Combat Online Crime – Five Ways to Improve Your Company’s Cyber-Hygiene

Cyber-crime is a growing problem that has begun to invade almost every part of the internet. There are numerous ways criminals can attack individuals and businesses online, from traditional fraud or theft, to leaking personal data and hijacking websites through ransomware or distributed denial of service (DDoS) attacks. At ReputationDefender, we help businesses shore up their defenses against these threats which can damage the company’s reputation and leave its leaders struggling to regain control of personal data.

Unfortunately, not every battle is winnable. There are many targeted online attacks, called Advanced Persistent Threats (APT), which are carried out by a massive organization (often a nation-state) with a lot of resources at their disposal. The latest big DDoS attacks also have the ability to knock out huge swaths of the internet for a short period of time, and they are very difficult to defend against.

Most Online Crime is Preventable

However, the majority of cyber-crime instances occur as a result of human error or systems that aren’t secure. People who fail to practice basic hygiene are more likely to get sick or spread disease to others and the same is true of online viruses and malware. Companies that succeed in blocking most access channels will send hackers on to easier targets. Basic cyber-hygiene won’t protect against every threat, but it will make it much less likely that your company will be one of the unlucky ones.

  • Education – A chain is only as strong as its weakest link and in this case that means the employee with the least amount of tech experience. Reduce the risk by educating everyone with computer access in basic security protocols, such as password strength and phishing scam recognition. Make sure anyone with home access is running security software.
  • Use Available Resources – There are a number of online sites that have a lot of information on cyber-security. In the UK, the Get Safe Online site offers valuable resources for companies and individuals who want to protect their privacy. Do not assume that you know everything; read the experts’ advice and then share it with other staff members.
  • Update Regularly – Microsoft, Adobe and other office software offer regular updates and security patches. It is extremely important to make sure someone is in charge of installing these; they’re often designed specifically to close vulnerabilities that criminals have learned to exploit.
  • Invest in Security – Viruses and malware are constantly changing. At some point, technology from ten years ago simply won’t protect against modern threats. Up-to-date security might seem like a big investment, but it’s nothing to what the company will lose through direct stealing or reputation damage if it’s hacked.
  • Perform Internal Audits – Security issues do not go away if you ignore them; they get worse. It’s worth hiring a professional to perform regular audits so you can diagnose the company’s weakest areas and work on fixing them.

Ultimately, combating cyber-crime will take a concerted effort amongst international and governmental agencies to track down these individuals and eliminate all the different ways they can attack. However in the short term, companies can accomplish a lot by making sure their own security practices are first rate.

Why Do I Need to Know About SEO?

With Google’s algorithmic changes aimed at putting the user experience first, page optimization has become increasingly focused on content. Manipulative black-hat techniques, such as link generation and keyword stuffing, have fallen into the background, whilst well-written content and traditional marketing techniques have become key.

Yet the latest slogan, “Content is King”, undermines the important role technical SEO still plays in ranking a page. It’s true that well-written, original content is a must for today’s algorithms, yet with everyone on the internet focused on creating quality material, expert page mark-up, crawlability and optimal load-speed, these features are also needed to rank a page high on the SERP. At Reputation Defender, we help brands to build their reputation using all aspects of SEO; from quality content creation to running technical audits that analyze how the page is performing.

A Basic SEO Checklist

SEO isn’t something companies can just ignore. A thorough SEO check-up is a necessary part of building a website, since all the time and money will be wasted if Google can’t index the page and rank it where a potential customer will see it. Even for a small website, an SEO check-list constitutes a comprehensive task. Here is a basic overview of some of the most important areas:

  • On page SEO – This includes basic attributes such as the page title, meta description, headings, keyword usage and keyword density. A sitemap will help Google and other search engines navigate and index the website, while a Robot.txt file tells bots which pages to crawl. Text to code ratio, page requests, CSS and Google analytics tags must also be analyzed.
  • Speed Test – Page load speed is an important ranking factor for Google, so SEO needs to consider HTML page size, (around 33 kb if possible) and use Gzip code compression if necessary. Pages should contain a caching mechanism to load faster; the use of flash items should be avoided if possible since this will slow the page down. A Site Loading Test also needs to perform to verify load time.
  • Server and Security – Check URL and IP canonicalization to ensure that each page has its own unique URL and IP. Analyze security issues such as directory browsing, harmful botnet access and server signatures. The website should be “on the green side” for safe browsing, otherwise it could infect customers with a virus, making them unlikely to return.
  • Mobility – To succeed on today’s internet, websites need to be optimized for mobile devices and include Social API’s for major platforms (Facebook, Twitter, Google+ etc).
Auditing a Site

There are many reasons why a page that seems to be well-optimized may not be ranking. It could be due to content, website traffic, incoming links or other off-page factors, but this will be impossible to prove without first checking technical aspects related to indexing and ranking. Bad URL’s, incorrect internal linking, duplicate content or Schema marking are just a few of the reasons pages could fail to rank on the SERP.

