Have you heard of the “Dark Web”? While you might not consider yourself a “techie” person, it is crucial to keep abreast of what employees might be doing on their work computers. And this includes accessing the Dark Web. It might sound like a mythical creation from a sci-fi movie, but it is actually an easily accessible portion of the Internet that is untraceable and often used for criminal purposes. Since it is untraceable, it can be used by employees to access the Internet without their employer’s knowledge.
The Dark Web was created with funding from the U.S. government itself. Simply put, the Dark Web is a way a user can “surf the Web” without revealing his physical location. With regular Internet searches, the user’s IP address is visible and he is limited to the pages he can find on Google or other search engines. But that is a very tiny percentage of what is actually on the Internet (about 0.3 percent, according to recent estimates). There is a wealth of other websites that exist, and they can be accessed only from the Dark Web. Sadly, many of these websites can be used for purposes such as selling drugs or posting illicit videos like child pornography or other gruesome videos. In fact, it was recently announced that Dark Web drug sales have tripled in the past three years.
Employers have recently become concerned about employees using the Dark Web to surf the Web on company time, especially as many of these websites are criminal.
While it is not illegal to go on the Dark Web, many of the things to be found there are illegal. And it is not so easy to prevent a person going on the Dark Web. All he has to do is download Tor and he can easily “go dark.” Even if businesses block Tor on the company PCs, a person can simply use a USB that is pre-loaded with Tor.
So what should employers and managers do?
First, companies must have a simple “acceptable use” policy with stated consequences, along with yearly re-doctrinization of the policy and follow-through for violators.
Secondly, Internet firewalls can be configured to help curb downloads and functioning of Tor on the Internet. This is a simple way to keep anyone from sneaking onto the Dark Web.
Finally, workstations can be locked down so that nothing can be installed, including from a USB device (a common way for people to covertly access the Dark Web). However, while it is true that running or copying files from a USB port can be disabled, most professional positions need that capability — so taking this step might result in employees being unable to perform necessary tasks. So a good acceptable-use policy is the best step, along with using a lock-down at the firewall for Tor activity.
Employers worried that an employee might be accessing the Dark Web can capture this information with an Internet gateway device that records all connections and ports used. From the workstation side, there is typically little for the average tech person to find. Catching a person ‘”red-handed” would be best, but with a more sophisticated Internet gateway the company can record all Internet usage by workstation, Internet endpoint, and port. (And simply making employees aware of this will help prevent any inappropriate Internet use, as they will know their steps are being traced.)
It’s important to reiterate policy on a regular basis — educate the staff and enforce consequences when rules are broken. Something new always comes up, but acceptable-use policies, a strong IT team, and a watchful eye can deter many of those interested in peeking into the Dark Web.
Karl Volkman is the CTO of SRV Network, Inc., which has been delivering innovative technology solutions to clients in a number of industry verticals since 1996.