The recent website leak of 11.5 million documents and 4.8 million emails from the world’s fourth biggest offshore law firm, Mossack Fonseca, shows just how important website maintenance services really are. In fact, last year I wrote on this very subject, which you can read here. So, how does something like this happen? Could it have been avoided, and what can we all learn from this?
How did this happen?
When I first heard about this hacking, I found myself thinking about how intricate this hack must have been. Surely a company such as Mossack Fonseca would have had some type of ongoing website maintenance services to prevent such incidents. Sadly, it appears that wasn’t the case.
Reputable tech sources around the world are reporting that the compromise was due to the simple fact that its content management system (CMS) for its client portal was three years behind on updates (Drupal 7.23). In addition, it was running on top of an operating system (Apache 2.2.15) that was also many versions behind – the most current version being Apache 2.4.20.
Drupal, like other CMS systems such as WordPress and Joomla, posts regular code updates when a security vulnerability has been discovered. Simply neglecting to update the content management system allowed a hacker to find a vulnerability into the server. The hacker then moved laterally to gain access to all the digital assets on the server.
Why website maintenance services are so important
Assuming that the reports are correct and this wasn’t an inside job, avoiding what happened could have been relativity simple. I say relativity simple because when it comes to the web nothing really is “simple.” However, performing maintenance updates to the website’s content management system as they became available, as well as updating all corresponding plugins that extend the functionality of the site, would have sealed any potential cracks in its code base.
The process of updating a website’s core files and plugins can vary in size and complexity. But make no mistake about it. No matter if you are a small or large company, website maintenance services should absolutely be part of your yearly IT budget.
What should a typical website maintenance service program include?
Fact is, no CMS solution is 100% secure. But these risks can be dramatically reduced by taking simple, proactive steps. The most basic tasks in any website maintenance service program should consist of the following:
- Review and update Content Management System core files
- Review and update components and plugin files
- Maintain a firewall list that contains whitelisted and blacklisted IP addresses
- Review comment and form spam; clean out as necessary
- Perform ongoing security audits for potential threats
- Conduct weekly backups stored in a remote location
Your website is your most important marketing asset, and you spent a lot of time and money developing it. So be sure to include a yearly IT budget for ongoing website maintenance services to make your site as safe from hackers as possible.
All marketing tactics should be thought of as part of a larger whole, rather than separate pieces. By strategically integrating all tactics, the programs become more effective and cost efficient. An Integrated marketing communication plan helps you meet real business objectives – generate leads, grow revenues, gain market share, and become the leading brand.