Most SEO’s use software to perform a technical audit. These programs can crawl the webpages in a similar way to Google bots and highlight the issues that could be causing a problem. These are three choices site auditors might want to consider:

  • Screaming Frog – One of the most popular programs that is easy to use and free up to 500 pages.
  • ISS SEO Toolkit – A Microsoft based program that is slightly more in-depth for those possibly with more advanced SEO training.
  • SEMrush Site Audit – A valuable tool for analyzing site changes.

Software choices often depend on personal preference as well as the size and complexity of the site.

Technical Requirements of SEO

Today’s SEO’s need a lot of different skills, so good work usually results from collaboration between different members of a team. Writers and content editors need to develop articles that will draw in clients and encourage them to browse further through the website. Marketers promote products, construct a company image and establish connections. But without technical SEO analysis all these efforts will be ineffective at promoting content and building a positive online profile.

These are just a few of the topics modern SEO needs to be familiar with to analyze a page and improve SERP ranking:

  • DOM (Document Object Model) – A structured representation of a web-page that enables it to be read by scripts and programming languages.
  • Structured Representation of Data – An organized way of representing data that relies on protocols laid out on schema.org.
  • Critical Rendering Path – The method by which a page loads and is constructed or rendered into the browser.
  • Log File Analysis – Using the record of server requests to analyze how the site is being crawled by search engine bots.
  • JavaScript Framework – A popular website program that presents challenges for crawling and SEO.
  • HTTP/2 – A new web protocol that Google has been developing. It is likely to replace HTTP/1.1 which has been in effect since 1999.
Managing SEO Needs

Company founders have a choice to go it alone and become an SEO expert as they develop their website, or to invest in professional help. Time and financial constraints often create a part, as well an entrepreneur’s natural aptitude for this kind of work. However, as the company grows, the workload will almost inevitably become too great for one person and most organizations will need to invest in a professional team with the skill set to handle all aspects of SEO. Whatever the size of the company, no one should ignore SEO. It’s a vital part of building an online reputation and establishing a credible, professional image on the web.

How to Turn Negative Reviews Into an Asset

The importance of customer generated publicity is growing all the time. According to a 2015 survey by BrightLocal, 92 percent of people use online reviews to learn more about a product or service, up from 88 percent only a year before. More and more people now base their buying decisions on comments from other customers, so it’s vital that businesses have numerous reviews left by genuine clients.

At Reputation Defender we work with companies to manage their reputation and create positive online content. There is nothing more valuable than testimony from a satisfied customer, but unfortunately not all reviews will be positive. Every business will face negative comments from a dissatisfied customer at some point, so it’s not a matter of if but when. Business leaders need to be ready with a plan in place to deal with negative publicity when it appears.

Stars are Important

Star rating is the number one factor that consumers use to judge a business, so a one or two star rating can really hurt a company that doesn’t have many reviews. On the other hand, it will be much less noticeable if there are already a high number of four or five star reviews. Surprisingly, a few unenthusiastic comments can actually help. Customers will tend to question the reliability of the reviews if each one has a solid five star rating.

Making Reviews Work for Your Company

Here are six steps to make reviews work for you company:

  1. Be proactive about customer service – Handling dissatisfied customers before they have a chance to leave a review is the most effective way of preventing negative comments. Online rants often come as a result of customers feeling ignored or overlooked, so if something occurs to disrupt normal service, or you know a customer is unhappy, make sure compensation is offered. A coupon, a discount on a future visit, or even a full refund can be worth it if it keeps the company’s reputation intact.
  2. Make it easy to leave a review – Generating a high volume of reviews is the best way to ensure a four or five star average. If you focus on excellent customer service, most people will have a positive experience and be happy to leave a testimonial, but they may not think about it unless you remind them. Send out review invitations by email, or on a receipt. Offer prizes or contests for people who leave comments. If you have regular customers, don’t be afraid to ask them directly.
  3. Set up an alert – Even with your best efforts, there will always be some negative reviews. Register for a Google Alert, so you will know right away when someone leaves a comment about your business, negative or positive. This will give you more time to read and respond to the comment before it has a chance to go viral.
  4. Respond appropriately –Mature responses show you can take constructive criticism and help to convince other readers that you’re not the one being unreasonable. Address the issue directly, apologize and explain what has been done to fix the problem. This makes readers feel you listen and are trying to improve. It’s also important to respond to positive reviews, so everyone leaving a comment knows they are appreciated.
  5. Take executive action when necessary – Responses that come from high-level management will always be more effective. Not every executive has time to respond to reviews regularly, but just a few comments a month will show feedback is taken seriously.
  6. Track your statistics – If you practice good customer service and encourage reviews, you should get four or five stars from approximately 85 percent of your customers. Many customers distrust reviews that are entirely positive, so don’t make this a goal. Welcome some negative comments, but respond appropriately and try to make sure a similar situation doesn’t occur again.

How Can I Avoid a Phishing Attack?

Phishing attacks are scams that trick people into exposing financial details and other sensitive data. Phishing is not new; this type of online attack has been around almost as long as the internet, but today’s schemes are more sophisticated and harder to detect than ever. In the past, all but the most naïve could see through badly written requests to transfer money or suspicious-looking prize notices. This is not the case with modern phishing schemes which often resemble official communications so closely it’s hard to tell the difference. Some hackers take the time to learn co-worker’s names and personal details to make them appear even more convincing.

