Brand Protection and CyberSecurity Best Practices
'Prevention is better than a cure' goes the adage, and this holds true across industries whether it is public health, cybersecurity or personal finance. Brand Protection and cybersecurity are both key to preventing the leak of critical information, business secrets and operational resources for corporations and small businesses alike. Recovering from a data breach or brand fraud can be a litigious and expensive process with disastrous impacts on your normal business.
Brand Protection and cybersecurity are even more critical now
The COVID-19 pandemic has heightened the risk of cyber attacks and fraud for a variety of reasons we describe below:
More threat surfaces for cyber attacksAs many workforces have moved to a work from home model, they now use new tools for collaboration, video conferencing etc. that they may be unfamiliar with. Staff are also faced with inadequate levels of training due to the rapid pace of events that led to the current scenario. The lines between personal and professional settings have blurred, as demand for items such as sanitizers or masks has skyrocketed, and attackers capitalize on these trends with phishing and ransomware.
Increased vulnerability to social engineeringThe economic and social hardship imposed by the unprecedented stay-at-home orders has led to increased stress. An employee who has doubts about the authenticity of an email or an instruction cannot walk up to their manager or peer to resolve it anymore, making them less likely to verify it each time. Stress and the presence of family members and potentially children in the household also leads to fragmented attention spans which can all be exploited for social engineering attacks.
Increased number of attackers and scammersThe vulnerabilities listed above has seen an increase in the number of unscrupulous people trying to prey on these targets. In addition, the tough times has made some people who are desperate for new income streams use previously exposed password dumps to stage attacks now.
While the measures to control the global pandemic are the source of these new waves of cyber attacks, COVID-19 itself offers an interesting case study to bolster the case for prevention. Canada’s Chief Public Health officer, Dr. Theresa Tam authored a playbook with an impressively detailed plan to deal with a pandemic influenza, back in 2006, before she took on her current role. However, several aspects of the plan were hardly put into action and it did not receive public attention until the coronavirus crisis hit, as noted Canadian journalist, Paul Wells observes.
“Plans that don’t get funded and implemented and operationalized are… (sic) just term papers.” – Kenneth Bernard, retired rear admiral in the U.S. Public Health Service
This establishes the case for acting on well-crafted plans for prevention, in public health, cybersecurity and brand protection alike.
Brand Protection Best Practices:
A successful brand protection program must be scalable, thorough, and cost effective. It requires expertise in threat analysis, investment in resources and education, automation of monitoring and reporting as well as training to foster awareness among staff.
Here are 4 brand protection best practices:
Proactive Trademark Protection:Establish a fool proof process to register and monitor all brand trademarks in every relevant jurisdiction. In addition, submit your brand into the Trademark Clearinghouse (TMCH) to protect against infringement in domain registrations. A successful TMCH submission grants you an SMD file that can be used during the sunrise phases of new gTLD launches to claim your trademarked terms in every new domain extension.
Domain registrations and blocking:Defensive domain registrations are the surest way of protecting your brand against counterfeiting, abuse, and phishing attempts. Brands are built painstakingly over time and add immense value to your products and services. Brands require investments to protect online by defensive domain registrations or domain blocks such as DPML, Adult Block, EPS etc.
Active monitoring:Automate your monitoring and reporting for mentions of your brand keywords in new domain registrations or even on the news and in the web. Webnames.ca’s domain monitoring services allow you to track mentions of your brand keywords in domain registrations across 1200+ domain extensions. Google alerts is an easy and free way to track brand mentions on the web, but several more sophisticated solutions are available.
Follow through with zero toleranceSetting a zero-tolerance precedent can be very important when it comes to protecting your brand from abuse and fraud. While the scale of damage from every act of infringement may not be the same, a precedent that is set early on, when your brand is gaining popularity can act as a powerful deterrent. When you detect a case of brand abuse, for instance a domain registration that includes a trademarked term you can enforce legal takedown requests to the domain registrar of the infringing domain and use UDRP as relevant.
Cybersecurity Best Practices:
The hallmarks of an effective cybersecurity program are coverage, resilience, and agility. To reuse an oft-quoted analogy, security is like a chain, it is only as strong as the weakest link. It also needs to be affixed to relatively immovable entities to ensure maximum effectiveness. This is where resilience in the form of backups, restores, fail-safes gain critical importance. Here are 4 cybersecurity best practices:
Update, patch, monitor and adapt - Security is all about the detailsSeemingly non-critical bugs, delayed installation of software patches, stray data packet transferred over an unsecure public WiFi, a link clicked without a keener look at the sender details – each of these can be the trigger for a successful breach, hack or phishing attempt. Password strength, attention to detail and a superhuman effort to iron out flaws is our best defense against cyber attacks. Password managers, VPNs, multi-factor authentication, encryption and SSL certificates, penetration testing, timely software patches and updates and education of each individual are all key aspects of a successful cybersecurity strategy.
Carefully designed access controlRestricting access to data, platforms, and functions to authorized individuals and programs that need it, is an essential cybersecurity best practice. This can be implemented through IP restrictions on traffic, virtual private networks, and account level access control. For instance, if you are part of a business with many different teams that require access to register or manage domain names, you can protect yourself better by creating child accounts and defining granular access controls. The marketing team may require access only to register and renew domain names, while finance may only need access to billing and payments while IT may need access to DNS, SSL certificates and more.
Damage limitation, recovery, and business continuityMost medium and large businesses have rigorous disaster recovery protocols and a successful cyberattack can be as serious as a natural disaster. No cybersecurity system is invulnerable, so recovery and adaptability are key pillars of your strategy. To limit damage and ensure speedy recovery, your cybersecurity strategy needs to have reliable backups that can be accessed on demand but siloed to protect it from the cyber attack that might have affected your primary systems. Bring your IT infrastructure, development, and architecture departments together and create a playbook which defines clear processes and roles for all stakeholders in the event of a breach to ensure a speedy and safe recovery to business continuity.
Security is an organizational culture issue: Every employee, contractor, and vendor countsThe human element of cybersecurity is often overlooked by experts that are dazzled by sophisticated software and technical safeguard. A careless employee, or worse still, a disgruntled one can cause immeasurable damage by allowing an attacker to breach all your cybersecurity defenses with legitimate credentials unless your processes are alert to detect unusual behavior. Social engineering, which is a class of cybersecurity attacks that relies on skilful manipulation of individuals to get them to disclose seemingly innocuous information that might be used for mounting an attack. This could be security questions such as your mother’s maiden name, or to suss out frequently used terms in passwords such as the name of a pet.
Your organizational culture needs to make employees comfortable in owning up to mistakes and must encourage them to welcome professional scrutiny of each other’s work without coming across as an overbearing and unfeeling corporation. This requires employers to engage with staff, vendors and contractors with transparency in motive and methods, so that there is universal buy-in.
As mentioned at the top of this post, the coronavirus pandemic has placed people on edge due to the stress and uncertainty they are experiencing in their day to day lives. Your cybersecurity plans need to account for this, and the other exacerbating scenarios caused by remote work.
We hope these best practices for Cybersecurity and Brand Protection help you streamline your efforts. If you are a business with a sizeable domain portfolio and need help with brand protection, domain management or simply to secure your internal and external networks, our corporate domain management experts can help you. Contact us for a short 15 minute call and a free security review of your domain, brand and SSL portfolio.