INside Performance Marketing
Three Questions to Ask Right Now About Website Security
Image Credit  Kilayla Pilon Creative Commons license

Three Questions to Ask Right Now About Website Security

Yes, you can do it. Despite the ever-growing complexity of cloud technology, you can still ensure your website is secure and operating at top form in 2015. But it will take some work. The key? Find out what's really going on deep in your marketing cloud.

Eliminate your digital blind spots

Here's a quick statistic: Ghostery’s Security Study 2014 revealed that across every industry group studied, 96% of domains had security ‘blind spots’ caused by non-secure tags – tags placed indirectly on websites by third parties.

These digital blind spots expose websites to multiple security issues that can wreak havoc with the customer experience, cause lower page rank, put site data at risk, and drain ROI. But the good news is there are a few sure-fire ways to eliminate them.

Three questions to ask right now

Here are three questions you need to ask right now to identify your digital blind spots, regain full control of your site security and performance, and ensure your enterprise – and reputation – thrive in 2015:

1. Who is really on your site?

The non-secure tags mentioned above arrive every time you add a third party to your site – think ad networks, data targeters, and video players, etc – often without the third party's knowledge, and it doesn't stop there. As those third-party vendors strive to better serve your site, they may add on new tech providers, each bringing its own hidden non-secure tags along with it. If you think this scenario doesn't apply to you, think again: According to the anonymous data that Ghostery aggregates from over 26 million websites worldwide, only about 20% of the vendors with access to a given website are actually invited directly by the publisher. Yes, 20%. That's a lot of blind spots.

2. Who else could be creeping in?

This is where the facts get even scarier. Non-secure tags create security gaps that open convenient little doors for hackers to enter and stage "man-in-the-middle" attacks. That’s where a hacker takes over one of your pages without your user – or you – knowing it, and redirects it. Customers may be tricked into entering their information on a counterfeit page, or your precious customer data may be resold to a competitor through a trusted vendor on your site. That's no exaggeration: it recently happened to a major retailer.

3. What site problems are these blind spots causing?

The blind spots in your marketing cloud are also affecting your site's performance. Here are three common site performance related problems caused by hidden non-secure codes:

Page latency – We all know how important page speed is for grabbing and keeping site visitors. Research shows that adding a single marketing tag to a site increases page latency by 5%. But what if, like many companies, you're only aware of 20% of the tags actually sitting on your site? You do the math.

Browser security messages – Sad fact: if a hidden non-secure code arrives on your seemingly secure "https" page, your visitor's browser may load a "non-secure" or "mixed content" pop-up warning before you've spotted it yourself. Often, customers know about a site's security problem before the website manager does!

A drop in your Google page rank – Google has started to lower the search rankings of websites with non-secure content on pages that are supposed to be secure. And they've said they plan to increase over time the importance of non-secure or mixed content as they calculate a site's page rank.

Finding some answers

The best way to begin to address these 'Big Three' questions and eliminate your website's blind spots is to perform a thorough, in-depth vendor audit:

  • Identify every vendor who has access to your website, as well as any other companies they bring with them through redirect chains.
  • Dump outdated vendors, unapproved vendors, and vendors with expired contracts.
  • Make sure you don't have duplicate tags for the same vendor.

The next step to take, right now and throughout the coming year, is to monitor your marketing cloud with an eagle eye, and make adjustments as needed:

  • Designate a contact person at each of your vendor sites to help resolve issues as soon as they arise.
  • Get your marketing and IT teams to perform cost/benefit analyses of any new tech addition to your marketing cloud. What is its effect on site performance? Site security? Is it worth it?
  • Develop page latency limits, vendor tag limits, and limits on data that vendor technology can take from your site. If you have such limits in place, make sure you enforce them.

Your 2015 New Year's resolution

To ensure top-level website performance in 2015, resolve to monitor your marketing cloud daily, blast any non-secure tags that show up, plug security gaps before they cause trouble, and know every vendor on your site. Once you get control of the chaos in your marketing cloud, you're sure to have a brighter and more prosperous year.

Continue the conversation

Got a question or comment – tweet Scott @Scottmeyer or comment on Twitter, Facebook or LinkedIN.

Scott Meyer

Related Articles

Join over 10,000 performance marketers for the ultimate weekly update on industry news