In part 1 of this short series we provided some background information about why hackers hack and why websites are susceptible to hacks. If you haven’t read that, go back and read here. Part 2 dug into what you need to know before you work with a website developer to decide the best course of action for building your website. If you haven’t read that, go back and read here.
So what can you do about website security?
Assess your situation
There are a few main things to think about from a security standpoint then when it comes to deciding how to build your website and how much to pay for hosting.
- Do you really need a content management system?
Many website owners think it would be nice to be able to manage their own website content but in reality don’t take the time to learn how to do it or to do it well. Many websites are riddled with security holes because of an outdated CMS and the owner isn’t even using it because they don’t have the time or know how. - Are you being realistic about costs?
There is no cheap way to have a great website. Setting up a website yourself using a website builder or paying a company minimal dollars are not good options for professional websites that are going to help increase your business. A great website is designed and developed by the professionals to meet specific goals and communicate effectively with your target audiences and should be an effective sales tool for your business. Dr. Ralf Speth said “If you think good design is expensive, you should see the cost of bad design.” - Would you rather pay more at the onset or spread the cost out over time?
Custom development will cost you more initially, but can save you a lot of money over time because maintenance and security costs become ongoing expenses and when your website is compromised someone has to go in and fix it – which isn’t free.
Assuming you want to work with a professional, let’s look at what you need to do in order to get the right website for your company.
Work with your developer to decide how to build your site
If you want to be able to manage your website yourself you must realize that this is not free. Many inexperienced web developers will tell their clients that using a pre-existing CMS with pre-existing plugins to build the functionality is a no brainer because they can easily manage their own website, development time is less and therefore cheaper and there are no ongoing costs. Why re-invent the wheel right? Because that’s exactly the attitude hackers rely on to make their job simple that’s why! Before deciding whether to use pre-existing software, you will need to weigh out the ongoing costs to keep the site maintained and updated for security. Using pre-existing software isn’t always bad. Sometimes the new site will require a lot of functionality and using plugins will save you thousands of dollars in up front costs. In this case, the cost of maintenance might make sense. If your web developer doesn’t offer ongoing security maintenance, expect trouble in the future. If your website is not maintained it will only be a matter of time until you join the millions of website owners who suffer from the effects of a compromised website each year.
Some developers will code their own plugins and only use them on their own client websites. This is also a much safer option because hackers usually won’t go through the trouble to find the security holes in a custom coded plugin that can only be used on a couple of sites. Your developer also has full control of the plugin and can keep it updated and working as the CMS is updated. There will still be some associated maintenance but it should be less and if the CMS itself is custom coded it’s even safer with even less associated ongoing maintenance costs (but usually a higher up front development cost).
A custom coded website with no CMS will require the least amount of ongoing maintenance for security. The website is custom coded to only do what it needs to do based on your requirements, meaning the code is lean and doesn’t have a lot of bloat. There is no back end admin system for the owner to manage their content which keeps the code minimal. It also means that you don’t have to sacrifice design or usability because you can code the site to do whatever you want instead of using something pre-made that will be restricted to what has already been created.
Website Security is a complicated subject. Your web developer should be able to educate you and help you decide the option that makes the most sense for you depending on your budget and functionality requirements.
Having Security Issues with Your Site?
If you already have a current website and are experiencing security issues or suffering from someone else’s insecure website issues, you may find this all a bit off putting. Chances are you were not properly informed of all of this when deciding to build or not to build. It would be tempting to blame your web developer and demand recompense, but before you chop off his hand let’s look at things from his or her perspective (for the sake of this article we’ll call it a him).
Firstly, as I mentioned earlier this situation is only getting worse over time. If your website was built even 4 or 5 years ago hackers were much less sophisticated than they are now and a hacked server was not nearly as common as it is today. This means that the issue wasn’t so much on his radar. Secondly, this is all fairly complicated. It is hard to get customers to understand all of this and justify the additional costs. Customers want websites and want them cheap and a lot of the competition is giving them insecure sites and walking away. Thirdly, because this is all happening so rapidly it can be difficult for a website developer to all of a sudden become an expert in security and hosting. These are complete fields of expertise and as a company grows and expands if they don’t have the right infrastructure it can be very difficult to keep up!
It’s Time to Act!
Most businesses already have a website. If you haven’t done so, it’s probably time to have a talk with your website provider about the issues surrounding website security to see if they have proper measures in place to secure your website. At Fireside we offer professional security packages for websites of all shapes and sizes and provide a free assessment to help you decide which package is right for you. You can check them out here.
If you are looking to build a new website it is important to think about security before you build and should be a major factor when choosing a website service provider to work with.
Hopefully this short series of articles has helped you understand some of the issues surrounding website security and what you can do about it. Remember – most hacks are not personal and taking some basic ongoing security measures can go a long way to ensuring your website and emails are going to be there when you need them, avoiding the costs and negative reputation that comes with being hacked.
Stay safe.
