During this webinar, Alycia will explain how marketing professionals can easily add security to their diverse toolkit. This skill helps organizations prepare for incidents and prevent others.
Reputation management falls on marketing. By championing the protection of web content, marketers can uphold their company’s reputation and make the web safer for everyone.
11. Marketing
Nightmares
Hey marketer, want to install this plugin
to increase your SEO rankings?
They all rank organically down here!
Imagine the following scenarios…
16. A hacked site can
also affect your
rankings and
search engine
metadata.
17. Marketers Are Primed to Understand
• Web development languages
• Crawlers and bot behavior
• SSL certificates and HTTPS
• Redirects
• Referral traffic
• IP networking
• Analytics and logs
Tweet #AskSucuri to @SucuriSecurity
20. BLACK HAT
Hackers
Exploit security
weaknesses for
malicious purposes.
BLACK HAT
Marketers
Bully people
into buying their
products.
WHITE HAT
Hackers
Identify security
issues so they can
be patched.
WHITE HAT
Marketers
Shine a light on
a problem and
offer solutions.
21. Privacy and Compliance
• GDPR, CAN-SPAM, CASL – spam laws
• PCI DSS – ecommerce
• “Not Secure” - warnings in Chrome
• SSL as a ranking signal in Google search
Tweet #AskSucuri to @SucuriSecurity
22. SSL does nothing to protect the website from being attacked.
Don’t get me wrong. Encryption is a good thing. It protects passwords, credit card data, form data...
Tweet #AskSucuri to @SucuriSecurity
23. Only a WAF can protect the website from being attacked
(see more on this later…)
Tweet #AskSucuri to @SucuriSecurity
24. Google Safe Browsing Transparency Report
Tweet #AskSucuri to @SucuriSecurity
“Compromised sites:
These are legitimate
websites that have been
hacked to include content
from, or to direct users
to, sites that may exploit
their browsers.
For example, a page of a
site may be compromised
to include code that
redirects a user to an
attack site.”
25. The internet is getting more complex.
Tweet #AskSucuri to @SucuriSecurity
Bots API Plugin Scripts
26. We can hope that white hats
will find the vulnerabilities first.
We can also take steps to
prevent a compromise.
Here’s
Vulnerability!
28. Tweet #AskSucuri to @SucuriSecurity
Monitor and Audit
Your Web Properties
Marketers know logs and monitoring are important.
• Spreadsheets, reports, analytics
• Social monitoring and Google Alerts
• Early detection and responsiveness
Now, apply these same concepts to your website
integrity.
Tweet #AskSucuri to @SucuriSecurity
31. Tweet #AskSucuri to @SucuriSecurity
Scanning for Malware
and Security Issues
You can scan your website with our
free tool:
sitecheck.sucuri.net
We check for blacklists, outdated
software, code anomalies, and
known malicious payloads.
Note: Remote scanners have limited access and
results are not guaranteed.
32. Tweet #AskSucuri to @SucuriSecurity
User Access Logging
Do you have a way to know if one
of your website administrators
suddenly logs in from a strange
location at 3AM?
33. Tweet #AskSucuri to @SucuriSecurity
Guide: How to Use the
WordPress Security Plugin
Sucuri WordPress Plugin
https://wordpress.org/plugins/sucuri-scanner https://sucuri.net/guides/how-to-use-the-wordpress-security-plugin
35. Protect Your Website from Attacks
There are two ways websites get hacked:
Tweet #AskSucuri to @SucuriSecurity
Exploiting a
Software Vulnerability
Compromising
User Access Control
36. Tweet #AskSucuri to @SucuriSecurity
How to Lock Down Access
Stronger Passwords
2FA (Two-Factor Authentication)
Principle of Least Privilege
Tweet #AskSucuri to @SucuriSecurity
37. Tweet #AskSucuri to @SucuriSecurity
How to Prevent
Vulnerability Exploitation
Apply software updates ASAP
• Patches security holes
• Requires you to be a step ahead of the black hats
Activate a web application firewall
• Blocks zero-day attacks and unpatched vulnerabilities
• Mitigates DDoS attacks
• Backed by security researchers
• Bonus content delivery network (CDN)
Tweet #AskSucuri to @SucuriSecurity
38. Tweet #AskSucuri to @SucuriSecurity
Creating an Incident
Response Plan
• Backups of everything
• Documented emergency response plan
• Roles and responsibilities
• Vet any vendors before you have an issue
Tweet #AskSucuri to @SucuriSecurity
39. Tweet #AskSucuri to @SucuriSecurity
Using a backup to
reverse a hacked site?
Make sure you have reliable backups
• Automatic
• Secure off-site storage (never on the same server as your website)
• Redundant copies
• Proven and tested recovery
Be sure to restore a backup from before hacker gained
access, not just before the symptoms showed up.
• Backdoors are often placed weeks in advance of the payload.
• If you restore a copy with a backdoor, you’ll be reinfected.
• 71% of hacked websites contain backdoors.
Tweet #AskSucuri to @SucuriSecurity
40. Who you gonna call?
• Can your IT team identify the latest PHP or JavaScript malware?
• Who is responsible for getting a hacked site fixed?
• How will you deal with downtime or scared customers?
• Do you know which professionals you would call in a pinch?
• Sucuri offers free DIY guides for cleaning hacked sites and removing blacklist warnings.
41. Tweet #AskSucuri to @SucuriSecurity
Dealing with
Google Blacklist
• Blacklisted sites lose at least
95% of their traffic.
• Once your site is clean, you
can request a review in
Google Search Console
(Sucuri does this for you).
42. Tweet #AskSucuri to @SucuriSecurity
Welcome to the club!
• Marketers shouldn’t do this alone, but they should speak up about it.
• By working with the IT counterparts within their company, marketers can
greatly improve the security posture of the brand.
• Marketers should champion these initiatives and get them prioritized by
their business development team.