It’s the start of the New Financial Year and while we’ve all seen a significantly different year in 2020, we’ve have been busy identifying new and better ways of working together, honing our craft and how we can deliver more to our clients in these challenging times.
Cyber Security – Australian industry is being targeted by major cyberattacks, while the frequency of attacks is increasing, putting some mitigations in place can make you less of a target. See what the Government has to say about it here.
Our Top Tips For Securing Your Website
Independent security audits – Depending on the type of website you run, and the importance of the information that sits within it, we recommend regular automated scanning for threats and backing that up with an independent security audit.There are a number of ways a website can be checked to see how secure it is. Regularly scanning the site is an efficient, and cost-effective way of finding any obvious “gaps” in your web firewall, whether there’s anything untoward (and unknown!) hosted on your site among other checks and balances. Depending on the checks, these might run daily, others might run monthly. Typically a report is produced which outlines what tests were run and a grading on the severity of any issues found, along with what’s required to remove that issue. This is something we’ve set up for a number of our clients, and depending on the checks required, it can be pretty low-cost. Let us know if you’d like more information on what’s available.
In addition to the automated checks, an independent security audit of your site, ideally every year, will provide more confidence in the site’s security. This can identify new risks or validate your level of protection. The key word here is “independent”, so this isn’t something your digital team nor us should perform. We have a number of specialists who we can recommend, but of course do not have any financial relationship with, so please get in touch and we can pass those details on.
Passwords – Having a strong password is a great defence but people often reuse them. In fact, up to 80% of security breaches involve compromised passwords (2019 Data Breach Investigations Report, Verizon – via DBIR Interactive). Two-factor authentication (2FA), sometimes known as multi-factor authentication (MFA), can offer more protection as it provides a way of double-checking that you’re really the person the account belongs to.2F/MFA uses independent identity checks to validate you as a user at login, which often use your email address, and a unique code you generate with your mobile phone or sending you an SMS with a 6-digit code.For our WordPress clients, we partner with and recommend Duo and Wordfence to provide toughened solutions. Get in touch for how we can implement these tools on your WordPress site.
User Permissions and Governance – One key aspect of security is your users. Ensuring your users have the correct user permissions for their role provides another safety net. Locking down access to those who need it only, and when staff leave or change roles, their access and permissions are managed accordingly. Businesses often give out “admin” level access to make it easy as an admin can do anything, but that also potentially brings a whole new level of responsibility the person may not realise. Admins can add content anywhere on the site as well as delete it; they can get full access to any customer or order information stored on the site as well as alter the look-and-feel of the design. They can also delete other user accounts, which could lead to being locked out of your own site. This is particularly concerning if that user’s password has been compromised as a 3rd party could commandeer the entire website.
We recommend severely limiting the use of the “admin” role as much as possible, and instead, defining new roles that suit the needs of the website contributor. This can reduce both the threat of what could happen should that user account fall into the wrong hands, but also ensure that the user can effectively do their job when it comes to the website.For WordPress sites, we recommend the “User Role Editor” plugin which has a large number of configurations on how to define roles across the WordPress dashboard interface. We can help set this up for you and your team – just get in touch and we can discuss how best to do this.
Website Hosting For Business
Our hosting partnerships are increasing. Since 2019 we’ve been working with a Google Cloud hosting partner and suffice to say we’re able to offer more value and reduce costs for some clients utilising WordPress as their CMS moving to a new hosting arrangement.
There are numerous benefits with the new hosting offering, which include:
- WordPress specialisation – our partner only providers hosting for WordPress sites and as such, their systems are designed to gain the maximum performance, security and options for the WordPress platform
- Speed! Some of our clients are seeing a 15-20% improvement in page load times. There’s plenty of evidence which shows the correlation between website speed and conversions (eg purchases) along with improved SEO
- Cost savings are harder to measure as it all depends on the needs of the website, however achieving a ~20% saving is quite common
- 1-click staging site creation – ideal for ensuring that your test environment is fresh and has the same content, data and functionality as the live site
- Built-in Content Delivery Network (CDN) – the ability to “off-load” your images, PDFs, Javascript files and load them from a dedicated server means your website, indeed the web server, doesn’t have to do as much. This leads to more users being able to be served faster as well as improving the user’s experience by getting the information faster
- Improved caching engine – more of the website is cached, which means it’s faster to load for the user which again can lead to improved conversion rate and SEO
Our existing partnerships with AWS and other top-tier cloud providers continue as hosting a web application is rarely a one size fits all scenario.
Contact us to find out what we recommend for your specific requirements and what other benefits this service provides.
New Capability – Business Analysis
Our team has been growing with our project management and business analysis capabilities. COVID 19 has continued to teach us efficient operations is good business.
Our business team Garth Walker and Melisa Albisetti are established Business Analysts and able to help you identify business problems and deliver cost-savings. The team has worked with hundreds of businesses of all sizes across our 16 year history. That wealth of knowledge is available to you to help identify what will benefit you and your business. See how our strategy services can help your business.
iugo Software Development
From 1 July 2020, we’re moving our development & staging environments in-house to iugo.
Over the past 6 months, we’ve increased our capability in our deployment model to streamline our services and increase efficiency. If you would like your own pre-live environment, get in contact with us to request one for your website.