Unfortunately, the more you grow your online presence, the more you are a target for cyber-criminals, hackers and other disreputable individuals.
2017 was a year when a number of high profile cyber-security disasters hit the news. In this current climate of fear, it’s understandable you might feel inclined to hold back on your marketing due to the risk of attracting unwanted attention.
Alternatively, you can learn about the potential risks that await you and do your best to keep yourself protected while moving forward.
Here are some of my tips for executing your marketing strategy in a safe and secure way.
WordPress is a platform that has become synonymous with business blogging, and it’s clear to see why. WordPress enables you to setup and maintain a fully functioning business blog with minimal technical skills – hence the platform’s popularity.
Unfortunately, WordPress is not impregnable and there have been numerous hacks in the past. In fact, statistics show that 73.2% of the world’s most popular WordPress installations have vulnerabilities which can be found using the software.
For this reason, most hackers deploy automated bots in order to find websites with weaknesses.
Once hacked, your WordPress site can be used to redirect visitors to other sites which provide revenue for the hackers, or viruses can be deployed in order to infect the hard-drives of your visitors and steal valuable information.
Ransomware is highly troubling and often transmitted through hacked sites. This kind of virus will encrypt all of your files and then force you to make a payment before decrypting them.
Use these tips to keep your WordPress site secure.
Keep Everything Updated
If you’re running an outdated version of WordPress, the list of vulnerabilities is already public knowledge. Hackers can use this information to find easy targets, so don’t allow your site to be one of them.
Fortunately, since WordPress 3.7 updates are automatically added, so this risk is reduced.
Likewise, all of your plugins and themes should be updated regularly as well, since they can provide a gateway to your personal information if you’re not careful. For this reason, you should not only deactivate but also delete plugins and themes that you’re no longer using.
Check out this useful article for keeping WordPress updated.
As a final preventative measure, the following piece of code will remove the WordPress version number from your site’s head – so hackers can’t ascertain if you’re using a dated version:
Use Complex Passwords
When generating WordPress (or any) passwords, I like to use the CLU formula. CLU stands for complex, long and unique.
Some of the worst common passwords in a 2015 study included: “qwerty,” “123456,” “baseball” and “dragon.” Perhaps the last one was due to the popularity of a certain television series in recent years.
Don’t pick anything obvious like this. Use a combination of cases, letters, numbers and special characters when choosing a password.
You may have heard of brute force attacks – they’re extremely common in cybercrime. Using automated software, hackers can roll through countless password combinations until they finally crack the code.
To prevent against this, it’s good to have an additional authentication step to ensure it’s a real person logging into your site instead of a malicious program.
A common form of two-step authentication requires a standard password and then requests a mobile number in order to send an additional code that the user must type in to log into their account.
I highly recommend installing Google Authenticator in order to keep your WordPress site secure.
As an additional preventative measure, try installing Login LockDown. This useful plugin allows you to limit the amount of login attempts from a specific IP address within a certain period of time – ensuring that your logins come from real people instead of software.
Rename Your Login URL
Because most WordPress attacks are automated, hackers are looking for the default WordPress login and admin URLs: wp-login.php & wp-admin.
If your login URL is uncommon, this is enough to prevent the vast majority of brute force attacks from occurring.
Try changing your login URL to something original like new_site_login.
You could also change your admin URL to new_site_admin.
As a final step, consider contacting a cyber security expert and booking a penetration test. This will reveal any vulnerabilities that you’re not aware of and you’ll be given a list of actions to implement in order to improve your site’s security.
Unlike a WordPress site, social media attacks are often personal rather than automated. A malicious ex-employee may target your social media accounts as a way to discredit your brand.
In 2016, scams on social media increased by 150% – so it’s important to stay vigilant.
As always, I recommend using the CLU formula for creating your social media passwords. However, it’s also a good idea to have different passwords for each of your accounts.
Particularly in the case of a personal attack, one account breached is a headache, but four is a nightmare.
Also, be sure to fill out your security answers as this adds another authentication step in order to access your account.
If you log into social media on your mobile devices, make sure that your phone is well protected.
Ironically, security software pioneer, John McAfee, recently had his Twitter account hacked. A hacker was able to compromise his mobile phone and intercept the security code during the two-step authentication process.
Limit Your Employee’s Usage of Social Media
Many companies have fallen victim to employees posting inappropriate content under the brand’s official name. Sometimes this can be funny, but more often than not, it erodes the integrity of your brand – as Chrysler found out.
Across the pond, an employee of the British Ministry of Defence accidentally posted their disdain for London’s new architecture using the official @DefenceHQ Twitter account.
Twitter users also poked fun at the fact a governmental department incorrectly used the word ‘hung’ instead of ‘hanged.’
Also, ensure that your employees double check that they’ve logged out after posting content on your brand’s channels.
Be Careful With Sharing Personal Information
Countless soccer players have been robbed because their fixture lists are public knowledge, therefore thieves know when their houses will be unoccupied.
Especially if you’re posting as a personal brand, know that whenever you promote your latest tour or tradeshow appearance – thieves can use this information to their advantage.
Don’t be vocal about leaving your office or home for an extended period of time if you don’t have adequate security measures. This sounds paranoid, but it’s better to be safe than sorry.
Also, remember not to post other sensitive information such as your phone number or financial details. The more information criminals have, the easier it is to steal your identity.
As a final preventative measure, consider using ZeroFox to scan your social media profiles for fraudulent activity and malicious code.
According to a study conducted by Symantec, 59% of consumers said that they were concerned about the safety of their personal information.
Having your mailing list or account information stolen will have disastrous consequences, as healthcare firm Anthem found out. In addition to accessing Anthem’s entire mailing list, hackers also gained access to social security details, income data and street addresses.
Your customers have entrusted you with their details, so treat email security with extreme importance.
It’s worth investing in a premium email client. The best packages offer three-layer security, protecting:
- The connection to your provider.
- The email messages.
- Your archived messages.
Encryption prevents eavesdroppers from intercepting messages and extracting vital information, such as financial details. The more layers of security you have, the better.
SendInc is a reputable web-based encryption service for sending secure emails.
Outbound Spam Filtering
Everyone is aware of inbound spam filtering – this protects your inbox from annoying marketers and devious phishers.
On the other hand, outbound filtering ensures that your IP account doesn’t end up distributing spam because hackers have compromised your inbox.
With a filter, you can identify individual users on your network and detect when spammy outbound emails are being sent. This is important in terms of security, but also to avoid getting your IP address blocked from recipient mail providers.
A good filter will analyze the long-term behavior of your users and immediately alert you when an anomaly occurs.
As a final word of warning, be cautious when outsourcing your email marketing.
63% of data breaches are due to poor outsourcing decisions. Just because you take the security of your clients seriously doesn’t mean an external company will – so scrutinize before you hire and ideally, keep your email marketing in-house.
Do you have any other tips for performing digital marketing in a safe and secure manner? I’d love to hear your responses in the comments below.
About the Author: Aaron Agius is an experienced search, content and social marketer. He has worked with some of the world’s largest and most recognized brands, including IBM, Coca-Cola, Target and others, to build their online presence. See more from Aaron at Louder Online, his blog, Facebook, Twitter, Googl