Most online marketers think of themselves as T-shaped individuals. The theory behind this concept is that individuals possess a wide range of skills, with some abilities running deeper than others.
Website security awareness is in short supply and we need more champions — especially among small and medium-sized businesses. Digital marketers are in a prime position to add security know-how to their diverse toolkit.
Source: The T-Shaped Web Marketer by Rand Fishkin
It makes sense for marketers to want to secure their websites. A hacked website is a reputation management nightmare that can destroy user trust instantly. Imagine experiencing any of the following scenarios on your website:
- Downtime due to Distributed Denial of Service (DDoS) attacks.
- Blacklist warnings by major search engines and antivirus vendors.
- Malicious redirects sending mobile visitors to porn websites.
- Malicious advertisements, phishing pages, and drive-by-downloads.
A hacked site can also affect your rankings and appearance in search engines. The most popular type of website malware is SEO spam – a malicious takeover of your search engine metadata. No marketer wants visitors to see advertisements for porn or pharmaceuticals while Googling their websites.
This year at MozCon (a popular SEO conference), Jono Alderson from Yoast presented a slide that expanded this concept. Among the typical marketing disciplines he included, particularly one stood out to me: Security.
Source: The Democratization of SEO by Jono Alderson
Shared Applications of Psychology and Tech
Digital marketers often grasp a range of technical concepts that prime them for understanding website security, such as:
- Web development languages
- Crawlers and bot behavior
- SSL certificates and HTTPS
- Referral traffic
- IP networking
- Analytics and logs
Another similarity between the two fields is that, in both marketing and security, there are white hat and black hat practitioners.
A white hat hacker helps identify security issues that can be patched. They are the good guys. The same goes for white hat marketers who aim to educate and provide value. Black hats, on the other hand, aim to exploit weaknesses in software, algorithms, and psychology. They often do this purely for monetary gain, with little regard for the damage they cause.
Understanding this dichotomy in malicious and benevolent intentions can help marketers assess opportunities to improve the security posture of their online brand identities.
Reputation Management and Compliance
In 2018, digital marketers had to deal with some new developments in security and compliance. As such, they are already familiar with the technology and processes required for a robust security plan.
The groundbreaking privacy laws of GDPR went into effect on May 25th. For marketers with users in the European Union, these laws impacted how personally identifiable information (PII) is collected and stored.
It’s worth noting that this isn’t the first time marketers have been involved in security and compliance. Marketers should also be familiar with the CAN-SPAM laws in the United States and CASL in Canada. Anyone who works with healthcare patient data in the United States must be HIPAA compliant. In the world of e-commerce, the Payment Card Industry Data Security Standards (PCI DSS) keeps online buyers safe.
On July 24th Google Chrome began showing “Not Secure” warnings in the address bar if a website uses HTTP instead of HTTPS. This is part of Google’s noble effort to encourage websites to have SSL certificates that encrypt data sent between the visitor and the website.
One Small Leap from SSL
The use of HTTPS has also been a confirmed ranking signal for Google search results, leading marketers to champion the cause within their organizations.
There is a caveat here that isn’t often discussed: SSL does nothing to protect the website itself from being attacked. We have written a whole blog post about this.
Don’t get me wrong. Encryption is a good thing. Without SSL, all of the passwords, credit card data, and personal information in transit between the visitor and the website would be accessible by man-in-the-middle attacks. The issue is that labeling sites as “Not Secure” should not be limited to whether or not that website uses HTTPS.
I’m not saying that Google isn’t doing anything. In fact, their WebSpam team has their hands full dealing with hacked or malicious websites. According to the Google SafeBrowsing Transparency Report, 50,000 websites are labeled as dangerous every week. This means they are blacklisted from being accessed via search, and visitors will see a big red warning page.
Out of all of the websites that Google blacklists, the majority are legitimate sites that have been hacked, rather than intentionally malicious attack sites:
These are significant numbers, but they only scratch the surface. This is just what Googlebot is able to detect.
The influx of APIs, extensions, and bad bots are making the web application security landscape more complex than ever. Hackers will continue discovering new flaws in web applications, and we can only hope the white hats find them first.
This is a problem that marketers should certainly be aware of and prepared to deal with. Security is everyone’s responsibility; reputation management is inherently tied to trust.
The internet needs intelligent and passionate people to raise awareness, and marketers are resourceful enough to make the case.
On October 31st, I will be hosting a webinar on Website Security Primer for Digital Marketers. Sign up and participate in the webinar for free.
In our next post, we’ll discuss exactly how marketers can use their existing skills and tools to improve their website security posture.