Exposing the Dark Web & Keeping Your Business Protected


The dark web is a popular topic at the moment, especially with the rise in speculation amongst cybersecurity specialists about the future of the dark marketplaces. Nevertheless, it’s also important to remember that criminal activity isn’t limited to just the dark web; it’s an internet-wide problem. As the years continue, cybercrime analysts are expecting upticks in malicious activity on the open web too. But before we get into details, let’s take a quick topographical view of the internet.


What is the “Dark Web”?

Most of us think of the “surface” or “open” web when discussing the internet. This is the layer of the internet that is indexed by search engine browsers (i.e. Google, Firefox, Internet Explorer). However, this portion of the web accounts for only a microscopic amount of the activity online.

The next layer of activity happens on the huge level called the “deep web”, where databases of “secure” information like financial records, medical records, and government resources are accessible through client portals or gateways. It’s these accounts that are all too often breached, and there’s plenty of material to access, with the deep web existing as an estimated 40-500 times larger than the surface-level web we so commonly use.

The final section of the internet is called the “dark web”. These are the websites that are purposefully concealed from the rest of the internet, and are usually only accessible through particular web browsers like Tor. This is where most of the heavy-duty criminal activity happens, amongst a large underground economy consisting of illegal goods, compromised data, malicious software and cybercrime tools, as well as information for executing successful cyber attacks.


Why Can’t We Just Delete the Dark Web?

So why not just wipe out the dark web completely, you ask? Well, it’s important to realize there are legitimate reasons for using the dark web as well. For instance, citizens under oppressive regimes use the dark web to access information that is freely available to others, and journalists and whistleblowers are able to communicate privately with anonymous sources.

Even though the dark web isn’t the only spot for illegal, online trade, it’s valuable to understand how cybercriminals do what they do. Law enforcement uses this intelligence to successfully bring down the dark web markets and create a rippling effect of fear and mistrust. Unfortunately, cybercriminals are utilizing alternative methods to conduct business as a result. Many of them are mainstream communication paths like Jabber and Skype, along with forums dedicated to hacking and code repositories.


How to Plan for Cybercrime as a Business

Although it may be tempting for business owners to take it upon themselves to determine the extent of their information exposed and seek retribution, engaging in such activity can be more of a risk. It’s better to plan for data breaches using threat modeling, and leave the rest up to cybersecurity professionals.

Cybersecurity Threat Modeling is an iterative process that needs to be updated whenever there are substantial changes to either assets or threats. Typically, the process consists of:


1. Define your business assets – Critical business processes, high-value systems, intellectual property, etc.

2. Identify which systems hold the assets – Databases, servers, email, calendars, network, CRMs (Custom Relationship Management software), and more.

3. Create a security list for each system – Includes which security controls are currently used to protect those systems in step #2 (i.e. enterprise-grade firewalls, solid endpoint detection and response systems, or the best antivirus). List any known vulnerabilities that are present as well.

4. Identify any potential threats – Hacktivists, cybercriminals, the competition, disgruntled employees, customer theft, etc.

5. Prioritize the potential threats and take proactive action to lower the risks – Consider any past data breaches, as well as internal risk concerns, and attempt to foresee what the organizational impact of particular threats could be. How would you react to a breach with each potential threat? What would be the best way to mitigate these risks right now?

With a threat model in place, you can match the highest severity risks to appropriate tactics, techniques, and procedures. By establishing these threat profiles in your business, it helps CEOs to understand where their computer security is lacking and how the improvements need to be made. As a result, threats are mitigated with a stronger defense.


If you’re a business owner who is concerned about the state of your technology’s security and how your business would survive a devastating cyber attack, contact us at (860) 785-6233. Encompass IT Solutions provides in-depth Cybersecurity Risk Assessments that identify and mitigate cybersecurity threats for your computers and network infrastructure.


4 Technology Issues That Law Firms Trip Over

It’s already a handful to manage your legal practice without technology issues causing roadblocks in the day-to-day operations. When an issue with your office’s computers or servers does pop up, it produces a frustrating experience for both attorneys and employees alike.

