One of our core values at White Ops is “be good.” This means, when possible, we tip the balance in the world towards good. Exposing threats and educating the larger internet community on cybercrime are pieces of this.
We are often asked about what can be done to improve business practices beyond Invalid Traffic (IVT) concerns. Our team of security experts came up with some best practices that will help keep your company and customers safer. Taking these tangible steps does not replace the need for a security team or third-party bot mitigation technology, but they can provide you with some additional security to combat attacks.
Account Protection Best Practices
Credential Stuffing, one of the biggest security concerns today, automates the injection of breached username/password pairs to gain access to user accounts. Bad actors use credentials leaked through data breaches to gain access to accounts to use for their own benefit, generally leveraging botnets to enable high-volume breaches. A classic recommendation to combat credential stuffing—that many companies fail to follow—is to ensure stronger password generation.
Additionally, companies should train employees and ensure their awareness of the various mechanisms used to steal credentials, such as phishing, social engineering, and SIM-jacking; however, companies must also combat sophisticated attacks with their own sophisticated practices:
If you’d like to take things a step further, we suggest:
This is not an exhaustive list of options, but rather several strong solutions you can implement to protect your website. These will not stop 100% of all attacks or fraud; however, they should help to reduce them significantly. By strengthening your defenses, you will better protect your enterprise and your customers. Good luck, be good, and keep it human.