<rant> You’re a website owner. Imagine your platform is Fort Knox, behind the vaulted steel doors of which lies an enormous supply of capital. Well, your site may as well be Fort Knox, because it’s among the most impactful drivers of brand recognition for your company, and it is thusly in your establishment’s financial best-interest to keep the doors locked.
Why do so many business owners fall short of the mark with regard to web security? In a word: vigilance, or rather a lack thereof. As a site owner, you have a lot of oversight, and depending on your appetite for delegation, there may be dozens or even hundreds of moving parts that demand your daily attention. Unfortunately, for many business chieftains, the company website is an oft-overlooked source of security vulnerabilities. </rant>
In order to aid in your understanding of the risks posed by an outdated platform, and the benefits of keeping things up-to-date, we have identified three crucial website components that require routine maintenance in order to mitigate the possibility of a self-inflicted security breach or the loss of efficacy in service rollout. In no particular order, these components are as follows:
- Domain Name (DNS)
- Publishing Platform/CMS
Domain Name (DNS)
It’s Monday morning and you haven’t seen any web sales, so you type your registered domain into your browser’s URL field and hit Enter. Suddenly, you’re getting a Site Not Found error message. Congratulations, you just authored your own severance papers because you missed the automated domain renewal notice, and are subsequently a party to major financial losses and a lot of surly customers.
The antidote to face-melting customer calls is abiding annual domain renewal and registration notices. Oftentimes, folks will choose to pay for multiple years of domain registration up front, thinking they are saving time and money by locking in. Although convenient, this practice opens up the possibility of a malicious third-party hijacking the traffic you’ve worked tirelessly to cultivate as it’s easier to miss a renewal that is not on a regular schedule.
On the flipside, renewing annually has the benefit of not tethering your organization to a single registrar while simultaneously making it easier to track renewal dates, providing your business with the agility to maintain the best fee-for-service possible. For added convenience, most registrars offer free text and email alerts regarding domain expirations.
Hackers are incessantly targeting business sites through known security vulnerabilities in order to steal user information, or to hold corporate data ransom. Nowadays, many businesses opt to use content management software like Drupal and WordPress, or SaaS platforms like Wix and Squarespace. Both are excellent choices for businesses of most sizes, yet each comes with its own set of benefits and risks.
With regard to SaaS, there are no plugins, which means you won’t have to manually update security components, but it also means you are beholden to each service’s respective schedule and system limitations. Note: these platforms also provide proprietary DNS services for your site. We recommend instead independently purchasing your domain and porting it through your preferred publishing platform so you have an extra layer of security.
Content management systems like Drupal and WordPress, unlike the SaaS softwares mentioned above, do have user plugins that require regular updates. If properly configured, these platforms will alert you in the event of an update, but the onus is on you to actually heed those alerts. Failure to keep plugins routinely updated as new security features are added exposes your site to hackers attempting to probe those glaring vulnerabilities. As mentioned previously, the object of their gaze is oftentimes customer data, or at minimum an outlet for their spam. If word gets out that one of your customers was the victimized by way of your website, your company stands to take on big losses in terms of site traffic and community trust.
The free WordFence security plugin offers an easy workaround for WordPress site owners, alerting users when it’s time to update third-party features.
The frequent publication of relevant content on your website helps to boost SEO. Conversely, failure to maintain fresh and accurate information, or allowing the posting of unmoderated user comments and spam, inherently depresses your online visibility (and can even get your site blacklisted.) In certain cases, such unmoderated content can also trigger Google to clamp down on user access by displaying the dreaded The Website Ahead Contains Malware warning label, which can be the kiss of death foryour company’s user-security reputation. Moreover, frequent patrons of your website tend to maintain their engagement and return more often when they have new content with which to interact.
In addition to keeping security plugins up-to-date, manually moderating comments and implementing a CAPTCHA can help to prevent the posting of harmful content. Consider also setting aside time each month to test both internal and external links on your site, making sure they open up to the intended destinations. Broken links can impact your visibility in much the same way as maliciously installed user content. Menus and landing pages should likewise be scoured for incongruities, and replenished with engaging written and visual content, at least once per month. Contact information and details regarding amenities your company provides should reflect current service offerings and points of contact. Staying on top of these finer points will keep traffic flowing and your visitors’ personal information safe for the long haul.
Think of your company’s website as the family car, or perhaps one of the few currently parked outside your home. Maybe it’s the ‘98 Dodge Caravan with the rusted undercarriage and three missing hubcaps, or it might be that sweet new Beamer you bought last Christmas because “you earned it.” In any case, it’s a machine designed to do one thing—transport you and your groceries from A to B. Though its intended purpose may be simple, the means by which your vehicle actually functions are anything but simple. There are, of course, a bevy of individual components that require regular upkeep in order to keep the wheels turning. Mechanics like to use the term preventative maintenance.
The same principle should apply to your company website: routine check-ups and modifications stave off catastrophic outcomes down the road. It’s a remarkably simple concept, yet many site owners fail to protect both their brand and customer base by performing these systematic checks. A word to the wise: don’t be the guy who never changed his oil and wonders why his engine is seizing up. Consider instead playing the part of the nervous soccer mom who rings her mechanic at the first sight of an illuminated check-engine light. She might be spending a bit more time in a waiting room than the other guy, but she’s miles down the road as his jalopy comes to a grinding halt.
Perhaps your check-engine light has been on for a while, and you don’t feel comfortable popping the hood yourself. Consider dropping a line to your friendly neighborhood digital mechanics at Firebrand. We’ll have you up and running in no time.
When’s the last time you changed your oil?