SafeWeb Business Support Hub

Take action to minimise data breach impact on your business.

What should you do if you receive a notification that company data is on the dark web?

The dark web activity notification you receive from SafeWeb indicates what type of company data has been found on the dark web.

Here’s everything you need to know about taking action after receiving a data breach notification. Your company has a legal obligation to inform the Information Commissioner’s Office (ICO) within 72 hours of receiving a notification. You must also make sure the data breach details have been communicated to the affected individuals, whether these are employees or clients.

The next steps depend on the type of data that has been exposed. Read on for more guidance on how to deal with the issue and how to prevent it in the future.

Emails

Passwords

Credit cards

Personal records

Social media

What does it mean?

The email addresses exposed on the dark web are at risk of phishing attacks. Phishing is where emails are sent to entice a victim to share sensitive information such as credit card details or download a malicious file that will install viruses on their computer or device.

What to look out for

It is important to be able to identify suspicious-looking emails. Phishing emails often ask you to click on a link where you will be taken to an unsafe website that could download viruses onto your computer which can steal your personal and financial information.

Suspicious emails also tend to share certain features, they:

  • Claim to be from someone official (such as a bank or a known contact).
  • Ask you to respond within a short time frame.
  • Aim to evoke emotion to persuade you to engage with the content.

It’s vital to report suspicious emails to the suspicious email reporting service at the UK Government’s National Cyber Security Center.

Action to take

If your SafeWeb notification reveals that company email addresses have been exposed, you can take the following actions to help protect the affected individuals and your business.

Immediately contact the individuals to whom the data belongs, inform them of the breach, and advise them to:

  1. Change any usernames for accounts where this email address is being used.
  2. Never give any personal or sensitive information over email.
  3. Only open files sent by email if they are confident they are from a trusted source.
Prevention

To reduce the likelihood of further incidents involving business-related email addresses exposed on the dark web, all team members should follow basic IT security measures. These include the following actions:

  • Be alert to suspicious emails: never give any personal or sensitive information over email and do not open files sent by email unless you are confident they are from a trusted source.
  • Be cautious when using public wifi as these networks may not be secure.
  • Update software and apps regularly.
  • Consider using a trusted VPN.
What does it mean?

Your company probably uses a whole host of passwords every day. Keeping them secure is vital for ensuring all employees and colleagues stay safe online.

Cybercriminals can use passwords to hack into personal or business accounts. The risk of identity fraud increases when a password is exposed on the dark web alongside the account username or email address. This can cause a range of issues for a company.

Hackers may target email or social media contacts with phishing messages. If the recipient believes the communication is from a trusted source, they are more likely to engage with the content. They may enter financial information or click on a link that results in viruses being downloaded onto their computer to steal personal and financial information.

Alternatively, they may used breached passwords to access online banking and steal money through illegal financial transactions or hack other types of online accounts containing valuable personal data.

What to look out for

It is vital to monitor and identify any irregular activity in your financial accounts such as bank accounts, investments and pensions. Pay close attention to business accounts and encourage employees to keep an eye on their personal accounts, too.

In either case, always report any unusual activity to the website or financial provider in question immediately. If passwords for email or social media accounts have been targeted, contacts may alert you to unusual communication from your account.

Action to take

If your Dark Web Activity Notification reveals compromised passwords, protect your company by immediately contacting the individuals to whom the data belongs. Advise them to:

  1. Change their password on any websites or apps that use the breached password.
  2. Ensure new the new password is strong. Choose one that is long, contains a mixture of upper and lower-case letters, numbers and symbols, and does not contain easily-identifiable personal information.
  3. Use a password manager to generate unique passwords for websites;
  4. Set up 2FA identification, if this is an option.
Prevention

The most common ways for hackers to obtain passwords is through stealing passwords from your clipboard, copying your keystrokes or saving the title of your window as you are typing.

Some hackers are able to disable your antivirus software whilst doing this.

To reduce the likelihood of further incidents involving passwords being exposed on the dark web, encourage all company employees to:

  • Regularly change account passwords.
  • Use strong, unique passwords that do not contain easily-identifiable personal information.
  • Use a password manager where possible.
  • Never write passwords down or share them with anyone.
  • Use 2FA identification where possible.
  • Be cautious when using public wifi as these networks may not be secure.
  • Update software and apps regularly.
  • Consider using a trusted VPN.
What does it mean?

It may be difficult for cybercriminals to use a stolen credit card number without other personal data (such as the card’s CCV number) but they can use the breached information to send a convincing phishing email to employees, clients, or other contacts.

Phishing emails usually impersonate official communication from a bank or credit card provider and ask the recipient to click on a link to an unsafe website. Here, the malicious website will download a virus in order to steal personal information from a computer or device.

It’s possible to purchase a set of complete payment data, (including a card’s CCV number) on the dark web for as little as $270. Once obtained, this financial information can be used to make fraudulent purchases.

What to look out for

It is vital to monitor and identify any irregular activity on credit card accounrs and report any unusual activity to the relevant financial provider immediately.

