Search Go hack yourself with Detectify

A web security blog from Detectify

5 Cybersecurity Tips for Marketers

November 8, 2017

Cybersecurity used to be the domain of small, highly specialised teams working with security behind closed doors. Those days are gone and security is everyone’s business.  You might say “I’m just a marketer,”  but security is a marketing opportunity and it’s up to you to make it work for your brand. But don’t panic! We’ve gathered 5 simple tips that can help you improve your security today.

Cyber security for marketers

1. Give your passwords a once-over

It’s 2017 and everyone’s still talking about passwords. With good reason! Short, weak passwords pose a serious risk, especially if you tend to reuse them. If you use the same password for, say, five services, and your login for one of them gets phished or leaked, attackers can easily access other services too.

Take 15 minutes to check if you are reusing any passwords and change them if that is the case. If you’re juggling many different marketing tools, consider using a password manager that allows you to generate and store secure passwords. Nothing is 100% hacker-proof and password managers have disadvantages, but they can still be considered the more secure alternative.

2. If 2-factor authentication is an option, use it

Many services offer 2-factor authentication to add another layer of security to the login process. While using 2FA might not be as convenient as simply typing in your password, the extra step is worth it!

Services that have a huge impact on your brand (think email marketing tools and your company’s social media channels) deserve to be as secure as possible to ensure they don’t end up in the wrong hands. Set up 2FA for all the services you are using – this includes social media accounts.

3. Update your CMS and enable auto-update

If you work with content marketing, you are probably using some sort of content management system to share your awesome content with the world. Because CMS updates often come with security patches, it’s important to make sure you’re running the latest version. Once security patch notes are public, hackers can easily see what older versions of the CMS are vulnerable too and then pick their targets accordingly. For some examples of vulnerabilities lurking in old software, take a look at our research on vulnerable Magento sites >>

We highly recommend enabling auto-updates in order to secure your site and ensure your CMS is always protected with the latest security patches.

Read our article on WordPress auto-updates >>

4. Beware of phishing

Unexpected email from your boss asking you to transfer a large sum of money? Message from the post office with a tracking link for a parcel you don’t remember ordering? Phishing attacks can be extremely sophisticated and range from targeted CEO fraud to widespread phishing schemes.

It is often difficult to tell whether an email is genuine a phishing attempt or not, so the best security precaution you can take is to simply avoid clicking on links and downloading attachments. Don’t be afraid to double-check with a colleague if you’re not sure an email is genuine. It’s much better to come across as a slightly paranoid security geek (trust us, we know all about this) than end up opening the door to attackers. To help you recognise different red flags associated with phishing, we have written a guide on how to identify a phishing email >>

5. Make sure your campaign site URLs look trustworthy

Campaign pages help you make the most out of seasonal search trends, capitalize on the latest developments in your industry, do A/B testing, and much more. Have you ever thought about whether your campaign sites come across as trustworthy? For example, company-blackfriday-2017. com looks far more suspicious than com. Unsurprisingly, it is also far less secure. The latter is a subdomain of company. com while the former could be bought by just about anyone, including scammers. For a great illustration of this problem, read up on how a suspicious-looking campaign site played a part in the aftermath of the Equifax breach.

In short, setting up campaign pages on subdomains is a good idea. Not only does it protect your website visitors from scammers and help build a trustworthy brand, it also sets an example and shows businesses and consumers that genuine campaign pages don’t have to look dodgy. It’s a win-win situation!

Want to check your website for vulnerabilities? Sign up for a free Detectify trial >>