Home – New Forums Marketing mastery How do I know if the SEO company is doing a ‘Ethical’ work? Reply To: How do I know if the SEO company is doing a ‘Ethical’ work?

#1189108
Byron Trzeciak
Participant
  • Total posts: 423
Up
0
::

I think your implying the issue is with the SEO industry which I think you couldn’t be further from the truth.

It’s a bit like going to the dentist, just because the dentist tells me to floss doesn’t mean my teeth will fall out if i don’t.

Just because I open an ftp port or request FTP access doesn’t mean that a business will be hacked. A business would first have to prove that the hack occurred directly from the work completed by SEO which in most cases I believe they would have zero ability to do so and would likely happen months after the fact from bruteforcing or a vulnerability.

If the SEO agency was to request FTP to be opened, when it otherwise had not been, then maybe you might have a case although I still think it’s highly unlikely and like you say businesses should have insurance to deal with this. Again, it’s up to the business owner to perform a risk assessment for any third parties they work with.

Are you a certified PCI professional? Are you qualified to provide PCI advice?

Sure, a business owner could sue in this instance if they felt it was justified but at the end of the day the reputational damage to their business may be well and truly more concerning.

“Risk transference is one of the most relevant risk treatment strategies
to third parties, and an organization may manage this relationship by written agreement, via a contractual obligation that states that the third party assumes responsibility for the security of CHD they process, store, or transmit on behalf of the organization. However, the remaining reputational risk means it isunlikely that the full risk to an organization will ever be truly transferred.”

I’ve seen plenty of websites hacked in my time, some because of vulnerabilities in the web server, some because of out of date plugins, some because of brute force and much more. Who takes responsbility?

The software manufacturer
The hosting provider
Third parties that helped build the system
The business owner

Businesses that think a “checklist” security compliance like PCI actually keeps them secure are more of a concern to me. You do it because you have to comply and it provides a baseline level of security but you only have to be in the industry for a period time before you understand that it’s far from a golden standard.

I think where you’re coming from John is a good place and I respect that you’re fighting for security because it’s worth doing so but to point SEO as the cause just doesn’t sit.