Google+ Shuts Down due to Concealed Security Breach

Posted on October 9th, 2018

A security bug allowed access to the profile information of over 500,000 Google+ users between 2015 and March of 2018. This security glitch – in addition to low performance on the part of the social media site – has led Google to shut down Google+. While Google reports that none of the data accessed was used for malicious purposes, the breach still reveals a flaw in a company that controls the most prevalent search engine and dominates many aspects of search engine marketing (SEM).

Why did the Google+ Security Bug Take So Long to Discover?

It is sadly not uncommon for outside sources to get ahold of data from large companies. Even though they have large tech divisions that can monitor their sites on a daily basis, things can still slip through the cracks.

After the recent Orbitz data breach, Guy Podjarny from the security company Snyk explained why so many large companies get breached. He explained that “most big tech companies have a string of legacy systems, often built with minimal security. The people who wrote those systems have long since left the company, making these poorly-monitored systems a liability.” In other words, the person who designed the security systems for Google+ before its start in 2011 is likely not the same person who monitored it between 2015 and now. Since the ones monitoring the system don’t have complete knowledge of how it was designed, it can leave the site vulnerable.

But Google discovered the security glitch months before the public learned about it.

Google discovered the bug in March of 2018, and they quickly fixed it; however, they decided to conceal the Google+ security breach. It is likely that Google decided that it was time to reveal the breach because CEO Sundar Pichai will be testifying before Congress soon. Although the testimony is voluntary (though highly suggested), there is a good chance that the Google+ breach would have been revealed during this testimony anyways.

Why did Google Conceal the Software Glitch?

Google’s discovery of the security bug came at a rather inconvenient time for the company. That very same month, Facebook came under scrutiny for a data scandal.

The scandal involved a psychology professor at the University of Cambridge who was granted access to harvest data from people who downloaded his app through Facebook. This kind of access was not uncommon for Facebook apps – especially for a seemingly harmless app like this personality test was.

However, it was discovered that the psychology professor, Aleksandr Kogan, was giving the data to a group known as Cambridge Analytica. Cambridge Analytica was attempting to develop techniques that would be able to influence voters to vote a particular way.

While this was a serious breach of Facebook’s rules, the social media site still came under great scrutiny due to previous scandals. The company had previously come under investigation to determine if they were influencing voters before the 2016 election. That’s why it’s a bit difficult for investigators to believe that Facebook was completely innocent in this scandal.

In the wake of this massive scandal with another social media site, it’s somewhat understandable that Google would want to hide the breach of Google+. Emails document that the company’s legal representation strongly urged that Google conceal the breach so that they wouldn’t get swept up in the same scrutiny that was plaguing Facebook. However, while their actions were understandable, that doesn’t make them right.

What does the Shutdown of Google+ Mean for SMM?

While Google+ did not achieve much success as a social media site, it was still an integral part of social media marketing (SMM). It’s unsurprising that the ones who wrote the rules for search engine marketing were trying to dominate social media in addition to search engines. It’s too early to tell exactly how the shutdown of Google+ will affect SMM; only time will tell.

Fortunately, you don’t have to navigate the ever-changing world of SMM, SEO, or PPC on your own. Link Right Media has a team of web marketing professionals who are always on top of the latest changes, and they’re always quick to optimize your website, PPC ads, and social media based on the current best practices. If you’re too busy running your business to run your web marketing or you want to increase traffic to your site, contact Link Right Media today.

How Often are Small Business Websites Attacked?

Posted on March 23rd, 2018

Every website is attacked by malware, ransomware, and phishing sites on a daily basis. Large businesses have experienced technicians who are in charge of preventing these attacks from becoming hacks, so the attacks are of little concern to them. However, small businesses have less money, few (if any) technicians, and rarely any security programs. So what’s the chance of your small business’ website getting hacked?

The Numbers

The security firm SiteLock reports that small business websites get attacked 44 times a day. Of course, not all of these attacks lead to infection, but their studies showed that as many as 18.5 million sites are infected with malware at any given time.

If you’re one of the many small businesses using WordPress as your CMS, be aware that the popularity of the program makes it a huge target for hackers. Running plugins on your site makes you especially susceptible – one to nine plugins make your site twice as likely to get infected by malware, and twenty or more plugins make your site four times as likely. The reason is that although many businesses update the WordPress software regularly, they generally don’t update their plugins. Newer versions of software are usually less vulnerable to infection.

What is Ransomware?

Ransomware is a means for attackers to ransom your website’s data. They encrypt the data and tell you that they won’t decrypt it unless you pay them a certain amount of money. A typical ransom is about $300, but that usually increases significantly if the hacked site has sensitive information. For example, the ransom for a healthcare site that holds patient information will usually be much higher. In February of 2016, the Hollywood Presbyterian Medical Center was a victim of ransomware. They ended up having to pay $17,000 to get their data back. In the same month, a South Carolina school was forced to pay $8,500 to get their data decrypted.

What Can I Do to Prevent a Cyber Attack?

Without a team of technicians and cyber security professionals, it’s nearly impossible to completely eliminate your site’s chance of getting hacked or infected. However, there are some steps that you can take to mitigate the risks:

• Software updates: Make sure that you’re regularly updating your plugins, themes, and CMS software.

• Avoid spam attacks: Inform your employees of what to look out for in terms of spam. Making sure that they don’t click suspicious links will reduce the chances of easily-avoidable hacks. Let your employees know that it’s always okay to ask if an email is safe to open.

• Back up data: If your data is backed up, you can often restore it without having to pay the ransom that ransomware attackers demand. It also makes it quicker and easier to restore your site after a malware attack.

• Invest in security programs: You may not have any security programs in place yet, but these are a must. Antivirus software like Norton will greatly reduce the chance of you or your employees encountering infectious links or phishing sites. Website security software will protect your site from malware and ransomware. Remember that both the server the website is hosted on and the site’s content management system must be protected. Software solutions like SiteLock or Securi do a good job protecting the site’s hosting platform, but don’t forget to add a security and intrusion prevention plug-in like WordFence to your CMS as well.