‘Secure’ isn’t perfect, but it’s something

Your chance of getting struck by lightening is low. But you don’t run around in thunderstorms.

Everyone is getting hacked. Yahoo lost all of its over three billion user accounts to hacking. Verizon? Check. Target? Check. Equifax, too— to the tune of 140 million users’ sensitive identity information.

The only surprise, now, is how little we actually care.

Take small business websites. Over the last twelve months, fourteen million small businesses were hacked. Think about that number another way. You have about a 0.00010416666666667% chance of getting struck by lightning. And you have a 25% chance of getting hacked. (2017 Ponemon Study)

The numbers are so staggering that they remains just that—numbers. What isn’t reflected is the loss of trust, reputation, and business that hacks inevitably bring about. If you lose people’s sensitive information, you lose their trust. Once you lose their trust, you often lose their business forever. Skimping on security is the most costly mistake many businesses make. The average cost of a data breach this year was $3.62 million. (2017 Ponemon Study)

Paying attention to three things can take a business from totally insecure to nearly best-in-class:

1. Servers. Hosting is a beast—a hydra, really. Don’t try to do it on your own unless you have staff and resources to pour into it. Pay a group whose job it is to get this right, 24/7. The requirements both digitally and physically to secure servers is well outside the scope of most web developers and agencies. Use a provider that offers Platform as a Service (PaaS). And every site needs an SSL certificate for end to end encryption. It’s a matter of principle. If your website doesn’t show a lock in the address bar you are unnecessarily exposed.
2. Code. Write your own code. Take ownership of your code. Or have someone do that for you. It is cheap, quick, and insecure to pull templates off the shelf to use on production sites for business. As Steve Jobs once said, “We don’t ship junk.” Refuse to ship junk code. Every website pushed live should be built, controlled, and understood by you. Properly written and understood code is essential to secure websites and applications. No exceptions.
3. Vigilance. It’s necessary to constantly monitor web security, best practices, and trends. It is a fiction to imagine anything is 100% secure, and equally to imagine no site is secure because nothing is 100% secure. If a website being built today doesn’t ship with an “A” rating on the industry standard security tests, like Mozilla’s “Observatory,” then it shouldn’t be shipped.

If you don’t know where your website’s security stands, go to https://observatory.mozilla.org/ and put in your website address. What you see will probably shock you, as precious few developers and agencies are developing web applications with an eye for security.

You can have a secure site. You can do security right, and it’s the right thing for developers to give to their clients. You and your users deserve it.

At Fiat Insight, we not only offer state of the art WordPress hosting solutions (fiatinsight.com/hosting), but we’ll fix, patch, and bring your WordPress website back to safe waters as an “A” rated Mozilla Observatory website. Need consultation on where to begin with your servers, code, and web policies? Reach out! We’d love to put our knowledge and expertise at your service.