Why Online Brand Protection Is Important for Small Businesses

Online brand impersonation is a much more widespread problem than many people recognize. Every day, criminals impersonate big brands online, exploiting the trust in those brands to defraud users or trick them into revealing sensitive information. For example, criminals may send phishing emails that appear to be from a trusted brand like a bank or brand-name retailer. Those phishing emails ask recipients either to make a payment or to “confirm” their identity by revealing their Social Security number, account information, or password. Some of these fakes are easy to spot, because they’re riddled with spelling errors or awkward phrasing. Others look quite authentic. Either way, if consumers take the bait and lose money—or their identity—the victimized brand’s reputation will suffer, too. And phishing is only one form of online mischief that can harm businesses; fake websites (particularly if your web site accepts payments) and social media postings are other common methods.

Small Businesses Are Not Safe

If you have a small business, it may be tempting to think this is one problem you don’t have to worry about. After all, experts note that Microsoft, Apple, PayPal, Netflix and Bank of America are among the brands most likely to be impersonated.[1] But experts also caution that small businesses should not ignore the threat.[2] If you’re still not worried, here are some things to consider. First, spoofing attacks in general are increasing. Microsoft reported that phishing attacks jumped 250% in 2018 alone.[3] Second, experts note that small businesses are especially vulnerable because they often lack the security technology and programs that larger companies have in place.[4]

Finally, consider the cost to your small business and your customers. Last year, criminals impersonated a supplier’s brand in email messages in order to swindle small U.K. charity Red Kite Community Housing out of more than $1 million.[5] Such spoofing can damage your brand and reputation, even if customers (or potential customers) know that you aren’t directly responsible. Being duped by a phishing email certainly qualifies as a bad experience, and studies show that 63% of consumers will stop shopping somewhere after a single bad experience.[6] Spoofing can undermine your marketing, too, if it scares people away from opening your emails or visiting your Web site.

As a consumer, I can speak to that directly. A few years ago I was selling my house and hired a small, independent real estate firm with just a few agents. During the process, I got an email asking for some very specific financial information, including account numbers. Because I (foolishly) believed that the firm was so small the email must be legitimate, I responded. Big mistake! Although I knew the firm wasn’t responsible, our relationship suffered irreparable harm when the owner seemed unconcerned about the damage and took no steps to keep it from happening again.

A Multi-Pronged Approach Can Cut Your Risk

So, if we can agree that small businesses are indeed targets for brand impersonation and that the stakes are high, how can small businesses protect themselves?

Although experts caution that there is no single method of online brand protection,[7] and that no security steps are foolproof,[8] they also suggest that a combination of tactics can substantially reduce the threat:

• Fortify your domain record. Today’s email protocols were largely developed during the Internet’s infancy, when security wasn’t a concern. That makes email spoofing remarkably easy. You can strengthen your online brand protection by changing your internet domain settings. Specifically, you can add three records—SPF, DKIM and DMARC—to your firm’s DNS information. Together, the three settings work to block fake emails that impersonate your business.
• Communicate with your customers or clients. You want to take steps to stop fake emails from going out, but you also want to take steps to keep customers from opening them if you are attacked. Use your public-facing communication to do just that. For example, experts say you can include messages on your Web site and email to assure customers that you will never ask for passwords or other sensitive data via email. If you’re consistent in how you use your logo, colors and other elements of branding, it may make it easier for customers to spot a fake.[9]
• Monitor your brand. There are a lot of good reasons to keep tabs on what’s being said about your brand online, and two of those reasons are to identify scam accounts and to spot posts falsely claiming to represent your business.[10] That said, the Internet is so vast that you can’t be everywhere. Fortunately, advanced brand protection technology using artificial intelligence is emerging. The technology can hunt for and shut down spoofed domains and Web sites.

The Bottom Line

Online brand protection may not be a priority for small businesses, but with spoofing and phishing on the rise experts suggest that no business is safe. Fortunately, there are several relatively easy and effective steps you can take to protect your business—and your customers.

[1] “Phishing: These Are the Companies that Hackers Impersonate When They Try to Steal Your Data,” ZDNet

[2] “Spoofing Attacks: Everything You Need to Know,” Springboard

[3]  “Microsoft Security Intelligence Report Volume 24,” Microsoft

[4] “Spoofing Attacks: Everything You Need to Know,” Springboard

[5] “We’ve been cyber-conned,” Red Kite Community Housing

[6] “How Much Damage Can One Bad Experience Cause a Brand?,” The Motley Fool

[7] “Spoofing Attacks: Everything You Need to Know,” Springboard

[8] “Phishing: These Are the Companies that Hackers Impersonate When They Try to Steal Your Data,” ZDNet

[9] “Brand-Impersonation Fraud Is On the Rise and Can Hurt Your Business,” Business.com

[10] “Brand-Impersonation Fraud Is On the Rise and Can Hurt Your Business,” Business.com