Here are our top 4 common technology issues that we’ve seen small business trip over more than they should:


1) Data Leaks and Security Holes:

When considering the ever-increasing number of law firms handling valuable client data, many attorneys tend to slip into a false sense of security by assuming that they will be overlooked because of their small size. As a result, your law firm may have substandard or completely outdated security solutions and procedures that are simply not adequate to protect your client’s data. Leaving your law firm vulnerable can damage your reputation and, by extension, the business itself. It is a disaster waiting to happen, not to mention the downtime it will cost you. After all, if you were doing business with another attorney and their lax security allowed your credit card information or legal documents to be compromised, would you want to continue doing using them?

The truth is that small business is big business to hackers. In fact, the Small Business Committee states that “nearly 60% of small companies go out of business following a hack and 71% of all cyber assaults occur at businesses with under 100 employees”, which includes law firms.

Easy Fixes: Have the proper antivirus in place, update your operating system often, make sure your enterprise-grade firewall license is up-to-date, and follow PCI Compliance if you accept credit cards. There’s a lot more that goes into having the proper cybersecurity, so ask your IT firm to provide a full cybersecurity audit or an onsite vulnerability inspection for your law office.


2) No Backup

It’s incredible how many attorneys don’t think about their data and it’s storage. Stop and think about your law firm right now. If all of your data was deleted from your computers or servers 5 minutes ago, would you be able to start over?

According to Forbes, “more than 40% of businesses never reopen after a disaster, and for those that do, only 29% were still operating after two years. And guess what likely becomes of those that lost their information technology for nine days or more after a disaster? Bankruptcy within a year.”

While data loss can easily be avoided with the right solutions, too many law firms either find it an unnecessary expense or simply aren’t as diligent with their backup as they need to be. The best solutions are those that take incremental snapshots of the data every few minutes and store the data off-site, preferably in a secure cloud environment.

Also, an unmanaged, unmonitored backup is about as good as having no backup solution at all. If it’s not being maintained or tested, you have no idea if it’s even doing its job. Here at Encompass IT, we’ve met with many an attorney who 100% believes that their backup is working, only to find out upon inspection, that it’s not backing up to the right place or was never set up properly at the start.

Easy Fixes: Get a properly managed cloud backup solution, with quality checks and disaster simulation exercises. If you’re positive that your backup solution is working, have your trusted IT professionals check to make sure it’s set up and working correctly.


3) Inadequate Hardware and Software:

Most law firms believe that it only makes sense to delay buying new hardware and software until they absolutely need it. However, this risky strategy will most likely end up costing you more in the long run. Why? Well, as computers and servers age, not only is it harder to repair old hardware, but the components become harder to find and go up in price, following the simple economic laws of supply and demand.

From a cybersecurity standpoint, it also becomes extremely dangerous to neglect updating software/operating systems, since developers patch up vulnerabilities and glitches.

Also, it may become drastically more difficult to move data from an ancient version of an application or database that is several iterations behind, even if the software developers provide tools and instructions.

Easy Fixes: Replace computers every 3-5 years and replace your server every 4-6 years. Update your operating system and software applications as often as you can.


4) Insufficient IT Support:

Think about how many staff members you currently have as an IT resource in your law firm. More than likely, your average employee or paralegal isn’t equipped to troubleshoot company-wide email outages or properly service the technology equipment in your office. Your current in-house resources probably aren’t enough to provide your computers and servers the care they need to drive your law firm onward. So what do you do?

Instead of hiring an in-house IT guy and starting your own IT department, there may be a better, more cost-effective solution; a managed IT service provider. A solid MSP will ensure that your infrastructure and software solutions are optimized for your specific law office, as well as maintain security and backup solutions. They will also be there to answer any employee questions or troubleshoot those computer issues that crop up and devour your time.

If you don’t currently have an MSP to assist you with these four common technology issues that trip up many law firms, the Encompass IT team can be that MSP for you.

Give us a call at 860-785-6233 for a free IT inspection of your current IT setup and see if a Managed Service IT Provider (MSP) makes sense for you.