Businesses face a persistent dilemma: how to leverage social media and other online marketing (AKA potential client dating) tools without becoming an obvious target for a malicious actor? How do you attract the attention you want but block the kind you don’t? From the perspective of playing hard to forget, businesses should maintain a respectable presence online with a high-quality website (no typos or obvious stock photos, informative content, mini-case studies that show how you work and the impact your clients appreciate from that work), a Linked-In presence that is professional and current, and judicious social media use that is purposeful. And from the perspective of being hard to get, consider the following tips to discourage the opportunistic bad actor who is looking for an easy target:
Protect your reputation. Keep “public directory” information like business locations, hours, current projects, and special certifications up to date. Check embedded links regularly to ensure that visitors are being directed where you intend and not diverted to malicious or other sites. Perform a periodic Google search for your business. Are there links to your website that are undesirable? I visited an aviation museum website recently to check information on exhibits and was greeted with ads about online chat services. Don’t be the business equivalent of the phone number scrawled on a public restroom wall “for a good time.”
Be wary of using truncated URLs. This cautionary note concerns both connecting to and posting a truncated (shortened) URL. Twitter tries to do the right thing as a messaging service by identifying sites known to contain possibly malicious payload. Bitly allows a user to preview the actual destination link of a shortened URL: just add a plus sign (+) to the end of the link to obtain more information.
Cover your unmentionables. Shortcuts deployed for the convenience of trusted employees can also be convenient for untrusted outsiders. Some companies I’ve met with can readily identify protected information on their servers because of file naming conventions used like “confidential” or “passwords.” Were my intentions dishonorable, those are the files I would look for first! (On a related note for those who might be exploring WIFI networks in their neighborhood or coffee shop, consider how likely it really is that a law enforcement agent would name its open (not password protected) network “FBI Surveillance Van.” Hmmmm.)