Studies show that small businesses are being targeted now more than ever in cyber attacks. (Forbes: Small Businesses Are More Frequent Targets Of Cyberattacks Than Larger Companies)
When cybersecurity professionals discuss two-factor authentication, domain registrars or DNS hijacking is often not the topic. (Think 2FA for GoDaddy, NameCheap, and SquareSpace, to name a few. Take a moment and use these links to setup 2fa for your domain, or google "How to turn on 2fa for name of provider.")
Surprisingly, even in 2023, some providers still don't support this essential security control.
However, your domain name controls an organization's corporate website and email exchange records. And suppose an attacker were to get control of it. In that case, they could recreate your email addresses, and password reset their way to control all the accounts owned by an organization.
A few of the recent incidents we've responded to involve attacks where the attacker obtains credentials reused across multiple accounts through email phishing or data leaks. Then, email accounts, domain registrars, and social media accounts are compromised and used to wreak havoc on small businesses.
Here are a few tips to secure your small business:
- Turn on 2FA for your domain registrar if you still need to.
- Turn on 2FA for your email and any accounts used to log in to accounts relevant to the business.
- Turn on 2FA for all your social media properties as well.(Facebook, Instagram, YouTube (Google), Twitter, LinkedIn)
- Maintain control of all accounts (business operations, social media, service accounts, etc.). Review and ensure you are listed as the owner of all properties. If you are the trusted individual handling this for someone else, ensure the business owner ends up with ultimate ownership, even if you create the accounts on their behalf.
- And if you've gotten to here you should be able to account for most of your customers data that may be at risk.