Category Archives: Online Brand Management

Information Security for Online Gurus

Everyone who creates a blog or seeks to develop themselves as a brand hopes to one day become an online guru. The type of person who’s every tweet or new post becomes the topic of conversation and considered online gospel. But as either Socrates or Spider Man’s Uncle Ben (depending on your preferred reference point) would say “with great power comes great responsibility”. If you are one of the industrious ones who has built up a following this is your information security wake up call.

Online Gurus YOU ARE RESPONSIBLE for the information security health of your communities.

This is a responsibility that should not be taken lightly or be easily dismissed. Allow me to explain. You have obtained a following as a thought leader by standing out and delivering value to your community. Your effective branding has placed you in a position of trust where your audience hangs on your every word and eagerly opens your latest email and any links you may include.

This makes you a perfect target for savvy online social engineers who do their research and are attempting to exploit you and your community for their own financial gain.

Your email, website, auto responder, and social networking sites are your identity in the online world. If any of these accounts become compromised they could serve as an effective springboard to cause devastating harm to your entire online community. This could potential cause a ripple effect destroying the trust you have worked so hard to build up along with a primary source of your income. Social engineers can ruin your relationship with your customers causing both of you financial loss and unneeded anxiety in the process.

Is your information security plan sufficient to protect your business and the community you have worked hard to build?

There is no silver bullet to keep you and your community safe from information security risks. Here are some general information security tips that you should have built into your information security plan:

  • Be aware and vigilant that due to your influence you are an attractive target
  • Proceed cautiously opening unsolicited links from untrusted sources (or consider having a separate device to perform such activities that is totally separate from the device you use to manage your online presence.
  • Educate your employees on the risks of information security and the threats to your business. Awareness is power.
  • Use separate passwords for your different accounts to minimize the damage done if any one of your accounts were to become compromised. If you are looking for ways to simplify your password management process look no further.
  • Keep your WordPress or other CMS systems current with the latest patches
  • If you use a customized CMS consider having a professional application security review conducted
  • Ensure your site backups are adequately secured to prevent unintended information leakage or security problems
  • Carefully consider what type of system access you give to virtual assistants and ensure you have effective processes for removing account access when the situation calls for it.

This is not meant to be a comprehensive list but only to serve as a reminder of the important role that you play in helping to ensure the security of your online community. Your reputation and business may ultimately be at stake.

Be sure to check out my detailed information on social engineering to get some good tips on how to defend your reputation and business from this important information security risk.

Web Filtering is costing you money – Get your web traffic back now

Web Filtering software is widely deployed by all major companies to block material on the Internet that they deem to be inappropriate. The definition of what is inappropriate varies widely but if it is likely to cost a company money from a lawsuit (think sexually inappropriate material) or is considered a waste of employee time (think gaming sites) then it is a good candidate to end up on the blocked list. Some of the major categories of sites blocked by most filters include: adult oriented material, gambling, hacking, illegal activities, p2p file sharing, racist material, and sites that have been flagged as containing malware.

So what is the problem?

Web filtering is a complex task and while it hits more than it misses it experiences both false negatives and false positives. A false negative represents sites that it failed to block that should have been blocked while a false positive is a site that has been inappropriately classified as being a site of concern. The biggest risk to your site from a web filtering perspective is that you could be unfairly categorized as an inappropriate site costing you precious traffic in the process. If your site is being blocked by some of the larger web content filtering software packages you are costing yourself a lot of corporate web traffic and that traffic ultimately means money. Many of your customers might be making purchases or providing eyeballs during work hours and losing out on this opportunity should not be taken lightly.

What should you do to protect your business from web filtering run amok?

1. Listen to your audience/customers – If you hear reports about your site being blocked at someone’s work location or local ISP take the matter seriously and follow-up promptly. Ask them to provide you the name of the web filtering company if possible and what filtering category your site violated to aid you in your follow-up.

2. If you have received feedback about your site being blocked and you believe it is inappropriately blocked you need to take action by contacting the web filter vendor to get your site cleared for business. When contacting the web filtering companies remember to be polite and state the reasons your site does not belong in the blocked category and be proactive by suggesting a more appropriate classification for your site.

Reporting a web filtering issue to the major vendors:

Barracuda Networks

McAfee

Symantec

Websense

3. Scan for malware using Google Webmaster Tools – If your site contains malware (even without your knowledge) it is a prime candidate to end up on a web filtering black list. Be proactive and scan for malware using the Google Webmaster tools malware scanner to validate that you are protected.

4. Run McAfee’s free domain health check to get a free report on the current status of your website from their point of view. They are a large player in the Web Filtering market via their Total Protection Suite so you want to make sure they have not detected any problems. My site did not generate a broader report when queried but I was able to verify that it was considered a minimal risk site and was classified in a web category that is unlikely to have problems with any web filter. Have you checked your site?

5. Do not take no for an answer. If the company refuses your polite request for a reclassification do not reluctantly accept your lot in life. Escalate the issue, follow-up again and let me know because I plan to start a space for people that are having problems with various web filters and would love to be of assistance.