Since 2004, the United States has recognized the importance of cybersecurity by appointing October National Cybersecurity Awareness Month. It emphasizes how essential it is for each of us to protect ourselves and our businesses against the technology and data threats present in the online world. Keeping your business reputation safe online is an aspect of cybersecurity that you don’t want to forget about. But just because October is over, doesn’t mean we need to forget about security and keeping our businesses safe on the Internet.
Read on to learn more about keeping your business safe online.
Look closely. Can you tell the difference between godaddy.com and gocladdy.com? You probably noticed that the “d” has been replaced by “cl,” but at first glance and in some fonts, they look quite similar.
Now let’s try a harder example: firstname.lastname@example.org and email@example.com. It’s pretty obvious, right? No? Don’t feel bad; even to a highly trained eye, the variation is difficult to spot.
In this case, the “i” in “security” for the first option has no dot. Although it appears similar to an “i,” it is actually a similar-looking letter from a different alphabet. Homographic tricks like these (modifications in domain names that are nearly indistinguishable) are how smart people get phished.
There is almost no way for any individual to be vigilant enough or perceptive enough to be completely safe online. It doesn’t matter how savvy you are, how careful you might be, or how paranoid.
The importance of keeping your business reputation safe online
When customers get hacked, they don’t know the names of the hackers, and they wouldn’t recognize the faces of the spoofers. So, when they lose their money or get tricked, they don’t blame the criminals, they blame the company.
Consider your company’s image. Consider the effect on customer acquisition and growth. What about potential regulatory action? Many government agencies, such as the FTC in the United States and the European Data Protection Board in the EU, now impose strict civil penalties and fines for non-compliance with customer data protection standards.
The reputational damage alone that your business might suffer could be hundreds or thousands of times more costly than the dollar amount of any one act of fraud.
For instance, Home Depot was forced to pay $17.5 million in settlements in response to a 2014 security breach in which hackers infiltrated their systems and accessed customer payment information. Beyond that settlement, Home Depot is estimated to have spent $198 million in expenses just dealing with the breach.
Protecting your domain name
There’s no way for humans to be vigilant enough to ward off every cyberattack. But there is a technology solution that can help protect your domain. One way to defend your brand against socially engineered phishing is by using a domain that comes with homographic blocking built in.
Because domain names support international characters — not just the Latin alphabet many of us are used to — bad actors can create homographs using similar-looking characters to those in your domain. Essentially a homograph is a “look-alike” domain name, and there could be tens of thousands or even millions of variations, making it nearly impossible to manually identify them.
That’s where homographic blocking comes in. Homographic blocking works by scanning your domain name and identifying all possible homographs. It then blocks bad actors from registering those domains and using them against you.
Editor’s note: Anti-phishing technology comes standard with every Identity Digital domain, so you’re protected against malicious homographs for the lifetime of your domain. That means we protect your brand identity by preventing registrations that spoof your domain.
Other ways to protect your business
Domain protection is just one part of an effective cybersecurity defense strategy. It will never be possible to guarantee zero risk, but if you these key areas, you can reduce your exposure to an acceptable level.
You can get protection from malicious websites through your browser. Google Chrome has very good protection built in, such as site isolation, sandboxing and predictive phishing protection. You should also look into other cybersecurity tools like ad blockers and firewalls.
Make sure your team uses strong passwords. An easy way to do that is to utilize a password manager. There are some great options available. Your team should also implement two-factor authentication to ensure hackers are not able to gain unauthorized access to your accounts even in the case your passwords are compromised. Read more about 2FA here.
Since many cyber threats are often delivered by email, it is essential that you and your staff are vigilant. In 2021, 83% of businesses experienced a successful email-based phishing attack.
Some common scams include:
Spoofing: A scammer disguises an email address — often by changing only one character — to convince you that it is coming from a trusted source.
Phishing: A scammer sends you an email that appears to be from a legitimate business and asks you to update personal info via a spoofed website that looks similar to the real site.
Spear phishing: A scammer sends you an email with just enough personal info, such as your name, company, or title, to convince you to trust the source and provide secure information.
There are many other sophisticated cyber threats, so proper training for you and your staff is essential. Learn more here.