Phishing scams pose numerous risks. The most common scenario is a virus that will infect a computer through a contaminated link or a compressed document. Malware delivered through phishing can steal personal information, including financial details, or it may contain ransomware that will encrypt computer files and hold them hostage until you pay a fee. Most viruses have the ability to spread and infect an entire company network and businesses are frequently targeted since they have more resources and incentive to protect their data.

Falling prey to a phishing attack leaves a company vulnerable to financial theft, as well as leaks that could release trade secrets and confidential information. Compromising data released to the public causes reputational damage that’s hard to undo. Experts at Reputation Defender work to safeguard client reputations through regular privacy audits that catch problems as they emerge. We also help to repair online reputation by creating and promoting positive content.

Types of Phishing Attacks

There are basically two ways a hacker may design a phishing scheme:

  • Mass-scale phishing – A general attack that includes many different methods of communication. A lot like casting a large fishing net, mass-scale attacks do not target a specific person. However, they may include numerous semi-random attempts aimed at discovering the weakest link in a company’s network – the one employee gullible enough to click on a random link or reveal their password to a stranger.
  • Spear-phishing or Whaling – Spear-phishing is a targeted attack aimed at a specific person or a group of people. This type of phishing attack often includes details that make the included information seem legitimate. Emails can be designed to resemble personal office communication or a typical business invoice. Whaling is a type of spear-phishing that targets high-level personnel, particularly the CEO. Hooking these so-called “large fish” gives cyber criminals easier access to sensitive company data and financial accounts.
Methods of Delivery

Fraudsters have found even more creative ways to deliver links, through email, phone calls, text messaging and social media feeds.

Email phishing

A phishing email often looks like a generic notice from a well-known company or a bank. Cyber criminals have been known to copy logos from PayPal and eBay well enough to avoid detection. Typical scare tactics include warnings that the account is insecure, the password has been changed or there is a payment past due. Phishing emails usually include a CTA asking victims to click on a link or open an attached document. A targeted spear-phishing email may reference a colleague or a boss.

Things to look for – Many phishing emails still have small spelling mistakes or grammatical errors that a native speaker wouldn’t make, so this is the first thing to check. A missing email signature is another red flag or a form of address or writing style that’s not normal. Sometimes the only way to detect a phishing email is through slight changes in the email or domain name, such as the use of zeros instead of the letter “O” or “rn instead “m”. These can be easily missed, so if anything seems off, double-check the email address and domain name carefully.

Voice phishing – Vishing

Phone calls are another phishing technique (called vishing) which is aimed at getting individuals to hand over financial details or personal information. Like email phishing, vishing is often based on scare tactics that encourage victims to take action quickly without thinking about the consequences. Fraudsters may warn that a bank account is in danger or they may threaten legal action if a bill is not paid. Between 2013 and 2016, almost 900,000 people in the US received vishing calls purporting to be from tax collectors with IRS. These calls resulted in 5,000 victims with collective losses of USD $26.5 million.

Things to look for – Asking that bills be paid over the phone is unusual, so this should be an immediate warning. Banks also rarely ask for financial details or personal information over the phone. Don’t give details out unless you’ve made the phone call yourself to an official number and you know the counselor you’re speaking with well enough to recognize his or her voice. Other things to watch for are masked numbers or unknown caller ID.

SMS phishing – Smishing

Text messaging is another phishing technique that has come to be called smishing. Smishing messages often resemble phishing emails; they can come in the form of fake account notices with a CTA link. Some cyber criminals have even been known to use smishing to highjack a two-party identification system, first by requesting a password reset on your account, then sending a text asking for the code you just received in order to fix ‘’unusual activity” on that same account.

What to look for – Unusual or unfamiliar numbers should be a give-away, as well as unsolicited messages or codes you haven’t requested. Unless this is a company that normally sends texts, you should wonder why they are using this form of communication.

Social Media Phishing

Phishing schemes have also infiltrated social media. Fraudulent posts may claim you’ve won the lottery or ask you to click and sign up for membership. Targeted attacks often pretend to be from a friend who’s opened a second account. Some scams may even come from a regular account that’s been hacked.

What to look for – Watch for irregularities (why would a friend choose to open different account?) or language that doesn’t sound like the person you know. Be suspicious of sponsored posts from unknown businesses and links included in comments made by people you don’t know well.

Avoid Getting Hooked

Avoid all forms of phishing with these basic guidelines:

  • Don’t click on a link in an email or a text message unless you’re sure who the sender is.
  • Be wary of unsolicited messages and unusual account notices. Verify with the company before taking any action.
  • Always sign in to your accounts via a trusted app or by entering the URL in your browser. Don’t use an embedded link even if you think it’s legitimate.
  • Double-check any communication that’s doesn’t follow normal protocol. It never hurts to follow-up with an old fashioned phone call to make sure the message is from the real sender, especially if there’s money or confidential information involved.
  • Don’t transfer money without verifying who’s asking for it and where it’s going.
  • Don’t give out personal information over the phone.
  • Don’t fall for scams that seem too good to be true. They probably are.