How RIAs Can Tell If Data is Being Sold on the Dark Web

Author: Craig Pollack Date: Jul 05, 2018 Topics: _Investment Advisor Blogs, IT Services, Cybersecurity

It’s the worst fear of every registered investment advisor (RIA): Discovering that your information, or that of your clients, has been hacked and is being used by malicious users. This type of data breach can result in a loss of trust in your firm from clients and the community as well as costly lawsuits and compensation.   

Research from IBM and the Ponemon Institute shows that in 2017, the global average cost of a data breach totaled more than $3.6 million, with each lost or stolen record having an average price tag of $141. As SonicWall reports, “cyber attacks are becoming the No. 1 risk to businesses, brands, operations and financials” with more than 9.32 billion total malware attacks in 2017 alone.  

Knowing whether your information has been compromised is a challenge. Many RIA firms don’t know that an attack or data breach has occurred until their accounts have been hacked and their customers’ identities or money have been stolen and used for fraudulent activities by malicious actors on the Dark Web.

But, what exactly is the Dark Web? And, how do you know whether your information is on the Dark Web, where it can be bought or sold?  

What is the Dark Web?

The Dark Web is a series of encrypted networks that are not searchable by conventional search engines which also anonymize the internet users who access it. It is a hidden location on the internet where compromised passwords, user credentials, account information, and other unlawful information can be accessed via Tor software and networks.

According to the Global Commission on Internet Governance’s report “The Impact of the Dark Web on Internet Governance and Cyber Security”:

“The dark Web, in general, and the Tor network, in particular, offer a secure platform for cybercriminals to support a vast amount of illegal activities — from anonymous marketplaces to secure means of communication, to an untraceable and difficult to shut down infrastructure for deploying malware and botnets”

Typically represented by an iceberg, the idea is that only the small tip up top that is visible above the water represents the public web. The next layer down beneath the surface of the water is the is the deep web, which frequently contains legitimate information that is excluded from web search engine indexing because it contains protected information. Beneath that is the deepest (and darkest) point of the web — an area that is frequently anonymous and can only be accessed by special web browsers.  

Dark Web Scans from a Managed Service Provider

There are several different options that individuals and businesses can use to determine whether their information is available on the Dark Web. One of the ways individual users can track their personal information on the Dark Web is using Experian’s Dark Web Triple Scan. However, many individuals are hesitant to use Experian’s services after it came to light that the company was hacked and the personally identifiable information (PII) of hundreds of millions of users was compromised in a massive data breach. This can create a concern about the effectiveness of data protection.  

According to a CSO article, some businesses try to use their in-house resources to set up a Dark Web data mining operation. However, they may lack the appropriate human or technology resources to be effective at the task. Investment News says that 1-3% of RIA firms have in-house cyber experts who are up to the task. Engaging in activities on the Dark Web can lead to potential risks with law enforcement and other factors. This is why many financial organizations and registered investment advisor firms choose to use the services of an IT managed service provider (MSP).

Using a vendor like FPA is a safer and more cost-effective approach to Dark Web monitoring. In addition to searching and tracking data, these services also provide alerts for when data is found on these “underground” networks. They also stay up-to-date with technology and cybersecurity changes in the industry to provide the best cyber protection possible. These abilities help the IT organization to more effectively react to and stay ahead of Dark Web information threats.

FPA Offers Data Protection for Dark Web Information

FPA is an IT security firm that provides managed IT services to companies across a variety of industries, including financial industry firms like CPAs and RIAs. Part of FPA's managed security services offering includes identity monitoring of the Dark Web to identify any of your organization’s stolen or compromised data. These services are designed to help your company prevent security events, detect and prevent intrusions and hacks, and recover quickly in the event an incident occurs.  

Our portfolio of MSS services include:

  • Managed Authentication
  • Managed Encryption
  • Managed Firewall
  • Managed Intrusion Detection & Intrusion Prevention Services (IDS/IPS)
  • Managed Malware
  • Managed Security Assessment
  • Managed Security Information & Event Management (SIEM)
  • Managed User Security Awareness Training

These services help to identify gaps in your IT security defenses so that they can be addressed before an attack is successful — or, to help you mitigate your firm’s risk of falling prey to future attacks through invaluable cyber protection practices and procedures.

Unlike some other MSPs, we have an in-house security operations center (SOC) that provides 24/7 services to your firm in the event of a problem. This is particularly helpful for small and medium-sized businesses (SMBs) that don’t have in-house security personnel and processes to handle these functions on their own.   

If you'd like to discuss our Dark Web monitoring and managed security services specifically, or our overall approach to cybersecurity services in general, please feel free to contact us. You can also download our free RIA eBook by clicking on the image below.

Please share your thoughts and insights around managed security services in the comments box below or shoot me an email if you'd like to chat about this in more detail.

The IT Security Primer For RIAs eBook


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.