How to protect your domains, customers, and brand from cyber-crime

During the festive season, everyone has certain items at the top of their wish list, even cyber criminals. They are always looking out for the next opportunity that they can attack, and unfortunately, as online shopping activity increases, the holiday period opens these doors.

With the growing popularity of Black Friday and Cyber Monday, the run-up to Christmas provides ample opportunity for malicious attackers to attack organisations and individuals alike.

Common forms of these online attacks include:

• Credential theft: Obtaining legitimate login credentials via phishing emails.
• Credential stuffing: Using stolen credentials for one site to log in to other sites in the hope they will work because victims have reused username and password combinations.
• Brand spoofing: Creating fake websites with URLs that appear legitimate, then using phishing emails to trick customers or employees into providing their credentials. 
• Social engineering: Researching an organisation and pretending to be a victim’s colleague to trick them into providing personally identifiable information, log in credentials, or even to transfer money to an attacker's account.
• Supply chain compromises: Posing as a trusted supply chain vendor to access the organisation’s network.

All will cost you dearly in both financial loss and damage to your brand. Fortunately, there are tools and services that will prevent these attacks.

Email protection

Email phishing and ransomware are common methods of attacks, with 76% of organisations targeted by a ransomware attack in 2022, and 64% of those becoming infected as a result. Once these attacks have occurred, it is extremely hard to recover the lost data and curtail the financial damage. It’s a case of prevention being better than cure. You need to ensure your company has a robust defence in place to avoid attacks occurring. For this, a multi-layered approach is the most effective.

Traditional email malware filtering is not sufficient, you also need to ensure that you are instilling a strong security culture through regular security awareness training and testing, so that you understand how prone to phishing your colleagues are and who might benefit from additional training. 

Implementing Endpoint Detection & Response (EDR) on top of this will mean that you can detect, isolate and remove any threats that do slip through before they can cause harm.  

Domain protection

As online Christmas shopping increases, you need to ensure that your domains are secure for customers’ use. Retailers have the best chance of thwarting cyber-attacks by preparing now. An unprotected domain increases the opportunity for your brand to be spoofed and fraudulent lookalike domains to be created. It’s important to constantly scan the web for any lookalike domains so that they can be taken down before any harm is done. 

With e-commerce essential to Christmas shopping, retailers must also update their security certificates, or risk losing customers and/or harming their supply chain. Most shoppers know not to proceed to a site without a valid SSL certificate, or at least heed the warnings from their browsers, so check now to see if any certificates are approaching their renewal date and ensure they don’t lapse, or you’ll risk losing significant traffic to your site.

DMARC and BIMI

DMARC stands for Domain-based Message Authentication, Reporting & Conformance, and it allows you to protect your domain from unauthorised use. The authentication used when DMARC is set up helps to prevent domain spoofing. It is a well-established protocol that you most likely already have in place. Its functions go further than other protocols, as it includes reporting on the current state of your domain and an enforcement function which allows senders to automatically block fraudulent email impersonations of legitimate domains.

BIMI stands for Brand Indicators for Message Identification and is a standard that displays your logo alongside your emails when they reach user's inboxes. It allows for very quick recognition of the email sender and improves brand trust and brand recognition. 

How to get everything on your security wish list

The solutions discussed here will keep you and your customers happy this festive season, but there is a lot to consider and to take care of. There are tools that will help with each of these and managed service providers such as Red Helix who will take care of this for you. This means you can rest assured that your email, domains, and other digital assets are secure. 

Free Cyber Health Check from Red Helix

In the spirit of Christmas gift giving, and to help you prioritise any gaps in your security, we are offering a free Digital Exposure & Risk Review.

This is our high-level assessment of your publicly available digital assets, highlighting gaps in your security that are visible to all.

You have more important things to worry about at this time of year, let us keep your brand protected.

Take up our free offer of a Digital Exposure & Risk Review >

Article by Red Helix - cyber security & network experts, Buckinghamshire Business First Ambassador.