Keeping Your Site Safe From Malvertising

by francine Hardaway on April 22, 2012

Image representing ZEDO as depicted in CrunchBase

Image via CrunchBase

As brands begin to create content themselves, and as bloggers continue to monetize their creative, more and more people become “publishers” without thinking of themselves as such. In addition, many advertisers don’t understand much about the technology that serves and delivers their ads.

80% of all online ads are delivered through third parties. As a result, the advertiser is often unaware of how, where and to whom these ads are actually delivered, which presents quite a challenge to one side of the equation. Are the ads going to “brand-safe” and relevant sites? Are the ads even seen?

Publishers that accept online advertising have more than just page views and click throughs to worry about; they also have to worry about whether the provider of those ads is sending users “malvertising” — bad ads that can infect users without their action.

My client Roy de Souza, founder of ZEDO, has been in the business since 1999, and has taught me a lot. He has good advice for newspapers, magazines, blogs, and other sites that rely on online ads.

1. Be smart about your advertiser and agency relationships

Be careful who you buy your ads from. Don’t accept last-minute ads from people willing to pay high prices for a weekend campaign. They might be masquerading as major brands, but major brands rarely do anything at the last minute; they plan campaigns and buy in advance. An exception might be political advertising, which almost always comes at the last minute.

2. Pick your ad network carefully

Whether you are a large, premium publisher or a home-based blogger, you need to choose your ad network carefully and know what questions to ask before you form a relationship. Don’t just accept the first network that says it can serve ads on your site. Does your ad network practice good internal security? Does it ensure that its network of sites is protected from malvertising?

If you are a large publisher, you might want to engage with several networks, to make sure you have the right mix of ads, and that if you have space for more ads (inventory), there are appropriate and effective ads to fill that space.

3. Understand the security provided by your third-party ad server

All online sites that take their-party ads MUST understand security.Maintain a close relationship with the security team from your third-party ad server. Ask it to outline how it is staying on top of the malvertising issue. Does it employ a third-party security vendor to screen ad tags? Does it conduct its own background checks, or have a staff dedicated to tackling the problem in-house?

This may not sound like familiar territory, but the internet isn’t the joyful place we used to think it was; it is now used by all kinds of hackers for nefarious purposes as well as just amusement, and both servers and readers of ads must learn a new discipline: “security literacy.”

Therefore, although it used to be enough just to know your ad server technology was robust and reliable, you must also know it’s safe. You should be comfortable knowing your users are safe and protected when they visit your site.

4.Be vigilant

Learn how to screen your site for problems. Check it periodically for scareware and other problems. Provide a forum or feedback mechanism to users to tell you if they find a problem: users are, of course, often the first to know. You might also consider using a third-party tag screening vendor (such as The Media Trust) to screen your ad tags.

5. Establish operations procedures

If you are a larger publisher, you may already have operations procedures for the internal people who handle your ads to deal with an incident. If you are a solo blogger or independent news site, you will be doing this yourself. Take the right steps to shut the offending ad(s) off immediately. Notify your ad server and ad networks if a problem arises. If you don’t know how to do this the Online Trust Alliance has aggregated a great set of tools and guidelines now available on its website.

Since online ad expenditures are projected to grow quickly again this year, it behooves the publishers who want advertisers to make their sites safe.


Enhanced by Zemanta

Leave a Comment

Previous post:

Next post: