In Southern California, there’s a guy that goes by the handle Bronyh8tr who is awake. Displeased with the latest updates to your brand’s product, he’s been messaging with a few of his friends, and they’ve just pointed a couple of hundred bots at your corporate site. They’re all executing a script that runs through the most commonly used passwords.
There are a couple of things that might happen the next day. You might wake up to a phone that’s dead. It’ll take you a while to figure out that it was because you didn’t plug it in properly so it wasn’t charging overnight. This normally wouldn’t be a problem, but in this case, the battery died early after you received hundreds of emails and Tweets from consumers and clients asking if your site had been hacked and why all your articles were about the 1996 Olympic table tennis championships.
When you get into the office, you log into your site only to find out that your password isn’t working. You panic, but then you check your email. In your inbox there’s a series of alerts and a notification that your account has been suspended due to a brute-force attack. You log in through the admin account using your two-factor code and reset the account and block the suggested range of IPs that the attacks came from.
There’s a voice message from your VP of operations. He’s glad that you asked to deploy a B2B software solution to the site—all the IPs from the attacks have been blocked. He’s checked CloudFlare to make sure it was updated and working properly. Your accounts will require two-factor verification and will prompt you to reset your password just to be safe.
Are you making an effort to tell your stories in a secure environment?
It doesn’t matter if the answer is yes or no. The most important step is to think about the security of your content. If you don’t have the right B2B software in place, anyone can compromise your website. They can replace your articles with content promoting a radical cause or attacking your company. Or really whatever they want. Never forget the Mcdonalds, Burger King merger.
Using the right content technology will ensure that you can share the information that connects you with your customers. You don’t need to know any code to go to a website, find a couple of user names, and start going through the most common passwords. We’re lucky that there are many companies and groups that are aware of these threats and create solutions for them that brands can take advantage of.
Make sure that the location where your content is being produced is secure. Most documents are not handled securely. Like many brands, you may be collaborating by sending content over email (not secure).
You can make do with Google Docs, but if you want a scalable and manageable solution, you need to update your content technology with a content platform. The best security practice for creating content is to have it remain within the platform—eliminate any steps that take the content out of the platform. If content needs to be reviewed by another department, do this in the platform. Make sure minimum security recommendations are required by the platform, which should only accept complex passwords. Also make sure two-factor verification is available; this allows users to authenticate their accounts with a password they know and an item they possess—a key step to content security.
One of the easiest targets for a company is its publishing location. The site tends to be the most visible (people have even soft-hacked sites just to see how secure political candidates’ sites are).
WordPress, Joomla, and Drupal are all good options. Whatever you’re running, make sure that you’re using a common option. This makes it easier to find resolutions to problems, makes training easier, and also vastly increases the options for plugins.
Using WordPress as an example, plugin management will make the difference between a compromised site and security. Do not use too many plugins—only add vetted plugins that are produced by a trusted developer and are commonly used. Wordfence is a perfect example of this—a security plugin that “continuously prevents, patrols and protects your WordPress websites against today’s ultra-advanced cyber attacks, hacks and online security threats.”
Just as you don’t want to send emails with your content while you’re producing it, the same goes for publishing. Does your content management platform integrate with your CMS of choice? If they don’t integrate directly, do they have feed options that you can pull the content from?
When you’re reviewing your security options, you’ll notice that a great deal of the B2B software and updates that keep your content safe are developed by communities of programmers. They’re also shared among other content marketers. We’d love to hear what works for you and what you’re doing to stay secure. Tweet at Skyword or leave us a note in the comments.