Mitigate Risk with a Website Maintenance Plan
These days, the majority of companies make use of some incredible technologies to drive their database-driven websites. Regardless of whether you employ WordPress, Joomla, Drupal or other content management systems, your website must be highly flexible and enable integrations in order to support your business growth plan and leverage its power to achieve key marketing objectives.
What’s baffling, however, is the fact that while so many companies invest heavily in their websites, they often fail to protect these assets and expose themselves to serious risks. Similar to the IT environment, key considerations such as backup, security and maintenance must be addressed in order to ensure a safe, stable website.
Why does this situation exist? There are a few reasons:
Lack of understanding and education. In most companies, there is an individual or a team responsible for the website and significant budget assigned to the web environment. Yet we find that management often has no clear understanding that risk mitigation must be part of web management or else organizations are leaving themselves open to hackers, facing potential loss of content and functionality, as well as downtime. With so many dollars going towards this effort, it’s critical to protect your investment.
You know what they say about assuming. Often times, we find that a false sense of security exists as it relates to company websites. There’s an assumption that your website is being protected, whether that’s through your web host, your IT team or maybe even your web development expert. There’s also a false impression that there isn’t much to be done to ensure website continuity. A few updates here, a firewall there. But, again, this is not the case. If you don’t have a website security and maintenance plan spelled out and implemented, then you can almost guarantee that this work isn’t getting done.
THE 3 KEY AREAS OF RISK MANAGEMENT FOR YOUR WEBSITE
Unless you have a website maintenance plan with a regular schedule of backups in place, you are at risk for content and data loss. In the live web environment, things can fail as a result of multiple situations such as bad installations, hacking, etc. When disaster strikes and you need to recover your website, the only way to quickly and completely recover the site is by having an up-to-date backup. Otherwise, recovery can take days and lead to lost business.
The best thing about website backups, though, is that they are low cost and effortless; you just need a plan. Here are the most important things to understand about backups:
- What is backed up and how frequently?
- What is the retention plan? How long are we keeping these backups?
- How do we recover the site? How do we gain access if needed?
Think of backups as your mini disaster recovery plan but, most importantly, make sure you have a plan!
When we talk about website security, we consider it in relationship to the popularity of specific content management systems. When you think about it, risk is always based upon magnitude; the greater the market share of a particular technology, the larger the risk factor since more people are trying to exploit the vulnerability of that platform. One of the key benefits of WordPress, for example, is that it’s Open Source and offers a wide range of plugins but this also means that it creates some of the largest security holes that we see. With a huge user base and an open coding environment, companies who utilize WordPress must have a security plan in place.
Security risks often arise as a result of malicious code as hackers seek to use servers for their own benefit. As software and plugins are updated, new potential opportunities for exploitation are introduced to the website environment that they can take advantage of and these pieces of malicious code often manifest themselves as bad advertising that the search engines can pick up. Even something that seems as innocent as a comment on a blog post can introduce a risk as one of our clients recently found out when whole sections of their website were suddenly missing.
An effective web security plan is focused on preventing this type of traffic to limit access to the database itself and scanning for exploits of this nature. It’s critical to monitor website health in order to fend off attacks.
There are two types of maintenance that must be addressed in your web management plan: core content management updates, as well as plugin updates. The interesting thing about plugin updates is that there are no guarantees that they will work since they aren’t verified. Additionally, if you have 20 or 30 plugins, you may find that some of them are no longer supported and can break at any time with core CMS updates. If you pair this situation with a bad or nonexistent backup process, you have a recipe for disaster.
It goes without saying that within an open source environment, you must always be cautious and have a testing plan in place anytime you update the core or the plugins. In certain cases, we see companies with plugins that are no longer supported which means that they cannot update their core content management system. Regardless, you must at least be up to date on security patches and then you can test. Having a sandbox testing environment means that you can ensure the continuity of your site and protect your existing database in the event that something breaks.
DEVELOPING AND IMPLEMENTING A WEBSITE MAINTENANCE PLAN
Clearly, you need a plan to easily and effectively address backup, security and maintenance for your website. It’s also important to understand which tasks need to happen monthly, quarterly and longer term. With a solid maintenance plan in place, issues can typically be resolved in less than an hour. Without one, you are leaving your site open to great risk that can mean days of downtime and costly rebuilds.