One tech tip a day keeps the hacker away: NCSC publishes new guidance on how to keep IP safe in cyberspace

Cyber risks, and the reputational fallout that might ensue, are not a new addition to the woes that keep IP practitioners up at night.

Thankfully there are a growing number of resources to help you tackle this evolving threat. For example, back in May this year, the UK Intellectual Property Office published a blog post with tips on how to keep IP “cyber-safe”.

And last week the UK’s National Cyber Security Centre (NCSC) published two-pronged guidance to help organisations better safeguard their IP, and their business more broadly, in cyberspace. These focus on how to remove problematic material online (takedown requests) and how to improve security by moving away from passwords.

Takedowns

The takedown guidance looks at how takedown requests can be deployed as an effective online brand protection tool. Fraudsters often try to exploit brands and their reputation by impersonating them online (e.g. through phishing websites, false representations of products and services and fake endorsements) to access valuable data and information. Takedown requests are a way to get the relevant hosting company or domain registrar to remove such malicious content from the internet.

The guidance contains a handy five-step guide on how an organisation might go about submitting its own takedown requests. The NCSC also provides some pointers on how to assess and select various takedown providers for organisations that do not, or cannot, run their takedown management in-house.

Moving “beyond passwords”?

The second piece of guidance focuses on improving online security by promoting the use of more robust authentication methods. In turn, better online security makes for happier users and increased customer confidence in a particularly business. As the NCSC puts it: “protect your customers to protect your brand”. 

Relying on passwords alone leaves organisations and users vulnerable to security breaches and password theft (e.g. attackers sometimes use lists of compromised credentials from one organisation to break into another organisation’s accounts, a technique also known as credential stuffing). Yet, in spite of that, password use appears to be on the rise.

The NCSC looks at four different authentication models: multi-factor authentication, OAuth 2.0, FIDO2 and magic links/one-time passwords. It sets out their respective pros and cons alongside typical use scenarios for each. When selecting an appropriate model, the NCSC recommends that organisations consider the method’s security and user-friendliness against the profile of their customers.

Notably, the guidance dovetails the UK Government’s recent call of information on unauthorised access to online accounts and personal data (see our blog here). It is therefore of particular relevance now, coming at a time when policy-makers are looking to shift the cyber-security burden away from individual users onto organisations.