Your Website is at Risk!
Keeping your site secure in a digitally dependent world
You wake up to a slew of email notifications on your phone. Many of your clients report having received mysterious links in their inboxes that claim to be coming from your company. Others say that when they try to visit your website, they are redirected to another site.
How did this happen?
It’s likely that your website’s framework is out of date or has other security flaws that have led to client information being harvested, and your site being abused. Security breaches like this can be damaging (and very costly) to a company.
Many business owners assume that because their site was set up by a professional, it will run without issues forever. Unfortunately, this is not the case. Websites are like cars, they need regular service from knowledgeable people in order to operate properly.
Businesses have become more dependent than ever on their online presence, especially in the COVID era. As a result, many industries have experienced a 500% increase in hacks and data breaches as compared to last year! Many of these expensive issues can be easily and inexpensively avoided by keeping an eye out for common security flaws:
Security Hole 1:
Your website’s framework is out of date
Most commercial websites are built off of frameworks such as Wordpress, Drupal, or Joomla. As you probably already know, it is critical to keep the framework of your site up to date.
Developers of these frameworks frequently release updates, also called patches, as a way to provide new features and also fix bugs in the programming of the framework itself. Software bugs can vary in severity from minor issues displaying your site, to major security issues that could leave your site at risk to attacks.
Patches, released every six months typically, work to counteract the vulnerabilities present in the frameworks of sites to prevent malicious software attacks. Therefore, it’s important to maintain an up to date framework to have a secure site.
But isn’t this an easy problem to fix? Can’t I just click “update” in the admin panel myself every time there’s a new update?
Well, no, not exactly. The odds are that your website uses plugins or a special theme to function, and they may not all be compatible with the most recent version of your site framework. Updating without verifying that all plugins will work with the new version may break your site, so it’s important to have a web specialist review your site before updating.
Security Hole 2:
Your website’s plugins are out of date
Another element of website security is maintaining the status of your site’s plugins. Similar to the problem of an out of date framework, having plugins - which are add ons to your site that allows for additional functionality (like email forms or client booking calendars) - that are out of date can be detrimental to the security of your companies website.
For example, in December of 2014, Wordpress released a patch to one of their plugins to ensure security, but by mid 2015 over 100,000 sites had been affected by cyber attacks that could have been prevented had those sites been properly protected by the patch released.
Updating plugins also prevents issues with licensing of said plugins, such as the license being revoked without notice. Keeping your sites plugins updated with the latest plugin patches is an easy way to protect your site.
Security Hole 3:
Utilizing plugins and themes from untrustworthy sources
Sometimes sites will promote premium plugins and themes for a fraction of the price or even free. But as they say, if it's too good to be true, it probably is.
It may be tempting to download and implement these add ons to your site due to the price, however, this could lead to major issues for your site and your users.
Let's say you need an advanced contact form for your website to capture client data, and you opt to use a free plugin from an untrustworthy site instead of a legitimate one that charges a premium. This knock-off contact form may be harvesting the information that your clients enter in it so they can be email spammed later.
Bottom line: only download plugins and themes from your website builder’s catalog or from a premium plugin developer.
But the people that made my website will have used quality plugins, software, and best practices, so I have nothing to worry about, right?
Unfortunately, that’s not always the case. Many times, budget web developers will use unpaid trial versions of plugins to keep costs low when making your site. However, once these trials expire, they often require a paid subscription in order to keep functioning or updating, which can leave gaping holes in your site’s security.
Make a plan to have a designated webmaster who is responsible for keeping the site secure and up to date on a regular basis. X Factor does weekly checks for our webmaster clients, and we recommend following a similar schedule. If you’re interested in learning more about our webmaster services, contact us for assistance!