Learning from Others’ Mistakes: What Every Business Can Learn from the Equifax Hack

The Equifax hack was one of the worst cybersecurity breaches in American history.

Here’s how it happened: hackers entered the Equifax servers through Apache Struts, a popular open-source development framework for Web applications. The Equifax hack ultimately compromised the personal data of over 143 million people, or about half the U.S. population.

By now, we know that the company could have easily avoided the disaster. Four months before the breach, the Apache Software Foundation issued an alert for the vulnerability. Equifax either ignored the alert, or never saw it in the first place.

Over 40% of WordPress websites are not up to date

While the Equifax hack is unique in terms of its scale, it’s actually not unusual at all in terms of its inaction. Even though WordPress powers about 75 million websites—over 25% of all websites, in fact—almost half of them are not up to date. Furthermore, recent studies show that over 51% of businesses have no budget whatsoever for cybersecurity. That means that, with no IT personnel in place, companies who received warning security announcements like the one Equifax received either ignore them, or don’t see them at all.

Don’t be the next Equifax hack: How to protect your website’s data

In order to secure your data, there are two things you should seriously consider: ongoing, regular website maintenance; and professional IT services. IT professionals can scan your network for potential vulnerabilities and implement security measures which block potential threats. Many IT companies can also provide security awareness training that helps employees identify possible phishing scams.

Website maintenance can also help significantly reduce your risk of a cyberattack. With a quality site maintenance program, professional developers will regularly examine your website for out-of-date plug-ins, broken links, and other weaknesses that can increase the risk of a breach. Keeping your site routinely monitored and updated can help close the “gaps” which cybercriminals often target.

As a bonus, regular web maintenance will ensure your site delivers a better user experience, among other things.

An ounce of prevention vs. a pound of cure

On the surface, website maintenance and IT services might seem like too much of an expense to be worth it. But compared to the cost of a breach, it’s actually very low. For instance, think back to the Equifax hack: within four days of announcing its data breach, the company’s value tumbled by over $3.5 billion. Add that to the litigation costs and other expenses, and that’s just the tip of the iceberg.

Long story short: It’s much more cost-effective to be proactive than reactive. Fixing a compromised site (or rebuilding it from scratch) can cost ten times as much as monthly maintenance. And that’s not the worst that could happen: a hack could empty your company bank accounts; damage your reputation beyond repair; or compromise your clients’ data, causing you embarrassment at best, and litigation at worst.

Then there’s the opportunity cost: while you scramble to try to bring your business back to speed, you’ll be losing out on sales. Every way you look at it, you’re much better off protecting yourself before a crisis than resolving one after the fact.

Interested in site maintenance?

We’ve worked with many businesses over the years, and we’ve seen first-hand the consequences of neglected website maintenance. It won’t surprise you to learn that we offer a site maintenance service, called OverSite™, to help protect our customers from breaches and slow performance.

Our OverSite clients benefit from our development team’s constant vigilance. For instance, when WordPress issued a critical security update a few months ago, our OverSite clients’ sites were immediately updated and the owners were notified.

If you’d like to learn more about OverSite, give us a call. It’s more crucial to protect your site now than ever before, and we’d love to help.

Red Letter Marketing is a branding, marketing, and advertising agency based in North Carolina. 

4 Reasons Why a Website Maintenance Service is a Good Idea

Your new website is finally launched. Time to kick back and relax, right? Unfortunately, it’s not that easy.

The moment your gleaming new site goes live, various forces are already starting to pick away at it. Hackers poke at your infrastructure. Updates bob around, promising to make things better, yet often failing to do so. Forms and links which once worked perfectly start sputtering. The truth is, without a website maintenance service plan, your website will inevitably start to suffer. Eventually, so will your profits. Below are 3 reasons why regular site maintenance is a smart idea.

Protect yourself from cyberattacks

Phishing, ransomware, Trojan horses: The modern hacker has no shortage of tools to make your life a living, er, heck. And according to Forbes, over 30,000 websites are hacked every day—meaning any website owner is at risk. Since many hacking attempts take advantage of outdated plugins and other inconsistencies, a website maintenance service can help greatly decrease your risk.

Keep your rankings in search engines

If your website is slow and outdated—or peppered with broken links and error pages—the Google gods notice, and are not impressed. To put it more technically, when search engine spiders crawl your site, they take a tally of any broken links, missing images, and 404 errors. If they conclude that your site is inferior to its better-maintained neighbors, you’ll be lowered on results pages, and customers who would have seen your offerings first will see your competitors’ instead.

Impress your customers

These days, your website is your business. If your website functions poorly, your visitors will assume that your business runs poorly, too. And when it comes time to make that crucial purchasing decision, they’ll take their money elsewhere. To win customers and keep them coming back, it’s crucial to schedule regular site maintenance so that everything is running as it should be.