Keep an eye out for suspicious-looking emails, too. A cybercriminal with access to card information may target you or your employees with sophisticated phishing emails. They’ll claim to be your credit card provider and will try and get your complete financial information.

Report questionable emails to the suspicious email reporting service.

Action to take

If your Dark Web Activity data breach notification reveals that personal or company credit card details have been exposed, take the following actions to help protect your business. Immediately contact the individuals to whom the data belongs and advise them to:

  • Contact their bank or credit card company for a replacement card.
  • Monitor their account activity closely.
  • Report any suspicious activity to their bank or credit card company immediately
Prevention

Credit card details and sets of payment data are often sourced by cybercriminals using hacking techniques such as:

  • Phishing – where an individual inputs their financial data into a fraudulent form as part of an unsolicited email.
  • Malware – where an individual is tricked into downloading a program containing a virus that will then steal an individual’s personal data from their computer or device.
  • Skimming – where a device is placed on a card reader and steals credit card information when the card is swiped.

To reduce the likelihood of further incidents involving exposed credit card information, ensure everyone in your company:

  • Is alert to suspicious emails and never hands out sensitive information over email.
  • Never opens files sent via email unless they are from a trusted source.
  • Stays cautious when using public wifi networks.
  • Regularly updates apps and software.
  • Protects any hard copies of personal information. This may include shredding documents, using a locked postbox, and opting for paperless reporting.

You may also wish to encourage your company members to use a trusted VPN.

What does it mean?

Personal records can include:

  • Names, addresses, and phone numbers
  • Mothers’ maiden names
  • Driving license and passport details

Cybercriminals can use this personal data to commit identity fraud by hacking into online accounts or to produce targeted phishing scams. If several items of personal information have been exposed, the more sophisticated the phishing scam is likely to be.

Hackers may target the company members or clients, suppliers, and other contacts.

What to look out for

It is possible for cybercriminals to gain access to your company’s online accounts using personal data.

As such, it’s important to monitor and identify any irregular activity in your business’s financial accounts — such as bank accounts, investments and pensions. Report unusual activity to the financial provider immediately.

The exposure of phone numbers may result in phishing phone calls or text messages. These involve unexpected calls or messages from somebody claiming to be from a trusted institution (such as your bank, local council or some other organisation you trust). They’ll ask directly for sensitive information or ask you to click a link to an unsafe website that can download viruses onto your device. These viruses steal your information.

Action to take

If your SafeWeb notification reveals breached personal records, take the following actions to protect your business and the affected individuals. Firstly, contact the affected individuals immediately and advise them to:

  1. Monitor their financial account closely and report any unrecognised activity they to their bank.
  2. Never give out any personal or financial information over the telephone.
  3. Report any suspicious calls to their telephone provider and consider removing their number from the national directory.
  4. Apply for a replacement passport or driving licence if these numbers were exposed.
Prevention

To reduce the likelihood of further incidents involving personal records being exposed on the dark web, encourage all company members to:

  • Improve the security of online accounts by updating apps and software regularly, and using 2-factor authentication wherever possible.
  • Removing mail from their letterbox immediately or getting a locked mailbox.
  • Shredding any papers or letters that include personal information — it’s a good idea to opt for paperless delivery when possible.
What does it mean?

Chances are, your employees and colleagues use some form of social media. Unfortunately, cybercriminals can use social account information to gain access to access accounts and perform phishing scams. They may persuade business contacts to share sensitive information or download malware.

Because contacts will assume the messages are from your business or their friends, they are more likely to respond or open malicious files. Social media breaches can have disastrous consequences for your company’s reputation.

What to look out for

It is vital to monitor and identify any irregular social media activity. This may include the inability to log in and seeing posts or messages you didn’t write. A contact may get in touch to alert you if they receive unusual communication from your account.

Action to take

If your Dark Web Activity Notification reveals that social account information has been exposed, take the following actions to help protect the affected individuals and your business. Immediately contact the individuals to whom the data belongs and advise them to:

  1. Change their password to one that is strong. It should contain a mixture of upper and lower-case letters, numbers and symbols. It shouldn’t contain any personal information that can be easily guessed.
  2. Monitor their social media account closely and report any unusual activity to the host website.
  3. If the breached social media password is used on other accounts, change those, too.
Prevention

The most common way for hackers to obtain social account information such as passwords is through stealing this information whilst you are online. They can often disable antivirus software while they do so.

To prevent social media breaches in the future, make sure all employees:

  • Regularly change their account passwords.
  • Use strong, unique passwords that don’t contain easily-identifiable personal information
  • Use a password manager where possible.
  • Never write passwords down or share them with other people.
  • Use 2FA where possible.
  • Remain cautious if using public wifi — public networks are not always secure.
  • Update software and apps regularly.
  • Consider using a trusted VPN.

Register your interest for SafeWeb Personal today.

Register your interest for SafeWeb Personal today.

Enter your email address to take action.