Google search results about you are scarier than the dark web

The first page of Google search results about you is a lot scarier than the dark web. But news organizations and some security vendors love to scare people about the dark web, so I thought I’d offer some thoughts on that topic to set the record straight.

The truth is the average person’s dark web exposure is… well… pretty mundane. Here are three facts for non-security execs about the dark web:

You are not to blame for your data being on the dark web.
It is not your fault because 99.9% of your data on the dark web originated from organizations you patronize that were successfully hacked by bad people (e.g., LinkedIn, US Government, Change Healthcare).
You can’t remove data exposed on the dark web — it’s there forever — but I will post the best practices for how to deal with it below.
(Ok, I guess I had four… A bonus!) The most dangerous thing on the dark web for most people are exposed cleartext passwords (human readable a.k.a. not encrypted) because these can be used to try and log into sites as you!

So what do you do?

1. Make sure your credit is frozen at all six credit bureaus. This prevents bad people from signing up for credit as you if your SSN is exposed.

I know what you are thinking… There are three credit bureaus, not six… But in fact, there are six… The other three provide credit information for Telecoms and personal checking.

TransUnion: https://www.transunion.com/credit-freeze
Experian: https://www.experian.com/help/credit-freeze/
Equifax: https://www.equifax.com/personal/credit-report-services/credit-freeze/
NCTUE: https://nctue.com/consumer/
ChexSystems: https://www.chexsystems.com/security-freeze/place-freeze
Innovis: https://www.innovis.com/personal/securityFreeze

2. Get yourself access to a dark web monitoring tool. Most password managers have this baked into their experience these days. If you have any passwords that are flagged as weak or exposed, make sure you change those.

I’m not going to talk about password hygiene in this post. If you are reading this, you have surely already heard that enough, and you already know what you are supposed to do and not do… My advice here is primarily about making sure you know what’s already exposed and stop using that password now (like right now –Go do it if you are unsure).

3. Sign up at e-verify.gov for their Self Lock feature to help protect against employment-related identity fraud, which data in some data breaches can fuel.

Learn more here: https://www.e-verify.gov/employees/employee-self-services/mye-verify/self-lock

If you want to learn more about the dark web in general, here is an easy-to-digest write-up by Windscribe. Note they sell security solutions — I am not recommending their solutions, but the write-up is good: https://windscribe.com/blog/what-is-the-dark-web/

Written by Matt Polak, CEO of Picnic

About Picnic

Picnic’s Privacy as a Managed Service for the Enterprise protects those executives, employees, and contractors that threat actors will consider high-value targets of social engineering attacks. Picnic uses its proprietary technology to identify and analyze human risk and deliver prioritized remediations proactively and continuously without any effort on the part of the customer.