Make changes incrementally

Of course, not all updates are for security purposes; some are just plain fun. Many updates promise to add jazzy new features to your site that can keep your user experience fresh and engaging.

However, if you make 10 months’ worth of updates at the same time, it can have seriously negative consequences. Firstly, your regular users will experience a dramatic change in what they’ve come to expect, which can cause frustration and loss of sales. And secondly, in the words of one of our developers, “A website is like a car engine—you don’t want to just throw a bunch of stuff in there without thinking about how it all works together.” If you make gradual updates on a regular, scheduled basis, you’ll experience less problems all around.

Why a website maintenance service is good for business

When you make a small investment in site maintenance, your business benefits in multiple ways. You diminish the chance of security breaches; impress your visitors; elevate your search engine rankings; and make sure that changes happen at an even pace. It’s a win-win-win all around, for just a small percentage of what you’d have to pay to fix an issue like a crash.

If you’re just learning about website maintenance, and would like to get started, you might consider Red Letter Marketing’s OverSite™ website maintenance service. OverSite goes beyond automated tools and software. Instead, our real, live human developers will personally inspect your site once a month and scan for any glitches and errors. We’ll shoulder the burden of your site maintenance so that you can focus on running your business. To learn more, give us a call.

You’ve Been Hacked! Now what? Unpacking Business Cybersecurity

Here’s a business cybersecurity story that happens all too often.

A financial services company provides a website portal for their clients to access their investment accounts. Clients visit frequently to review their accounts and browse the company’s rich library of helpful information. One afternoon, while the company president is at lunch with a client, he receives a panicked message from his IT manager. He learns that the site has been hacked, and an ISIS banner is prominently displayed on the home page. After the initial clean-up and damage control, the president vows that they will never again risk such a business cybersecurity event, and demands that marketing and IT do whatever it takes to make the site 100% secure.

It is not uncommon for business websites to get hacked, and vowing airtight business cybersecurity begs a host of questions:

  • How secure can any site really be?
  • What are the best practices for sites requiring strong business cybersecurity?
  • What are the additional costs of building a site with maximum security? Is there a point of diminishing returns?

 How secure can any site really be?

“The first thing I tell website owners is that security is about risk reduction, not risk elimination. You must get your head around this simple fact…there is no such thing as a 100% solution to staying secure.”
-Tony Perez, Sucuri

Website attacks generally fall into two categories: an automated attack of opportunity (by far the most common type), or a targeted attack (the type more likely to occur on larger entities or governmental organizations). To be frank, at some point one of these will likely happen to your site. It’s not so much a matter of if a site will be attacked, but when. However, taking well-planned and reasonable tactics to prevent hacks puts the odds in your favor. Many of the horror stories we hear about, like the 2013 Target hack, are the result of human failure, not because of the software or applications themselves. Most commonly, people fail to follow processes and best practices in IT management, website maintenance, and updating.

Best practices for business cybersecurity

It begins with experienced developers who understand the current applications and best practices when building a site. They should know the most likely points of vulnerability, and how to write code that allows desired data to pass, but blocks potentially harmful data. They also should  understand how to plan and build for enterprise-level business cybersecurity, as well as hosting applications that can help manage security risks.

Once a site is built, there are basic security precautions (e.g., making sure access information is not obvious, and is regularly refreshed) that should be implemented. The site should be properly maintained as new software patches and updates become available. It’s also important to have the right hosting setup, and applications to monitor for security risk. Lastly, have a response plan for how to handle such threats, and worst case, a malicious hack. This includes having a separate backup to get your site immediately up to speed again.

There are costs to maximizing business cybersecurity when building the site. Is there a point of diminishing returns?

One can make the case that a more secure site is one that is custom-built from the ground up. However, significant liabilities come with a custom-built CMS (Content Management System), compared to off-the-shelf CMSs like WordPress or Joomla:

  • It’s much more time consuming, and thus more costly, to build
  • If your developer or IT person goes away, so does the one repository of knowledge of your CMS. Code can be as individual as people, so bringing in another developer would be time consuming and expensive
  • A home-grown system does not guarantee business cybersecurity. In fact, even if built perfectly, they are notoriously unreliable over time because owners fail to keep them updated

The advantage of going with an existing content management system (CMS) solution vs. custom development is the availability of the functionality that makes content management easier and less costly to implement and to keep updated. These systems are constantly improving because they are open source platforms. (Open source software is software whose source code is available for modification and distribution by anyone.)

What is an open-source platform?

The White House, the FBI and the CIA all use open source software for their websites, rather than custom, built from scratch code. The core features to look for in decent Content Management Systems include:

  • Strong security
  • Theming functionality
  • Page templates
  • Menu systems
  • Blocks/widgets
  • User/role base authentication and access control
  • Revision control
  • Regular updates

Along with these core features, a CMS should have the capability to support modules, plugins, and extensions. There are various prominent open source and third party licensed extensions that bring enhanced functionality to a CMS. These enhancements include search engine optimization, tools for analytics, social network integration, etc. Of course, you should add everything with the understanding that business cybersecurity is the priority.

