In the technology world there’s a saying: no one knows you’re a dog on the Internet.
We use this saying in security to make the point that the Internet has a high degree of anonymity. While the question of whether that level of anonymity is good or bad is for another discussion, there is another aspect to it that is important for people focused on branding and image online. On the Internet it’s hard to be sure that a site or social media channel really is who it claims to be.
It’s a problem we’re all long-familiar with. In the early days of the Internet you had the scramble for domain names and the problem of “cybersquatting”, when someone would secure the domain name that a recognized brand wanted or needed. And as social media channels have come online, we’ve seen the problem repeat again and again.
But this is more than a problem at the start of the web or with new social media channels. Fake sites and social media channels are an ongoing problem for many companies. Some sites like eBay constantly battle fake sites set up to defraud their customers and get them to surrender critical information by abusing the trust that their customers have in that company.
Even if you’re not a high value target like eBay or a bank, you can still face challenges with people finding the sites and channels that are actually yours. Even without malice, competitors can benefit from the confusion your customers may have in finding and verifying your actual sites.
One approach to resolving these problems is to go after cybersquatters and look-alike sites and channels. This is a valid approach, but it’s a slow and costly one. It’s also not guaranteed success. For instance, when dealing with a look-alike site that is hosted in another country you may find the hosting company and legal authorities there have no interest in helping you. In some cases they won’t even respond. And the effectiveness of this approach can be mixed. For aggressively scammed sites, going after fake sites is really an ongoing game of “whack-a-mole”.
That’s not to say you should take this approach. But it is to say that you should look first at another approach and consider takedown actions as a complement to that. The best approach to this problem is to help your customers establish a chain of trust to your online presences by giving them a single, authoritative, trustworthy resource on your website that they can consult and lists your online presences.
Building a webpage that lists all of your online presences is simple enough. But a key thing you should ensure you do is make sure your site has a “digital certificate” that users can check when they visit this page.
You may be familiar with a digital certificate to provide encryption to help protect critical information, particularly credit card numbers. What many people don’t know is that digital certificates also act as a driver’s license or passport for websites, giving a visitor something to check to verify that the site is who it says it is. Over at the Trend Micro Simply Security blog, I’ve talked about how healthcare sites not using digital certificate is creating an environment ripe for scammers. The same risk applies to your business or organization. Even if you don’t need the encryption capabilities of digital certificates, you should still consider one for your website so your visitors can be sure they’re really visiting your site. I’ve also talked about how a site visitor can use a digital certificate to verify the site. While it’s talking about this in the context of healthcare sites, the information can apply to any site using a digital certificate.
With a digital certificate in place visitors to your site can check and know that the site really is yours. With the trust that they really have found your actual site, your visitors can then consult the page you’ve put up that lists your actual presences elsewhere such as on Facebook, Twitter, Pinterest, and YouTube.
Creating this page is important because identify verification on social media sites is spotty at best.
To their credit, Google has the best option for you to verify your account with them when using Google+. Pinterest provides a means to verify your account using your website. You should take advantage of these tools.
Facebook and Twitter do offer “verified” profiles but the challenge is you can’t ask to be verified. They will only verify profiles at their choice and discretion. For most of us, this means that we don’t have the ability to get a verified profile. LinkedIn lags behind even Facebook and Twitter and does not offer any profile verification for people or businesses. It’s for these and any other services that your authoritative, trustworthy webpage is critical. Since those services don’t offer any verification options, the information on your site verified by your digital certificate takes on the role of verifying these online identities for you.
An additional benefit to this resource page is that it can enable you to provide de facto verification for any online presence. As we see, verification is something that typically comes later in the life of a social media channel so having this page gives you a way to adopt leading edge technologies without sacrificing security.
Putting a digital certificate in place is something that your IT staff or hosting company can help you with. Because of the complexity that can be involved in putting a digital certificate in place, this is another argument in favor of using a professional hosting service if you don’t have a professional IT staff in-house.
Online identity is one of the areas where Internet security lags behind what’s needed. Anyone who manages a major site like eBay can attest to the ongoing headaches this situation brings. Even if you’re not a major site like this though, being proactive and building an authoritative, trustworthy page where people can verify your online presences makes good sense. By educating your customers and visitors where to go and how to do this early, you train them and instill in them practices that will serve them and you well should you later find people attempting to capitalize on the weaknesses around online identity to your detriment. An ounce of prevention here now really can be very helpful in the future.