My Information’s on the Dark Web; now how to I fix it?! (DarkWeb Part 2)

If you didn’t read our last blog “There’s a Dark Web out there!”, I suggest you read it first. Just like an enjoyable book series, these make more sense when read in order. Nearly 1 in 5 small businesses experience a cyber-attack or data breach during their lifetime. In 2019, there was a record year for data breaches, with over 3,800 occurring in just the first six months, leaving over 4.1 billion records exposed, according to Norton.com.

On the Dark Web, anything is available for a price. It’s scary how cheap a driver’s license, social security, or passport number go for on the Dark Web. A person can purchase a credit card number for a little as $5. I’m not sure about you, but my credit card is worth a lot more than $5!

So, if your information was one of the 4 billion records left exposed, how do you prevent your information being sold?

1. Contact your IT Professional.

We have tools to make sure your network is protected. We can monitor your network for unauthorized connections, for keylogging or other malware. We can make sure your backups are up-to-date and functional. Your IT Professional is your secret weapon against the Dark Web!

2. Change your password, and if you use the same password in multiple places, then change all of them.

We have a client that their credentials were compromised, and she informed me that “my password is so unusual, that no one would ever guess it, and I use it everywhere”. Let’s face some hard truths.

• It is not a person sitting at their computer trying to use your credentials and “Hack” into your account. If they have your email address, they have programs that try thousands of passwords against your email/username to see if one works. At the same time, their computers are trying thousands of sites.
• Chances are that they did not “crack” your password. Most likely, the password was stolen from another website during a data breach. For example, your local favorite coffee shop has a customer reward program. You buy coffee on a regular basis there, using the same work email and password that you use everywhere. The coffee shop owner’s computer is compromised because who would hack into a small business computer? They don’t need security! All their customers’ names, emails and passwords were stolen. Now the hacker has something of value to sell on the DarkWeb, and bingo! Your company info and that “so unusual password that no one would ever guess” is for sale at $2. Because you use it everywhere, now the buyers (yes, I said buyers, but it’s digital info no limit to how many people can purchase it!) can use it against thousands of websites to see which one’s work.

3. Create complex, long passwords using these tips.

• Long passwords are harder to ‘crack’ if they don’t have the password already.
• A password should have both upper and lower case letters, but it doesn’t have to follow ‘English’ rules. Don’t just capitalize the first letter and call it good. Break those rules and start with lower case and throw the upper case in somewhere else.
• It needs some numbers as well as letters. The easy and most common way to do this is to add numbers to the end. When it comes to your passwords, it easy gets you hacked!
• Uses special characters, but again break those rules and add it anywhere, not just at the end.
• Create a unique password for each website you use.
• Don’t write down your passwords.

Ok, so I know you’re ready to yell at me for those last 2 points.  We have heard all the arguments and excuses. “I can’t remember all these passwords”. “There are too many of them!” “I am constantly having to change them, there’s no way I can remember new ones”.  Let me give you one final hint…this is the Daddy of all password hints!  Ready for it! Have a System!

(This is an example; don’t get excited that you can hack me! LOL)

Example 1:

1. Something I like – Chocolate Chip Oatmeal cookies
2. The current month & year – 11 / 2020
3. The website I am logging into – Amazon
4. Amazon Password: ccOMc112@2@Smile
5. Chase bank would be ccOMc112@2@Chase
6. Your gym membership would be ccOMc112@2@fit

Example 2:

1. Favorite Car: Cobra
2. Current Month & year: 11 / 2020
3. Website I am logging into – Chase Bank
4. Chase Password: Chase2011Sn@ke
5. Amazon: Amazon2011Sn@ke
6. Gym membership: Gym2011Sn@ke

It doesn’t matter what YOUR system is…but find a common system, unique to YOU and use it!

I know…I know…you have a new argument for this suggestion – “You expect me to remember when I set up the account or change the password last to remember what month or even year I used??”  Yes, and No! I want you to get into the habit that when you log into an account with a previous month or year still in the password, that you change the password. That’s right, change your password every 30-45 days!

Just yesterday, a client had to send me a new password for their email…it was their only grandchild’s name followed by 123 and an exclamation point. Now using the chart below, it’s a 12-character password using numbers, upper & lowercase letters, and a symbol, so that’s great, right?! It would take 400 years for the computer to break it…or 30 seconds on Grandma’s social media covered in hundreds of photos of her grandbaby.

The DarkWeb is a scary place. You likely avoid walking down dark alleys alone at night, so let us help you avoid the DarkWeb. Now is a good time to protect your network and identity.