Protect your customers to protect your brand
We’re pleased to publish a brace of documents that will help organisations to protect their customers from a range of cyber-enabled crimes, including fraud.
The new guidance is suitable for any organisation with an online presence, but it’s particularly suited to those with online customer accounts, or are at risk of being spoofed by criminals seeking to exploit your brand’s reputation.
- ‘Authentication methods: choosing the right type‘ helps organisations to select an appropriate authentication method to provide security that goes ‘beyond passwords’.
- ‘Takedown: removing malicious content to protect your brand‘ introduces methods you can use to protect your online brand (and by extension, your customers or users).
Moving ‘beyond passwords’
Passwords remain the default method of authentication for a huge range of services, both at work and home. Accounts authenticated by password alone are vulnerable to attack, and this isn’t helped by the ever-increasing number of accounts users are expected to manage. However, password authentication is cheap, easy to implement, and understood by users. So there is understandable nervousness from businesses adopting alternative authentication methods, fearing it could cause unwelcome ‘friction’ to online transactions.
Our new authentication methods guidance sets out alternative models for authentication, including example scenarios that explain when these alternatives might be suitable. It highlights the pros and cons of two-step verification (2SV), OAuth, FIDO2, magic links and one time passwords, including a summary of when it is appropriate to apply each method (and when it isn’t). Although the guidance includes examples from the retail, hospitality and utility sectors, it can be used by any organisation that needs to manage online accounts.
As the guidance explains, you should consider both the security and usability of each method, and (most importantly) the profile of your customer base. Adding any of the methods described will significantly increase the security of your customer accounts.
Takedown buyers guide
In addition to protecting your users’ accounts, you may also want to consider measures that protect your brand from being exploited.
If you own or manage a brand, there is a risk that it could be exploited online. This can include false representations of your products or services, fake endorsements, or cyber criminals using your brand in phishing or malware to make their campaigns look (and sound) credible.
Our new Takedown guidance covers:
- how your own organisation can submit a takedown request
- what you should consider when choosing a takedown provider (who can submit the request on your behalf)
Whichever method you choose, removing malicious websites that are exploiting your reputation to defraud the public is key to protecting your brand.
Business communications advice from the NCSC
These two new publications are the latest additions to our suite of guidance designed to help organisations of all sizes to better protect their customers and users. If you’ve not already done so, we encourage all business owners to read our guidance that covers SMS and telephone best practice and Email security and anti-spoofing.
This suite of guidance will be continually extended, so please get in touch if you have any questions or suggestions on other topics you would like support in via the Enquiries team.
Amy B
Citizen Resilience, NCSC
Original Source: ncsc[.]gov[.]uk
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.