We are excited to release a set of documents aimed at assisting organizations in safeguarding their customers against various cyber-enabled crimes, including fraud.
This updated guidance is applicable to any organization with an online presence, with a particular focus on those offering online customer accounts or those at risk of being impersonated by criminals attempting to misuse your brand’s reputation.
- ‘Choosing the Right Authentication Methods‘ aids organizations in selecting suitable authentication strategies to enhance security beyond traditional passwords.
- ‘Removing Malicious Content to Safeguard Your Brand‘ outlines techniques for protecting your online brand, which in turn protects your customers.
Moving Beyond Passwords
Passwords continue to be the standard method for authentication across a broad spectrum of services, both at work and at home. Accounts secured solely by passwords are increasingly susceptible to attacks, magnified by the growing number of accounts users must keep track of. The simplicity, cost-effectiveness, and familiarity of password authentication lead some businesses to hesitate in implementing alternative methods, fearing that it might introduce undesirable complications to online transactions.
Our new guidance on authentication methods presents various alternative authentication models, complete with examples that clarify when each method is appropriate. It assesses the advantages and disadvantages of two-step verification (2SV), OAuth, FIDO2, magic links, and one-time passwords, along with a summary of the best contexts for each method. Although the guidance includes illustrations from the retail, hospitality, and utility sectors, it is relevant for any organization needing to manage online accounts.
As discussed in the guidance, consider both the security and usability of each authentication method along with the specific profile of your customer base. Implementing any of these methods will significantly bolster the security of customer accounts.
Takedown Guide for Brand Protection
In tandem with securing user accounts, it is crucial to implement measures that prevent your brand from potential exploitation.
For brand owners or managers, there exists a risk of online exploitation. This can manifest as misleading portrayals of your products or services, counterfeit endorsements, or cybercriminals utilizing your brand in phishing schemes or malware to lend legitimacy to their actions.
Our new Takedown guidance includes:
- Instructions on how to submit a takedown request for malicious content
- Considerations when selecting a takedown provider to act on your behalf
Regardless of the method chosen, taking down malicious websites that exploit your reputation to defraud the public is essential for protecting your brand.
Advice on Business Communications
These two new publications are part of our ongoing effort to provide guidance that empowers organizations of all sizes to better protect their customers and users. We strongly recommend all business owners review our additional guidance on best practices for SMS and telephone communications, as well as email security and anti-spoofing measures.
Amy B
Citizen Resilience, NCSC
Based on an article from ncsc.gov.uk: https://www.ncsc.gov.uk/blog-post/protect-your-customers-to-protect-your-brand
