How Vulnerable Is My Blog to a Security Breach?
As a social media communications professional, I’ve always said that a blog forms a central anchor for your social media strategy. While other social media channels enable you to engage and interact with your customers directly, it serves as your true “channel”.
Your blog is where you can speak most directly and at length with your customers. From this point of view, it’s also a critical part of your public relations strategy.
While blogs have been around for a while they lack a lot of the shiny new capabilities that we as social media professionals love. These days, blogs tend to be out of people’s minds. It’s just “there”. It’s always been there, and it will always be there.
This applies to online security as well. With a host of new technologies to evaluate, assess and deploy, the blog easily gets relegated to the back burner.
Blog Security Often Gets Neglected
In the security world, there’s a real “squeaky wheel” problem: with limited resources, we sometimes focus on the squeaky wheel (the shiny new social media channels) at the expense of other things (your blog). It’s not uncommon for folks to say “Well, it’s not been a problem so far, so we don’t have to worry about it”. And so the security of your blog may coast on autopilot with little or no attention for years.
Unfortunately, this can be a dangerous approach. The world of online security is facing unprecedented threats and attacks. And while it may have been up and running without incident for years, that’s no guarantee that the security on it is adequate for the threats that are out there today. It may simply mean you’ve been lucky and escaped notice so far.
Yet, Blogs Are Often Targets of Attacks
These days, they are a particular target for attack for two reasons.
First, while we may think of the blog as “just there,” in reality, a mature blog provides a number of different capabilities: video, discussions, photos, audio, and of course, text. Business blogs tend to include even more (third-party) components, like CRM (which often integrates into website analytics to track clicks and conversions as well phone apps to track phone calls). Each of these capabilities is supported by different software components and each of these components can and do have vulnerabilities that can be attacked. If you think of it as a house, each of these capabilities represents another door that someone can try to break into. A house with one door is easier to protect than a house with 30 doors. So they represent what we in security would call a “target-rich environment” that gives attackers many ways to try and levy attacks.
Second, many attacks these days are focused on getting malware (viruses, Trojan Horses, keystroke loggers) on people’s systems. One of the chief means for doing this is by taking over legitimate, established websites and using them to distribute this malware. Blogs are an ideal platform for hosting malware this way. It’s not unheard of to hear of mass blog compromises to this end. Hari Ravichandran talks about this problem in much more detail.
And this is just speaking to anonymous, broad attacks. There’s a whole other category of threats to your blog: targeted vandalism and so-called “hacktivism.”
Going back to the point that it is your “channel”, it’s also an ideal target for anyone who may be against your organization (like your competitors). Taking over your blog to post inflammatory or damaging material is a quick and easy way to cause you embarrassment and reputational harm.
Combined, this means that your blog is a very attractive target with many avenues of possible attack. Indeed, it is likely the biggest target that you have in your social media arsenal.
Clearly, if you’ve not focused on blog security lately, now is an important time to do so. But what should you do about this? Really, you should ask yourself one simple question: Should I move my blog to a professional, managed hosting service or should I host it myself in some manner?
First Step: Choose Your Hosting Wisely
Security is about identifying risks and making decisions about that risk. I’ve outlined the threat environment that your blog is facing. A good professional managed hosting service is the best way to meet those threats.
A good professional managed service will meet this threat environment by keeping up on the latest vulnerabilities and keeping the platform as up-to-date as possible. These days, keeping a blogging platform secure is a full-time job that requires specialized expertise. Unless you or your staff want to be blog security engineers, you can’t match their ability to protect your blogging platform.
Additionally, a good professional managed service will only provide capabilities on your blog that they feel they can reasonably protect. This does mean that you may have to sacrifice some functionality (especially around shiny new capabilities), but as we’ve said before: in security, new can be equally dangerous.
Also, a good professional managed service will have additional layers of security and active monitoring that provide the necessary defense-in-depth today’s online security requires.
Finally, a good professionally managed service will have good backup strategies and a good incident response process. So, should there be a successful compromise, they will have the means and expertise to restore it to normal operations more quickly.
My own opinion is that these days, professional service is the only way to go for blog hosting. And I’m not the only one. If you look at some of the biggest blog properties out there, they’ve “outsourced” their platform like this.
A hosting service may cost more than self-hosting, but I promise you that your costs will skyrocket after a successful compromise. In some cases, when self-hosted blogs don’t have adequate backups, the blogs are simply gone for good. I’ve known more than a few blogs to disappear because of a successful attack after the owner failed to keep the blog software up-to-date and adequate backups. Whether you are monetizing a side hustle or operating a full-time business, site security is something you need to take very seriously.
If you’re already on a good professional managed service, then you’ve already addressed these risks smartly. But if you’re not, now is the time to reevaluate this question and decide if you want to continue to assume these risks that you might not have been aware you’ve been assuming.
To be clear, professional hosting is not a panacea for all possible security issues your blog faces. But it goes a long way to addressing the biggest threats that are currently out there. The world has become more dangerous and what worked fine a few years ago is just not adequate. It is your most important social media asset: it should get the best protection possible. So if you’re self-hosting, you should ask yourself the question today: to host or not to host.
Image: Envato Elements