IT Security - Aug 19, 2020

Protecting your brand, locking out frauds.

For many companies, the ability to succeed and grow revenues depends on a loyal customer base. When your customers are happy with your product or service, when they can relate to your company, that’s when they return to you rather than turn to the competition. That’s why companies spend a lot of time and money on customer relations. And it’s also why the damage can be devastating when criminals break into corporate accounts and end the bond that took so long to build. So how can you prevent frauds from bruising your reputation in the first place? We’ll show you how you can help your employees protect the integrity of your brand and what steps you should take right now.

written by

Head of Solution & Practice Management Security

E-Mail: mathias.schick@bechtle.com

To create loyalty, companies rely on a great variety of different measures. One prominent and important tool is effective communication through e-mail and social media. Companies need to generate a steady stream of content to keep customers engaged. And of course, every post should add value for the customer. If it fails to be useful, exciting or interesting, information is simply dismissed as advertising. But if you want to build a positive customer relationship, advertising alone won’t do. What it takes is entertainment. A happy customer is one thing, a loyal customer, on the other hand, is one who won’t turn to another company even when their product may be on par with yours. Creating this kind of relationship typically takes a lot of strategy and teamwork.  

 

When criminals hack their way into corporate accounts and end the bond that took so long to build, the damage can be devastating. Customers expect their data to be protected. If they lose confidence in your ability to do that, they will turn away. Phishing and other scams have been on the up in recent years. According to a 2018 Statista study, 30% of Germans had fallen victim to identity theft. 

The faces of internet scams and phishing attacks. 

While firewalls, antivirus software and password protection are all a given in most companies today, efforts to protect the brand image against digital threats are still relatively small. All the same, digital brand protection should really be an integral part of any company’s digital strategy, just like the protection of corporate networks and virtual infrastructures against hackers, malware and virus attacks. Companies spend big money on the latter, but relatively little on safeguards against imitation or the development of a contingency plan.

 

Digital brand protection encompasses all the steps a company takes to prevent criminals from appropriating its brand, to protect its intellectual property, and to nip attacks against its name and image in the bud. If a company fails to build sufficient defences, the repercussions of a cyberattack can be catastrophic. 

 

The case of an automotive components supplier stands as a cautionary tale of CEO fraud, in which the company’s CFO wired an eight-digit sum to a fraudulent account in response to an e-mail forged to look like a genuine payment order to the parent organisation. The resulting negative PR, the attack itself, and the efforts to contain the damage all added up to a loss of trust on the part of the customers and long-term financial losses.  

 

Account impersonation is also a thing on social networks, where customers are led to click on links that download malware, or indeed enter their personal information directly. A perceived chance to win prizes is all it takes. Attackers can then easily monetise the sensitive information they have obtained, which may even include the credentials for user or bank accounts. It goes without saying that the trust a victim had in the company takes a hit that won’t easily heal. 42% of people who have experienced a phishing attack change their preferred brand in the aftermath. Customer loyalty takes a nosedive while budget spent to manage the crisis goes through the roof and the attack can leave a permanent mark on the books.  

 

Impersonation and the consequences for a business. 

In order to prevent impersonation or at the very least be able to react quickly when it happens, your safeguards must be locked and loaded at all times. This means your employees must be aware of the tell-tale signs and harbingers of a cyberattack, and the potential consequences of a successful breach, too. It is important that a campaign to raise awareness reaches every one of them and allows no exceptions. That little branch office abroad can be the gateway for an attack that targets your entire organisation. Consistent monitoring is also imperative to quickly detect attempted fraud and stop it dead in its tracks before any significant damage can occur, or worse yet, you learn about it from affected customers. It’s always better to act than to react, but if the damage has been done, it is important to be able to contain it and restore your customers’ trust.  

 

The good news is that modern technology is available to support an aggressive strategy to prevent misuse of your domain, your e-mail communications, and your brand itself. It can shut down any suspicious activity to get your business out of harm’s way. For instance, cloned website detection can help you prevent a phishing campaign even when it is run from a forged copy of your website that resides in a different domain. Domain-Based Message Authentication (DMARC) shrinks the risk of fraudulent e-mail communication, and DNS Certification Authority Authorization (CAA) ensures that cybercriminals can’t obtain unauthorised digital certificates. Both DMARC and CAA have an integrated feedback mechanism to alert domain owners of attempted phishing and impersonation attacks. And should worst come to worst after all, well-prepared and comprehensive crisis management is key to coming out unscathed.  

 
What to do if your customers were hooked by phishers? 

1. Communicate the incident to your customers as soon as possible.

  1. 2. Reassure them that you take the security of their sensitive information very seriously.
  1. 3. Report the scam to the authorities.
  1. 4. Advise your customers on what to do if their identity was (potentially) stolen.
  1. 5. Review and revise the security measures you have in place.

 

A capable partner can be invaluable when you build your cyber defences. Bechtle is your first choice for expert consultation and support in (re-)design, planning, implementation, operation and review. Extensive vulnerability management helps you identify areas where you have to take action.  

One of the most important elements in a prevention strategy is employee awareness. But how can your employees learn how to identify scams early on and shut the digital door on cybercriminals?

 

  1. 1. Bechtle’s e-learning tool, E-Sensecurity, is the tailored and affordable solution to raise awareness for IT security. It helps you educate employees on how to handle sensitive company information with security in mind, customised for your organisation. At the same time, you meet the requirements set out by IT security and privacy legislation. Our webinar, Be Secure – IT Security and Data Protection, compiles an array of relevant information to help you build and develop security awareness among your workforce.
  2.  
  1. 2. Define communication best practices that cover social networks, smartphones, e-mail and web activities.  

 

  1. 3. Create security policies and communicate them to your workforce. Never share company data on social media, by e-mail or by phone. This includes data on the dealings of your own company, but also employee data including their personal information, current projects, and even their conversational idiosyncrasies.  

 

  1. 4. Make sure everyone knows who’s responsible for what. Asking questions is allowed. If employees are asked to deal with a person who’s not been named as a contact for the project at hand, and especially if money’s in play, they should always be suspicious and dig for answers.  

Share article

Published on Aug 19, 2020.