Let’s start with square one.
Yes, your website can get hacked. All websites are at risk of being compromised. No, it doesn’t matter what information you think someone may or may not want from you.
No, it doesn’t need to be an eCommerce site and it doesn’t need to save customer names or credit cards. Regardless of what your website does or what you use it for, it can get hacked. Every attacker’s motivation is different. They may pick your site if it uses an old, unsupported platform, or because of the speed and strength of your server. Each of those things could be used to a hacker’s advantage differently. For example, an unsupported platform means it’s easy for the attacker to hack in, modify files and add tracking scripts to see passwords or direct users to a malicious website that can do more harm to your computer.
It could be just as simple as time passing your technology by, the vandalism of a kid kicking rocks down the street or hanging out of a car window smashing mailboxes … or, yes, it could be a more sophisticated attack motivated by tracking, theft or anything more nefarious.
The bottom line is you need to make sure you’re taking the right steps to manage, secure and protect your website. It is a living organism, treat it as such.
This is particularly true if your website does more than build your brand and serve up information. If you have client, customer, patient, or physician and provider portals and logins, security is absolutely vital as you have secondary and tertiary individuals and data you must protect. If you are dealing with medical information, patient and provider relationships, or even appointment booking or submission forms, you must protect the security of the individuals interacting with your website as they manage their health care or pursue health services from your health system.
Here are our basic recommendations for putting the pieces in place to manage your website security. Of course, it takes a plan to take action in the event of a threat, vigilance so your website does not go unmanaged, and a plan to update and evolve with the times and technology.
Your website consists of much more than what you see on your screen. It runs on a platform that is aging, just like a car, the day it rolls off the lot. There’s that, and there’s the experience of how people get to it – through search, targeted marketing, content on social media and more. Maintain a line of sight to all of it. Understand how your users are getting to and using your website. Build a map of where your site is, and how it is accessed and performs on mobile and desktop browsers. Test and manage that functionality across the board and be prepared to deploy updates as needed.
It should go without saying that a team that is familiar with your website – its technology, the platform it was built on, everything behind the scenes – will be vital to your success. With that in mind, it’s important to have a maintenance and a hosting contract in place that includes regular and preventative maintenance by a team that knows your site, its technology, your users and your needs.
Dedicate time to set aside each month or quarter for security updates to be deployed, not just to your site platform (WordPress, Django, etc.) but to your server operating system and software. Make sure you know who is responsible for this so it isn’t missed. Ask your web partner to install monitoring software so notifications are sent out when there is a site outage. These can be sent via email or text, whichever it is, it should be treated as something around which you build a plan to react and make necessary fixes or changes.
Make sure that as part of your hosting contract, regular backups of your site database are being created. We recommend daily backups, but sometimes that isn’t always feasible. At the very least, look into doing weekly backups. Should your site go down, your host provider can quickly get the site back up and running by using the most recent copy. You can’t necessarily plan for a site compromise, but you can and SHOULD have an action plan ready if it happens so you can take preventative measures.
Again, understand the basic truth … an outdated website platform that doesn’t receive regular updates is vulnerable to security threats. Running an outdated server operating system will make any kind of update more challenging, and in severe cases, make updating near impossible. In an absolute worst case scenario, an outdated website platform AND outdated server operating system make it extremely difficult for the developer to make any changes. This comes from deprecated documentation, and software libraries that are no longer maintained. This means a costly rebuild, as the developer has to circumvent these problems with hacky, patchwork solutions that are not easy to maintain, meaning a larger technical debt. At that point, after the damage is done, it could actually be better for you, and more cost efficient to start from scratch and build a new website.
As time passes, technology evolves. You need to ensure your website evolves with those changes. Ultimately, taking these steps for web security and web maintenance will give you peace of mind and guarantee minimal to no site down time. In this ever changing world, where technology leads behavior and behavior leads technology, if your digital experience is always evolving, like your customers’ needs, it will be one of the best.