The fallacy of dark-web monitoring
Lately I have been hearing and seeing a lot of advertising about dark-web monitoring services. These ads talk about how dangerous a place the internet is and will have you believe that all of your personal and sensitive information is out there in the hands of criminals just waiting to be exploited and of course they finish up by telling that for just a few dollars per month they can monitor such things for you and protect your data.
It is true that successful phishing attempts will almost certainly result in your data being sold at auction on the dark web but it does not follow that so-called dark-web monitoring is going to be in any way useful to you. I’ll explain why in a minute but first I want to remind you that there are a few steps that you should take to protect your data in the first place:
- Make sure you use good passwords
- Enable Multi-Factor Authentication (MFA) for all of your accounts
- Train your staff. Almost all password compromises are the direct result of a staff member falling victim to a scam email. If you’ve got some staff who are not ‘I.T. savvy’ do not let them have access to sensitive passwords and provide them with extra training.
- Install (and maintain) reputable anti-malware software.
Why Dark Web monitoring is a waste of time and money
The ‘Dark Web’ is just a term given to the collection of web-sites that are purposely difficult to gain access to or work out the people and organisations running them. What is the Dark Web?
Sites on the dark web are typically used for illegal activities where the operators and users wish to remain anonymous, sites range from relatively mundane things like password auctions right through to the worst that humanity has to offer, use your imagination for this bit.
Because these sites are purposely setup to restrict access to the general public the only way these dark-web monitoring services can operate is to infiltrate these sites in order to monitor them. The trouble is, it is simply not possible to monitor all of them, it’s not even possible to assemble a list of every dark website because the very nature of them is to remain secretive. Be wary of any company who tries to sell you a dark-web monitoring service because at best all they can do is to monitor SOME dark websites, not all.