Protecting Corporate Brands: One Keystroke at a Time
by Bill Unrue - President of Anonymizer - Monday, 8 December 2008.
Enterprises spend a great deal of time and money building up their brand identity, and for good reason. It’s not only a primary component to an organization’s marketing strategy – it represents a solemn promise made to customers, partners and investors on the value of doing business with them. And while focus groups, marketing collateral and promotion initiatives are vital to this initiative, many of these tactics are effectively countered – not just from competitors, but also by the regular day to day activities of their staff.

All types of organizations – from Fortune 100 to "mom-and-pop" operations – are susceptible to negative exposure each and every time an employee surfs the Web using company equipment. It’s an all-too-frequent occurrence. A check on Wikiscanner for example, shows that 86 percent of the Fortune 100 companies have had employees editing Wikipedia entries using the organization’s network – most of them having nothing to do with the corporation. Here are just a few edits made by company staff members:
  • Lockheed Martin: Jenna Jameson, Beavis and Butt-head, Jackass (the TV series), NCAA Football 08, Punk'd
  • Northrop Grumman: America's Next Top Model, Arizona Cardinals, Final Fantasy XI, Happy Hour, PlayStation 3
  • General Dynamics: 2007 Pacific-10 Conference Men's Basketball Tournament, Lethal Weapon 4, Marathon, Sandra Bullock, The Real World, Timeline of Christianity
  • Humana: 2006 NFL season, Ferrari 360, Miami Dolphins.
What’s more, most these actions occurred with the individual editing Wikipedia entries as a guest, and not a registered member. And while the employee is not identified by name, the company’s IP address is, and the brand reputation that goes with it!

This is just one example of how easy it is for an organization to become a victim of “Brandjacking,” whereby copyrights, trademarks and intellectual properties are significantly compromised as a result of unintentional or malicious activities. Today there are more than one billion IP addresses that have been collected and aggregated by nefarious Web sites, despite the fact that these same organizations have mandated the use of anti-virus, anti-adware, anti-spam, firewall and cookie removal solutions for every employee workstation. Other scenarios could involve a company’s marketing team that uses the Web to research a competitor’s online pricing or feature/function sets. These actions, even when done outside of work, can tip off a rival that can counter such moves at the click of a mouse.

So in addition to other initiatives, deploying non-attribution systems can help proactively ensure a company’s brand equity is protected. These types of solutions mask a user’s IP address, preventing anyone from determining their origin. Such enterprise platforms provide many layers of capabilities that even today’s most sophisticated analytic tools will be unable to thwart. Additionally, comprehensive non-attribution solutions also support remote users as well as e-mail and online chat applications.

A company’s brand identity is one, if not the, most valuable asset that all organizations – from health care providers to financial institutions – seek to protect, but the ease of accessing information on the Web has created a false sense of security that can be exploited by business competitors using new and powerful tools at their disposal. The only way to circumvent this threat is to completely protect enterprise user identities through anonymous Web surfing systems, making this a new requirement while online.

Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //