We get calls every week from people asking us to fix their website. We're asked to finish projects or to rescue them from the money pit they have fallen into. As we investigate, we frequently discover that the problems are significantly worse than the client ever suspected. Largely, this is because developers didn’t follow Cybersecurity Best Practices or are not properly maintained from a security perspective. Either the website is a mess and unfixable or the bad guys have taken control. Sometimes saving a Penny, costs you a dollar.
The Cost of Doing Nothing
Most of these problems wouldn't have occurred if the websites were built properly and were maintained after they were launched. Bug fixing and security updates are part of diagnostic checks and routine procedures that sites require. Most of the time, these are difficult to execute, but someone needs to be vigilant and aggressively stay on top of the demands of the software that runs the website. Time and time again, we see that web developers simply have no interest in maintaining the website they've built. They’ve picked up their paycheck and split.
Once security vulnerabilities are discovered by a CMS provider, solutions get published. The bad guys get notified of what they are, and send their drones out to find unprotected targets to exploit. You can go to any website with a tool called BuiltWith and see what version of CMS software they have, along with technical details about your site that anyone can examine. Try it on your own website. The bad guys use internet drones to scan for these vulnerable websites and automatically break into them. Once they are inside, lots of bad things can happen like Ransomware. Not only do you have to pay in Bitcoin to get your website back, you have to pay someone like CommonPlaces to fix the problems.
We had a customer come to us recently with a website which had been built by another developer that was having problems. Their developer had not bothered to maintain the site, and it was hacked. It's like waiting too long to change the oil in your car, and one day having the engine seized. In this case it was in such bad shape from the Hackers, the only safe course is to start over, and build a completely new site. Severely hacked websites have backdoors created by Hackers to allow them to come in anytime causing problems, and it is almost impossible to detect all of them.
Worst Case Scenarios
The usual response to this diagnosis is to deny the real problem. Clients will protest that they aren't concerned because they don't have sensitive, private information on these sites. In fact, not all bad guys are interested in personal data. They may want to take control of your webpages diverting customers to their servers, with a bogus website that looks like yours. They can do anything they want to your customers, all completely without your knowledge until it is far too late. Imagine the cost of notifying all of your customers of a break-in.
The other trick that the evildoers are pulling off has to do with your server. Once they have access to your server, they can do all kinds of nefarious deeds. They may not touch your customers, but they could use your server to send out child pornography or launder money. As part of a daisy-chain of servers conducting DDoS attacks, this sort of crime is basically impossible to stop or trace. Nevertheless, your reputation is ruined when it is learned that your website was hacked, and in many cases you must reveal such information to all of your customers who had their information on your website.
The Responsibility of Ownership
If your developer doesn't doesn’t follow cybersecurity best practices or offer maintenance support programs, it's probably because it wouldn't be worth their while to support their work. You need to consider the total cost of ownership of your site, not simply the cost of building it. What is the value of your brand and reputation? Contact CommonPlaces if you want us to determine if your website is up to date or vulnerable to attacks.