03.2024 Life Guide
Don't be a "dark web" novice
Far Eastern New Century Corporation / Jian Junru
 At the beginning of 2024, there was the first security incident in Taiwan where hackers hijacked the official website of the publicly quoted entity after stealing data. Hon Hai's leading semiconductor equipment manufacturer, Jingding Precision Technology, has been threatened to disclose up to 5TB of internal sensitive information on the dark web if ransom is not paid, which may lead to customer loss and employee unemployment. This incident has shocked various sectors and highlighted that the dark web is not just an area of concern for information security experts. If data protection is improper, it will pose a threat to enterprises, employees, and even families.
 What is a dark web?
The websites that ordinary people usually browse are actually just the tip of the iceberg in the online world, and there are many websites that cannot be found through common search engines such as Google or Bing, such as private databases, academic research materials, or other authorized web pages, which belong to the deep web, commonly known as the "deep web"; At the deepest part of the deep network, there exists an underground network that must be accessed through a special anonymous browser (such as the onion router Tor), commonly known as the "dark web". If general users do not have professional security technology, they should not try it easily.
Improper data protection can lead to unimaginable consequences
Hackers are commonly used in the dark web to sell or publicly disclose sensitive information for free. Recently, some people have been selling employee accounts, passwords, or login credentials on the dark web. Those with intentions can obtain customer information, business secrets, and other information of the enterprise through transactions, and threaten owners to pay high ransom based on this.
In addition, some malicious individuals with malicious intentions but lacking information technology may also obtain phishing attack software through the dark web at a lower cost. If employees accidentally click on phishing emails containing viruses or use weak passwords to mix public and private accounts, hackers can easily invade the internal network, steal company confidential information, and in severe cases, may cause business interruption, damage to reputation, and even bear legal responsibility.
Methods to avoid exposing confidential information of enterprises on the dark web
Enterprises must implement the following three information security measures to ensure data security:
1. Strengthen the implementation of information security education and training: increase the alertness of colleagues, avoid clicking on phishing emails, or entering personal accounts and passwords on counterfeit websites.
2. Strengthen password settings: Employees holding highly sensitive information should adopt a multi factor verification mechanism to enhance account security.
3. Identify core sensitive data: Classify the data into tags and implement encryption, access control, masking and other protection mechanisms based on sensitivity. Please refer to the Guidelines for Information Security Control of Listed and OTC Companies Article 19: "Establish appropriate protective measures for the processing and storage of sensitive data, such as physical isolation, dedicated computer operating environment, access permissions, data encryption, transmission encryption, data masking, personnel management, and processing standards." Through a series of measures, enhance information security protection.
Establishing Digital Resilience with ISO 22301
In a challenging digital environment, enterprises not only need to enhance their information security capabilities, but also strengthen their digital resilience. Shanghai Yuanzi Information Company, responsible for supporting the operation of Far Eastern Group's new overseas system, passed ISO 22301 in December 2023 and developed a risk management plan to enhance its ability to respond to unexpected events and maintain its competitiveness.
Has your information been leaked?
Faced with increasingly complex security challenges, not only enterprises need to strengthen security control, but individuals should also remain vigilant and take effective protective measures at all times. Although it is not recommended for the general public to easily try to access the dark web, Google One's dark web reporting function can still be used to check whether personal information has flowed into the dark web. Free Gmail users can check once for free, while subscription members of Google One can use their personal Gmail account, phone number, and other information to continuously monitor and scan the dark web to understand information security status. Welcome to make more use of it.
*Image source: freepik
#
 What is a dark web?
The websites that ordinary people usually browse are actually just the tip of the iceberg in the online world, and there are many websites that cannot be found through common search engines such as Google or Bing, such as private databases, academic research materials, or other authorized web pages, which belong to the deep web, commonly known as the "deep web"; At the deepest part of the deep network, there exists an underground network that must be accessed through a special anonymous browser (such as the onion router Tor), commonly known as the "dark web". If general users do not have professional security technology, they should not try it easily.
Improper data protection can lead to unimaginable consequences
Hackers are commonly used in the dark web to sell or publicly disclose sensitive information for free. Recently, some people have been selling employee accounts, passwords, or login credentials on the dark web. Those with intentions can obtain customer information, business secrets, and other information of the enterprise through transactions, and threaten owners to pay high ransom based on this.
In addition, some malicious individuals with malicious intentions but lacking information technology may also obtain phishing attack software through the dark web at a lower cost. If employees accidentally click on phishing emails containing viruses or use weak passwords to mix public and private accounts, hackers can easily invade the internal network, steal company confidential information, and in severe cases, may cause business interruption, damage to reputation, and even bear legal responsibility.
Methods to avoid exposing confidential information of enterprises on the dark web
Enterprises must implement the following three information security measures to ensure data security:
1. Strengthen the implementation of information security education and training: increase the alertness of colleagues, avoid clicking on phishing emails, or entering personal accounts and passwords on counterfeit websites.
2. Strengthen password settings: Employees holding highly sensitive information should adopt a multi factor verification mechanism to enhance account security.
3. Identify core sensitive data: Classify the data into tags and implement encryption, access control, masking and other protection mechanisms based on sensitivity. Please refer to the Guidelines for Information Security Control of Listed and OTC Companies Article 19: "Establish appropriate protective measures for the processing and storage of sensitive data, such as physical isolation, dedicated computer operating environment, access permissions, data encryption, transmission encryption, data masking, personnel management, and processing standards." Through a series of measures, enhance information security protection.
Establishing Digital Resilience with ISO 22301
In a challenging digital environment, enterprises not only need to enhance their information security capabilities, but also strengthen their digital resilience. Shanghai Yuanzi Information Company, responsible for supporting the operation of Far Eastern Group's new overseas system, passed ISO 22301 in December 2023 and developed a risk management plan to enhance its ability to respond to unexpected events and maintain its competitiveness.
Has your information been leaked?
Faced with increasingly complex security challenges, not only enterprises need to strengthen security control, but individuals should also remain vigilant and take effective protective measures at all times. Although it is not recommended for the general public to easily try to access the dark web, Google One's dark web reporting function can still be used to check whether personal information has flowed into the dark web. Free Gmail users can check once for free, while subscription members of Google One can use their personal Gmail account, phone number, and other information to continuously monitor and scan the dark web to understand information security status. Welcome to make more use of it.
*Image source: freepik
#