Hacking used to have one major barrier to entry: talent. Unfortunately, the dark web has enabled individuals with nothing more than a bad attitude and a small amount of spare cash to buy sophisticated hacking tools. This means that your data is more vulnerable than ever before.

When your business’s data is breached, criminals aren’t just getting personal information — they’re potentially getting all of the login credentials for every user on the breached website or platform.

So once these criminals have all this sensitive information, it couldn’t get any worse, right?

Wrong, because their next step is to use and then sell that information — yours and your customers’ — to other bad actors on the dark web. To keep from becoming a victim the second time your data makes the rounds, follow these three steps:

1. Re-secure your sensitive data // First and foremost, change all your passwords. It’s not enough to add an exclamation point at the end or to replace an O with a 0. Resist the temptation to use similar passwords across many accounts because the odds are good that one of them will be breached at some point and all accounts that use that password — or its variations — will be compromised.
2. Learn to spot phishing attempts // Phishing attempts are more sophisticated than they used to be. Instead of the trusty Nigerian prince with frozen assets, scammers trawl your contact information and personal networks to send invoices and wire transfer requests that precisely imitate your boss, co-worker, family member or bank. Knowing that this approach is a possibility is the first step in preventing this kind of fraud.
3. Monitor the dark web // A security breach is like a break-in at your house. After thieves have taken anything of value, they’ll try to sell it for profit. In this case, the valuables are your sensitive data, and the marketplace is the dark web. And when the information goes up for sale, it’ll be cheap. Typically, a full package that includes a name, Social Security number, birth date, credit card number, CVV number and expiration date will cost only about $30 in an anonymous currency such as bitcoin.

Because sellers on dark web marketplaces have ratings just as they would on eBay or Amazon, they’re motivated to provide accurate information to their clients, which means buyers can be confident they’re getting the real thing. The only way to act quickly to protect yourself when your information appears is by monitoring the dark web for your own credentials.

The security breach is just that: a breach. Hackers use your personal information, but when they’re done, they’ll finance future efforts by selling that info to other criminals on the dark web. Knowing when your information is out there is vital to minimizing the impact of data breaches.