If your business has a website, you are very familiar with the irritating, sometimes embarrassing phenomenon of spam. Annoying commercial messages that promise everything from free money to a more organized kitchen, spam can show up in the comments section on your company blog, on any social media presence you maintain, or be delivered directly to your in-box.
There’s no question that spam is unattractive and irritating, but did you know it can also hurt your business? Spam can make your website sick, infecting it with viruses that expose your customers to all kinds of harm, from computer damage to identity theft.
“Spam is any type of deceptive advertisement,” says Anirban Banerjee, co-founder of Stop the Hacker, a SaaS firm specializing in web malware, security, and reputation protection. “It could be any content that is not related to the theme of the site, or relevant to the website visitor but is intended deliberately to advertise or sell products without the express knowledge of the website owner, he explains.
Considered with a critical eye, it’s hard to believe that spam sells anything. Poorly spelled, erratically punctuated—it doesn’t seem like the type of messaging strategy that would encourage anyone to break out their credit card and buy. Yet the sheer volume of spam messages— Askimet, a spam filtering service, says it recently stopped nearly 90 million spam messages in just one day—indicates that there’s tremendous effort being put into spam distribution. What’s the reward?
“They want to increase their search engine rankings,” says Adam Harvey, Technology Director at Glad Works, an advertising agency. “Good search engine rankings result in the spammer's commercial site being listed ahead of other sites for certain searches. That raises the number of people who will visit the site and perhaps become paying customers. Many search engine ranking algorithms base page ranks at least partially on number and rank of referring links, so the more comments ‘out there’ that link back the better.”
In other words, every spam comment that makes it onto your company website gives the spammer a tiny SEO boost. And the longer the comment remains in place, the longer the spammer gets the benefit. The cumulative result of millions and millions of spam messages can be enough to propel a spammer’s website into an attractive position. Customers consistently choose from the first handful of results of any search inquiry. The sites they find are professional productions, bearing little resemblance to spam messaging.
From irritant to infection: enter the virus
Spam is always a problem, but it becomes a really big problem when the messages infect your site with a virus. Spam is not a primary delivery mechanism for viruses—the bad guys tend to hack into a site through weak passwords far more often—but it is a potential route to infection.
“It used to be that only blogs were experiencing problems with spam,” Harvey says, “but now any form on the web that takes input can get hit.” Customer data collection points are vulnerabilities. Anywhere that you’re inviting people to leave comments, request more information, schedule a consultation, or engage further with you is a potential penetration point for a virus-laden comment.
“It's not just The Good Guys who have access to the code which runs your site,” explains Bud Kraus, Chief Education Officer for Joy of Code, a web design training firm. “The Bad Guys know the source code too and know where your site is vulnerable to attack.”
The only absolute method to eliminate the risk of spam-delivered viruses is to eliminate input forms from your site—but closing this door to customer engagement may not fit your business model. With that in mind, there are best practices you can use to minimize the risk, including:
1. Choose strong passwords
“Passwords are key. It’s tempting to use the same password for everything we do because that’s easy to remember, but it’s a practice that leaves us very vulnerable to hacking,” Harvey says. “Not only should you change your passwords frequently, but you should also be sure to use a mixture of numbers, symbols, and letters—perhaps even passphrases. You want to be as frustrating as possible to stop hackers.”
2. Update your website & antivirus software
“If you run a web application such as Wordpress, keep it updated. Most of the security issues we handle are due to web site owners failing to update their software. Join the software vendors mailing list,” recommends Jeff Huckaby, CEO of RackAID, a server management company.
Antivirus software should be kept up to date on all computers used for your business. Make this very clear to all of your employees. If they’re using an unprotected laptop to work on your website, you’re vulnerable.
3. Use a malware monitoring service
Malware monitoring is the equivalent of a flu shot for your website. Just like there are many strains of the flu, there are many types of computer viruses. A good monitoring service will regularly scan your website, identify any infection, and resolve it promptly.
4. Choose CAPTCHA
Spammers have been developing ways to outwit CAPTCHAs—the small boxes where website visitors need to enter a few characters or solve a simple puzzle to prove they’re human—but the technology still has merit. CAPTCHAs won’t stop all spammers, but they do significantly reduce the volume of unwanted messages that do get onto your website.
5. Backup, backup, backup!
Adam Harvey’s heartfelt advice for the small business owner: “Make frequent backups of your server files and your database. If you update your website every day, make backups every day. Remember it’s not the backup that earns the money: it’s the restore.”
6. Work with your website provider
“Web sites are not Ronco Rotisseries. You cannot simply set it and forget it—unless you hire the right team,” Huckaby says. “While that $100 a year budget hosting plan may sound great, you will likely be responsible for keeping everything updated and secure. Just as you would not skimp on good legal or accounting advice, do not skimp on good web advice. A security breach will not only cost money to clean up, but could cost you your customers.”
Choose a web company based upon their ability to provide three levels of service: site design, functionality, and security. Make sure to ask your team about when and how updates are performed. You want to know what default settings have been changed to enhance your site’s resistance to viruses, including back-end and database passwords.