2023

Essential Questions IT and Security Professionals Should Ask about Link Management

Links are the lifeblood of digital experiences, enabling content to flow between organizations and their customers, users, and employees. IT and security professionals are becoming increasingly aware of the role link management platforms can play as a core strategy to help their organizations manage their links securely to decrease risk and increase security. 

In this article, we share 11 essential questions that you should be asking about the risk level associated with your links, especially if you are not already using an enterprise-grade link management platform. These questions can also help you communicate with your internal stakeholders (marketing, sales, and customer service leaders especially) about the importance of link management.

List of 11 Essential Questions IT and Security Professionals Should Ask about Link Management

This list is based on real feedback from people experiencing challenges with their links.

1. Could our organization’s links suddenly disappear from social media platforms?

If teams at your company share generic short links from popular URL shortening tools on any major social media platform where your organization has a presence, unfortunately this can create unnecessary risks. In fact, your organization’s links might just disappear from your posts overnight, as this example from Reddit shows. 

Reddit Facebook Bitly

Source: Reddit

Over the years, major social media platforms have routinely done a “sweep” of links across accounts and posts and removed vast numbers of generic links without any warning, creating major challenges for marketers and other business stakeholders using these types of platforms.

Why does this happen? At any given point in time, social media platforms like Facebook (Meta), Twitter (X) and LinkedIn might think you are cloaking their system when using generic links, and can suddenly begin banning you from posting such links.

Facebook Bitly

Source: Quora question –  Quora answer 

If you use branded short links leveraging your own organization’s branded domains, with an enterprise-grade link management platform instead of generic short links, you could still be at risk of a social media platform removing your links associated with your own domain. However, the risk of this happening is considerably lower than if you are using generic short links.

2. Could our organization’s links suddenly be impossible to access for an entire population?

Yes, as the political turmoil in Egypt taught us in 2019, not only social media platforms, but a government, can “turn off” billions of links overnight. This is especially true for shortlinks that are created by social media tools and generic link shorteners. 

Netblocks

Source: NetBlocks

If you instead use branded short links, the risk exposure in this scenario may be lower. While still possible, it’s less likely that an entire country’s government would shut off access to an individual organization’s branded short links associated with a domain you already own and control.

3. Could our organization’s links prevent our SMS messages from actually getting delivered?

If your company carries out any of its communications via SMS, you need to be aware of the consequences of using some types of links versus others. Major carriers such as AT&T and T-Mobile prevent generic shortlinks from reaching recipients, due to their high association with Spam and phishing. 

image1

Source: Reddit

Bitly SMS Blocked

Source: AT&T

You don’t want to associate your organization with generic link shortening tools, which are actually prohibited by many SMS senders, such as SalesForce and ActiveCampaign.

Link shorteners prohibited

Source: ActiveCampaign

Source: Salesforce

4. Could not having full control over the domain associated with our links pose risks to our organization?

To mitigate potential risks for your organization, you should avoid working with any link management solution that suggests that you should use a “complementary domain.” This could have many risks, compared to working with a link management platform that allows you to connect a domain associated with your organization already, that you fully control. 

If you are asked to choose a “complementary domain” exclusively associated with a link shortening tool, it’s important to understand that if you choose to work with such a provider, you could introduce risk by assigning control to the company in question. This also means that your organization may not be allowed to use that domain with any other service, or for any other purpose, as long as you wish to use it for link shortening. Some important guidelines:

  • Never use “complementary domains.” If you do so, your domain can still be blacklisted as they are associated with the company that owns them, instead of being associated directly with your organization. You are essentially ceding control over to the company providing the domain you register with them, versus connecting a domain that you separately control fully.
  • Only choose a link management platform that offers Dynamic Domain Alias. This important feature allows you to connect your organization’s branded domain that may already be in use for other purposes, so that you can continue to use it with your branded short links.
  • Always make sure your domains can be transferred. If you buy a domain from your link management platform for purposes of creating branded short links, make sure that you have the ability to easily transfer it, anytime you wish, without any hooks or blockers.

Note: Rebrandly offers you the ability to connect your current domains, or to purchase a new one. All domains purchased within the Rebrandly platform can be easily transferred at anytime.

