees polled who said their company had experienced a cyber attack attributed at least part of that event to human error. Poor employee habits, such as recycling the same password for multiple accounts, can compromise a small business's cybersecurity measures and make it easier for hackers to breach company servers.

Instead, companies should implement regular training and security exercises. That way, they can reinforce security best practices among employees who might not even know how to approach or respond to a threat. Our report found that 35 percent of employees surveyed didn't even know if their organization had an incident-response plan in place, while 65 percent had never received a phishing test during their tenure.

Related: Startup Looks to Connect Breached Data With Those Facing Likely Fraud

Today, every business is a potential target for cybercriminals -- but not every business is prepared to deal with the threat of the dark web. As small businesses develop robust cybersecurity programs, they also need to keep a close eye on the dark web to mitigate the risk of becoming the next victim of fraud.

Jim Anderson

CEO, Switchfast Technologies

Jim Anderson joined Switchfast Technologies as CFO in 2005, and became the company’s CEO in 2010. He helped grow the company through eight consecutive years, 2007-2014, on the Inc. 5000 list of America’s Fastest-Growing Companies. Anderson led the company’s implementation of the EOS system. Before joining Switchfast, he worked at General Electric, holding various finance leadership roles covering the areas of controllership, commercial financial analysis and manufacturing finance. 

Related Topics

Editor's Pick

Everyone Wants to Get Close to Their Favorite Artist. Here's the Technology Making It a Reality — But Better.
The Highest-Paid, Highest-Profile People in Every Field Know This Communication Strategy
After Early Rejection From Publishers, This Author Self-Published Her Book and Sold More Than 500,000 Copies. Here's How She Did It.
Having Trouble Speaking Up in Meetings? Try This Strategy.
He Names Brands for Amazon, Meta and Forever 21, and Says This Is the Big Blank Space in the Naming Game
Business News

These Are the Most and Least Affordable Places to Retire in The U.S.

The Northeast and West Coast are the least affordable, while areas in the Mountain State region tend to be ideal for retirees on a budget.

Starting a Business

Shopify's President Breaks Down the Best Ways to Grow Your Ecommerce Business

Entrepreneur magazine Editor in Chief Jason Feifer and Shopify President Harley Finkelstein discuss the best strategies to grow an ecommerce business.


Everything You Need to Know About Franchise Law

Franchising is a legal agreement between a franchisor and a franchisee — and with that comes a set of regulations you must follow.


The Top 2% Swear By This Negotiation Tactic Most People Overlook

One of the most powerful negotiating skills you can possess is seeing the situation from the other person's point of view and then separating the positions from the problems.