12 Ways to Protect your Affiliate Business From Cyber Attack

12 ways to protect your affiliate biz from cyber attack

12 Ways to Protect your Affiliate Business From Cyber Attack. Cybercriminals are opportunists. They are ready to take advantage of any lapse in security they can identify. If Cybercriminals can gain access to your business, they will do so with the intent of making money somehow. That could be from encrypting all of your data and holding you to ransom or stealing your clients’ data and then targetting them. The options for criminals are pretty spread.

Securing your affiliate business is essential for looking after your clients, keeping out attackers and protecting your data. You can take several steps to protect your business, your clients, and your data from cybercriminals.

1. Passwords — but different

Having great passwords is a solid foundation. It is the same for everyone, from home to the small business and on to the enterprise. The UK National Cyber Security Center considers it imperative that they wrote in their Cyber Essentials Standard. But here is the difference. Stop with the complexity.

They also wrote an official guidance document on it, available here.

2. Goodbye Complex Passwords

Build your password from three or more words and ensure that the length is at least 14, ideally more than 16, characters. Doing this will provide you with a passphrase long enough to withstand all but the most dedicated password attacks.

Need a password policy? Or want to see an example password policy of one without complexity within it? We have just that here.

3. Goodbye monthly password changes

With a password that is 16+ characters long, stop worrying about password changes unless you believe the password is compromised. Set up monitoring to provide alerts for when an account on your domain is seen in a password dump.

4. Change Default Accounts

Device providers automatically assign a username and password to their devices. Cybercriminals can easily find these default passwords online, giving them a possible way in.

Changing the username and password of the default accounts on the various devices on your network makes it more difficult for attackers to identify whose device it is and gain entry to the network. The criminals have sophisticated tools to test thousands of possible passwords and username combinations.

For the admin/root level accounts, using a longer passphrase of 32 characters means you can effectively forget about attackers trying to guess those passwords.

5. Change your Default DNS servers

So this is something no one is talking about, changing your default DNS servers for your users. A straightforward way to add another layer of protection is by harnessing the power of the quad9 project (https://www.quad9.net/). Quad9 blocks lookups of malicious hostnames from an up-to-the-minute list of threats. This blocking action protects your computer, mobile device, or IoT systems against many threats such as malware, phishing, spyware, and botnets.

6. Use a VPN for remote work (Virtual Private Network)

A VPN protects your initial connection to the internet by encrypting the traffic between you and your VPN service. It also alters your visible IP address, giving you the identity of your VPN service.

At ICE in London a few years back, we set up a trojan WiFi hotspot and recorded the number of operators who logged onto their backend platforms. During the event, we observed over 100 people logging into affiliate and platform backends. If we had been an attacker, we had access to all those platforms at an admin level.

We wrote a guide on how to use a VPN for better security a while ago. The link is here.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store