If you cannot use your most trusted and familiar domains for link shortening purposes, you’ll be missing an opportunity to leverage your domain assets to increase trust and improve security. Make sure that any link shortening tool you use allows you to use your domain anywhere and everywhere you wish, and to transfer it at any time. Otherwise, your organization will be taking unnecessary risks with your links each time you create or share one that is attached to a domain that isn’t under your full control.

5. Could links being sent out by our organization inadvertently predispose our customers for future phishing attacks?

All IT and security professionals should know the importance of creating repeatability with your domain names and links so that your customers do not inadvertently click on an illegitimate link by mistake. This is particularly important for highly regulated industries such as banking and health.

You should make sure that your internal stakeholders throughout the organization avoid using generic link shortening tools for any and all communications.

6. Could our links cause our organization’s emails to get blocked or flagged as spam?

Email administrators on the recipient side frequently block emails that contain generic short links in order to protect their users, especially ones associated with commonly used domains for link shortening tools. It is critical to make sure that your users are not creating accounts with generic shortlink services, and that they are only sharing links associated with a credible domain that your company oversees.

Using generic short links can also reduce your organization’s click-through rates and harm email deliverability overall. People are hesitant to click on generic links, or on any link when they don’t know the source. When the user cannot verify where the link will take them, they’re less likely to click. Many platforms for communicating with customers, such as email marketing and CRM tools, track the data on click-through rates. 

Some email marketing platforms also specifically block generic short link providers, since they are known to be used by spammers, as the example below from Microsoft shows.

Source: Microsoft

If you are not maximizing your chances of increasing trust by using a secure and trusted link management system, and ensuring that your marketing teams share branded links instead of generic ones, you could not only be disrupting revenue potential, but harming overall deliverability signals that third-party platforms are continually analyzing in order to prevent their software from misuse.

7. Could the data from our organization’s links be accessed by third parties?

When you use a generic URL shortening service, you might also inadvertently be giving them information about the links you shorten. They could be collecting data about the URLs you shorten, who clicks on them, and more.

One example of such is click statistics. Some URL shorteners collect data on the number of clicks, geographic locations of your users, and which websites referred them to those URLs. Often, these statistics are public or can be made public by the link’s creator. When choosing a link management platform and vetting the security aspects, you’ll want to ensure that your click statistics are private and only visible to the individuals at your company who are authorized to access this data.

8. Could our organization’s links be exploited?

If you use a generic URL shortener, you’re hiding the destination URL, which makes it hard for a user to know where the link will take them. This loss of transparency can be dangerous for your business, because it can be exploited by malicious users.

Whenever you are redirecting users from one link to another, the user has to trust that the next step in their experience will be to arrive at a destination they can trust. When you use branded links provided through an enterprise-grade link management platform that leverages a domain users already associate with your organization, your users have more trust and confidence that the link they are clicking on will be more closely related to the destination.

9. Could our links suddenly expire without any warning?

Many generic URL shortening services will automatically expire your links after a certain period. If the shortened link stops working, your online content will be disrupted for your users and visitors. To ensure this does not happen, you should use a professional link management solution, in which you have full control over link expiration and other important security features.

10. Could our links harm our organization’s overall SEO?

SEO experts have long been concerned that generic short links could have an impact on SEO. Search engines like Google already take into account the links you use and how trustworthy they are. Meanwhile, phishing attacks and spam are on the rise. If you are using generic URL shorteners that are also used by spammers and malicious actors, your website’s reputation may suffer. SEO is becoming more competitive by the day, and every single optimization matters more than ever before.

Source: Moz

Use your primary domain for links where branding and trust are essential, such as links to your organization’s social media posts and marketing materials. You need to consider the trustworthiness of your links, their impact on user experience, and their potential impact on your click-through rates and analytics, which can also affect your website’s SEO.

In summary, there are many ways that links are used to support an organization and to build relationships of trust with users, customers, and employees. Avoid generic URL shortening services, and make sure that your link management solution supports you as an IT leader or security professional, to reduce risk while simultaneously building scalable solutions that protect and support your organization.

11. Is the provider of our organization’s links compliant with relevant security and privacy frameworks?

As you can see, if your business uses branded links, it’s critical that the provider has the necessary security and privacy measures in place to protect your links and your data. This is particularly the case if you operate in highly regulated industries such as healthcare and financial services. Ask your link management provider to confirm their compliance with relevant industry standard privacy and legal and security frameworks (e.g. GDPR, SOC 2, HIPAA).