How much do you know about the maintenance of your web site? I’m not talking about new posts, or edits to keep a page current. I mean the back-end stuff. Because this stuff is really, really important for your cybersecurity.
Many freelancers are getting into website design because they like doing graphic design, but not all of them understand the security issues. Find someone who understands the back-end issues, who can help you address site security.
Consider this business that contacted us because their website was triggering security warnings in visitors’ browsers. By the time they asked for help, things were so bad that some companies whose products were being sold on the site had demanded their logos be removed.
The site had been designed a few years back. Once the designer was paid, the relationship ended with no plan to keep the website software updated, and nobody responsible for monitoring the site’s user accounts and login history.
We investigated, and discovered a hacker was quietly using the power of the business’s web server to process unauthorized transactions.
We deleted the hacker’s login ID, and then turned to updating the site software.
Sadly, they’d missed so many updates that applying them all now would “break” the site. There would be too many changes all at once. If they had applied updates promptly, they could have gradually adjusted the site to the updates and also benefited from timely security patches and bug fixes. Now their only option is to start over from scratch.
These problems are less of a risk if you use one of the website services that provides a package of hosting, url, and design tool. (For example, Weebly or Wix.) But if you purchase your hosting separately, you have more responsibility for the back-end and security of your site.
Questions to ask your site designer
If you have a website or are planning one, get answers to these Very Important Questions: How will you know when updates are released for your software, plug-ins, and php? Who will apply these? Who watches for unauthorized logins? Is your site being backed up? Your site designer might do all this for a monthly fee, or set you up with a third party who does, or train your staff to do it.
Got security certificates?
If visitors to your site are seeing security warning pop-ups, the fix might be as simple as getting a new security certificate. This is a common problem due to the new TLS website security standard. It’s not going away, so you may as well get it taken care of soon.
Consistently slow response time?
If your site is feeling bogged down, it may be advisable to get a Website Security Assessment and make sure there’s no unauthorized monkey business happening in the background.