Financial services companies invest enormous amounts of manpower, energy, and financial resources into their content assets. Unfortunately, organizations that haven’t learned the ins and outs of link management often use weak, insecure links to connect those assets to their customers. These “weak links” create a point of vulnerability for hackers and competitors to steal insight into their data and brand strategy. And let’s be honest, suffering a security breach at the hands of a malicious hacker is a company’s worst nightmare.
If security and compliance are priorities for your company, these best practices are a great place to start to protect your brand, your assets and your customers.
- Whitelisting: When whitelisting is implemented, every long URL domain must be on the whitelist in order for a redirect to process successfully. A request to shorten a URL from a non-listed domain will trigger an immediate email alert to the administrators where it may be properly reviewed. Upon action from an administrator, the link is immediately released without further action from the originator and the root domain is added to the Whitelist for further use.
- Single-Sign-On: This is a session and user authentication service that permits a user to use one set of login credentials (e.g. name and password) to a set of external and internal applications. On the back end, SSO is helpful for logging user activities as well as monitoring and managing user accounts.
- Two-Factor Authentication: An authentication method that requires multiple proofs of identity before granting access to create links for your organization. As hackers become increasingly sophisticated, two-factor authentication is becoming standard within the technology industry.
- Audit Logs: An audit log is a transaction log that includes user and timestamp for the following activities: Login, Login Failure, Edit Link, Delete Link, Add Link, Clear Link, Delete User. By creating full transparency for administrators to monitor users, you're ensuring that a bad actor (or an improperly trained employee) will be spotted quickly.
- Advanced Account Security: Manage and enforce internal password requirements on company link management accounts. Common rules we suggest for advanced account security include: Freeze account access after X days of inactivity, freeze account access after Y failed login attempts, force password change every Z days (must know prior password, may not repeat a prior password, etc.)
When security and compliance matter, BudURL is the only choice. Request a demo today for an expert, personalized review of current and potential security issues with your link management strategy.