Dear Santa: all I want for Christmas is brand security
Published: 13th November 2023
How to protect your domains, customers, and brand from cyber-crime
During the festive season, everyone has certain items at the top of their wish list, even cyber criminals. They are always looking out for the next opportunity that they can attack, and unfortunately, as online shopping activity increases, the holiday period opens these doors.
With the growing popularity of Black Friday and Cyber Monday, the run-up to Christmas provides ample opportunity for malicious attackers to attack organisations, and individuals alike.
Common forms of these online attacks include:
- Credential theft: Obtaining legitimate login credentials via phishing emails.
- Credential stuffing: Using stolen credentials for one site to log in to other sites in the hope they will work because victims have reused username and password combinations.
- Brand spoofing: Creating fake websites with URLs that appear legitimate, then using phishing emails to trick customers or employees into providing their credentials.
- Social engineering: Researching an organisation and pretending to be a victim’s colleague to trick them into providing personally identifiable information, log in credentials, or even to transfer money to an attackers account.
- Supply chain compromises: Posing as a trusted supply chain vendor to access the organisation’s network.
All will cost you dearly both financial loss and damage to your brand. Fortunately, there are tools and services that will prevent these attacks.
Email phishing and ransomware are common methods of attacks, with 76% of organisations were targeted by a ransomware attack in 2022, and 64% of those becoming infected as a result. Once these attacks have occurred, it is extremely hard to recover the lost data and curtail the financial damage. It’s a case of prevention being better than cure. You need to ensure your company has a robust defence in place to avoid attacks occurring. For this, a multilayered approach is the most effective.
Traditional email malware filtering is not sufficient, you also need to ensure that you are instilling a strong security culture through regular security awareness training & testing, so that you understand how prone to phishing your colleagues are and who might benefit from additional training.
Implementing Endpoint Detection & Response (EDR) on top of this will mean that you can detect, isolate and remove any threats that do slip through before they can cause harm.
As online Christmas shopping increases, you need to ensure that your domains are secure for customers’ use. Retailers have the best chance of thwarting cyber-attacks by preparing now. An unprotected domain increases the opportunity for your brand to be spoofed and fraudulent lookalike domains to be created. It’s important to constantly scan the web for any lookalike domains so that they can be taken down before any harm is done.
With e-commerce essential to Christmas shopping, retailers must also update their security certificates, or risk losing customers and/or harming their supply chain. Most shoppers know not to proceed to a site without a valid SSL certificate, or at least heed the warnings from their browsers, check now to see if any certificates are approaching their renewal date and ensure they don’t lapse, or you’ll risk losing significant traffic to your site.
DMARC and BIMI
DMARC stands for Domain-based Message Authentication, Reporting & Conformance and allows you to protect your domain from unauthorised use. The authentication used when DMARC is set up helps to prevent domain spoofing. It is a well-established protocol that you most likely already have in place. Its functions go further than other protocols, as it includes reporting on the current state of your domain and an enforcement function which allows senders to block fraudulent email impersonations of legitimate domains automatically.
BIMI stands for Brand Indicators for Message Identification and is a standard that displays your logo alongside your emails when they reach users inboxes. It allows for very quick recognition of the email sender and improves brand trust and brand recognition.
How to get everything on your security wish list?
The solutions discussed here will keep you and your customers happy this festive season, but there is a lot to consider and to take care of. There are tools that will help with each of these and managed service providers such as Red Helix who will take care of this for you. This means you can rest assured that your email, domains, and other digital assets are secure.
In the spirit of Christmas gift giving, and to help you prioritise any gaps in your security we are offering a free Cyber Health Check. This comprehensive report will cover digital assets, outbound email security and domains, so you can assess your overall security and review any gaps within your online portfolio. You have more important things to worry about at this time of year, let us keep your brand protected.
Request a free health check
We will highlight any gaps in your security and show you how to fix them.