Skip to main content

How secure is your SMB's domain name?

Studies show that small businesses are being targeted now more than ever in cyber attacks. (Forbes: Small Businesses Are More Frequent Targets Of Cyberattacks Than Larger Companies)

When cybersecurity professionals discuss two-factor authentication, domain registrars or DNS hijacking is often not the topic. (Think 2FA for GoDaddy, NameCheap, and SquareSpace, to name a few. Take a moment and use these links to setup 2fa for your domain, or google "How to turn on 2fa for name of provider.")

Surprisingly, even in 2023, some providers still don't support this essential security control. 

However, your domain name controls an organization's corporate website and email exchange records. And suppose an attacker were to get control of it. In that case, they could recreate your email addresses, and password reset their way to control all the accounts owned by an organization. 

A few of the recent incidents we've responded to involve attacks where the attacker obtains credentials reused across multiple accounts through email phishing or data leaks. Then, email accounts, domain registrars, and social media accounts are compromised and used to wreak havoc on small businesses.

Here are a few tips to secure your small business:

  • Turn on 2FA for your domain registrar if you still need to. 
  • Turn on 2FA for your email and any accounts used to log in to accounts relevant to the business. 
  • Turn on 2FA for all your social media properties as well.(Facebook, Instagram, YouTube (Google), Twitter, LinkedIn)
  • Maintain control of all accounts (business operations, social media, service accounts, etc.). Review and ensure you are listed as the owner of all properties. If you are the trusted individual handling this for someone else, ensure the business owner ends up with ultimate ownership, even if you create the accounts on their behalf.
  • And if you've gotten to here you should be able to account for most of your customers data that may be at risk.


Labels:
Location: Los Angeles, CA, USA

Comments

Post a Comment

Popular posts from this blog

Why you should pick Xcape, Inc., for backup internet.

In today's hyper-connected world, internet downtime can be catastrophic for businesses and individuals. That's why having a reliable backup internet service is crucial. This blog post will pit our cellular backup service and router ( NetMaxX ) against another provider to show why our backup internet service is superior. Our customer recently complained to their primary internet service provider about their internet downtimes on an install. They sent a technician to install a failover router and service from their primary provider. Unfortunately, not only was the technician they sent unable to install and configure the failover router properly. But they continued going down until we installed our NetMaxX , utilizing our network. First and foremost, our backup internet service offers automatic failover. If the primary internet connection fails, our service automatically switches over to the backup cellular connection, ensuring minimal disruption to your internet access. Not that
Post a Comment
Read more

Have you tested your backup recently?

We're in the business of helping people, so when a business owner reached out for assistance during a ransomware attack they had experienced, our first question was, "When was your most recent backup?" The owner said his CTO assured him they backed up their Amazon Web Services infrastructure.  Well, they had one snapshot from several years ago, which wouldn't do anything for them. Of course, we always feel bad for giving business owners awful news. But, sometimes, even as experts without the absolute minimum being done technically, we're only left with a few options in ways we can help. So we reversed-engineered and created a decryption application based on the ransomware sample we recovered during our investigation. Recovering over 3 TB of data in the process. While that's not always a possibility, in this case, many things went right for us during the investigation.  Is there a better way to handle ransomware attack recovery ? YES! But the issue wasn't t
Post a Comment
Read more