Who uses WordPress, and what are its advantages?

The most widely used CMS platform is WordPress, and with proper development and maintenance, businesses experience minimal security problems. The New York Times, CNN, Sony, UPS and IBM all use WordPress. For companies with extreme security concerns, there are other CMS platforms, such as Drupal, that are solid candidates for consideration. Drupal has strong coding standards and a rigorous community code review process that gives it security and stability.

“Security is hands down the biggest differentiator between WordPress or Drupal. Drupal has enterprise level security and site scale. For this reason, many government websites are built with Drupal, the most famous of which is Whitehouse.gov.” 

–Adam Hermsdorfer, Big Tuna Interactive

Currently The Economist, Cisco, Voya Financial (formerly ING U.S. Inc.), Novartis, GE, Pfizer, U.S. Department of Transportation, The White House, and many more entities are using Drupal.

Ultimately, there is no 100% secure system. However, following the best practices for maintenance and updates is a practical and effective way to keep your site secure, without having to re-invent the wheel in an effort to maintain full ownership of the codebase. In addition to the CMS platform, you can also place content delivery networks (CDNs) on your site to act as a website firewall. (But that’s another blog.)

The best website security is proactive prevention.

Hire the right experts to help you implement best practices, including the initial site development, proper hosting, and ongoing maintenance. Have a smart access and content management process, and make sure your team has an action plan in place to manage a security emergency.

Does your site have the proper security built in? Do you need to learn more about proactive maintenance to minimize risks? Just click the button below.

Why you should invest in website maintenance

At Red Letter Marketing, we specialize in helping our clients get the right website for their needs. That might require building a new custom site, a templated site, or updating their existing site. But no matter what, we also know every site requires regular website maintenance, and we want you to understand why.

Website functionalities are constantly changing.

Many clients believe that once their site is built, it will function flawlessly forever. Sadly, there is no such thing (because if there was, we’d build only that). The fact is, websites need routine upkeep and adjustments, much like cars, to keep things running smoothly. The environment in which your site functions changes every day. That means your code and software require regular maintenance to keep pace.

In other words, it’s not the car that’s slowly changing, but the road. Essentially, you need to adjust your vehicle to the landscape –a landscape that, for better or worse, you’re constantly navigating. You wouldn’t dare take your heavy, bald-tired pickup down a rainy Seattle highway. But that same truck might be perfectly fine to drive 300 days a year in Arizona. Transfer that attitude to your site, and it seems obvious you’d want to keep everything safe and smooth.

Invest a little on regular website maintenance, or spend a lot to recover what you’ve lost.

Many people believe that a fresh site should never require care. That belief usually comes from comes from 1) the desire to save money, and 2) unfamiliarity with the way sites work. We can dismiss the first easily, using our car metaphor. Refusing to replace your wiper blades because your car still runs is absurd. However, driving has many other facets than a solid vehicle. There’s a user to consider, and if that user faces complications, your running engine is useless.

The latter is simply a matter of being unacquainted with site function. Most of the websites you use and visit every day –particularly those utilizing databases (like Google and Amazon)– contain countless lines of code, and rely on software that runs on your web host. Odds are, the code was written by several developers, with different skillsets, at different times. Much of this is “open source,” or code made available to the general public, completely free of charge. Needless to say, this code changes often and drastically, and results in malfunctions within your site. Then, pages load slower, and links break without warning. Finally, it’s a cybersecurity risk.

A cybersecurity breach can devastate your business.

It’s no secret that hackers (and other digital villains) threaten neglected sites by searching for vulnerabilities in code. If you’re even vaguely familiar with code, you know that, like Christmas lights, one glitch can cause the whole shebang to go dark. A site hack can have devastating fallout, and reinstalling from a backup won’t always cut it. If there was any data processed between the fallow and reinstall, you’ll likely lose it to the ether. For businesses that can mean lost leads, or, in the ecommerce world, missing orders.

Then, you will need to understand and address exactly how hackers exploited your site in order to stop it from happening again. That means fixing existing damage and upgrading the code (and themes, and extensions) to run the latest software. Finally, these fixes don’t come cheap; repairs can cost ten times what website maintenance would. Put that on top of the revenue lost during downtime, and you’re looking at a hefty bill.

Regular website maintenance assures smooth and secure operations for both you and your site’s visitors. Without it, things will start to chip away –and that’s if nothing bad happens. At its worst, unmaintained sites get exploited through outdated source code, bringing down the castle walls.

Users expect everything on a website to function predictably, and they will quickly leave if it’s not working as expected.

To keep everyone happy, and your business well represented, get that oil changed methodically, and adjust your equipment to the road. Invest in website maintenance.