So your personal data is on the dark web. Now what?

While the thought of having your personal information on the dark web can be terrifying for some, the truth is, if you have been using the internet or any popular online services for some time now, the likelihood that your personal information is already on the dark web is actually pretty high.

Large companies who have had major data breaches include well known tech names such as Facebook, Yahoo, eBay, and Sony just to name a few. If you take into consideration the number of companies, big and small, who have suffered data breaches, it is not farfetched to say that the number of people whose personal information has been leaked on the dark web is in the billions.

That being said, that doesn't mean that we should do nothing, or that there is nothing we can do to protect ourselves from the consequences of our personal information being out in the wild.

If you believe that your personal information is already out there, or even if it probably isn't, it is often sound to practice digital hygiene to manage or reduce the likelihood of you being the victim of potential nefarious uses of your data, such as identity theft.

Good preventative digital hygiene measures include:

1. If you haven't done so recently, change your passwords, especially for your more important accounts such as principal email addresses or online banking. Do not reuse your passwords, avoid using simple passwords which may be susceptible to brute force attacks;
2. Use Multi Factor Authentication (MFA). This is a must. Even if your password is compromised, if hackers do not have access your MFA which can either be through SMS, email, or an authenticator app, they still cannot access your account. I find MFA so essential that I avoid services that do not offer MFA as an option. NEVER GIVE OUT YOUR MFA TOKEN, SUCH AS YOUR SMS ONE TIME PINs (OTPs) TO ANYONE;
3. Be wary of social engineering attacks such as phishing, smishing or vishing. If your personal information is indeed out there, malefactors can reach out to you via email, SMS, voice calls or social media, and, armed with your personal information, pretend to be connected with legitimate organizations in order to convince you to give up account credentials, OTPs, or perform some other form of fraud;
4. Avoid answering phone calls, SMS, or email messages from unfamiliar phone numbers or email addresses. Legitimate organizations will often reach out via recognized phone numbers, SMS sender IDs, and official email addresses, while fraudsters will use ordinary 11-digit phone numbers and email addresses with different and suspicious domains. Most mobile phones have features for screening potentially malicious phone calls, turn on this setting;
5. If you feel that you have to answer a phone call from an unknown number, DO NOT SAY "YES" REGARDLESS OF ANY QUESTION ASKED. Your "yes" reply may actually be secretly recorded and used as evidence of your confirmation for an unwanted transaction;
6. If you feel that you have to answer a phone call from an unknown number, DO NOT PROVIDE ANY PERSONAL INFORMATION TO AN UNKNOWN CALLER, even if the caller claims to be legitimate. If a transaction requires personal information, state that you will call them instead through their organization's known legitimate hotline;
7. Verify requests for money or anything of value from friends or colleagues, especially if the message seems totally out of character. It could be someone impersonating them;
8. Confirm if your data has been involved in a breach. Sites like https://haveibeenpwned.com/ can provide information if your personal details, particularly your email address, usernames or passwords have been leaked in previously reported breaches;
9. Monitor your financial accounts. Enable notifications from your banking apps, whether these are through SMS, email or app notifications, so that you would know if someone else is accessing them or performing unauthorized transactions. List down the hotlines or other contact information of your banks or financial institutions so you can easily report unauthorized access or use of your accounts;
10. Limit the maximum daily amount that can be transacted with your banking apps. This reduces potential losses if your bank account is compromised;
11. Check your email or social media accounts if they have been accessed using unfamiliar devices or from unfamiliar locations. This can usually be found in the privacy and/or security settings of the app. If you find an unusual device or location, force that device to log off, change your password immediately and turn on MFA if it isn't on yet;
12. Occasionally do "vanity searches". Vanity searches are when you search for your own name on search engines of social media sites. You may discover attempts at identity theft or your identity being used on fake social media accounts;
13. Delete accounts for services that you don't need or use. These are unnecessary vectors for potential breaches for accounts that don't really benefit you.

These insights merely skim the surface. In today's landscape, hackers have evolved, showcasing greater creativity in their utilization of compromised personal data. It is crucial for everyone to uphold vigilance and proactivity in safeguarding their personal information. While there's no foolproof method for complete protection, adopting a defensive mindset significantly lowers the chances of falling victim to cyber threats or minimizes their impact should an incident occur.