On today’s “Golden Nugget“, CEO of Auxiom, Matt Loria sits down with Curtis Hays, founder of Collideascope, a digital marketing agency to talk about managing your website and how to keep it secure.
Transcript:
0:02) I’m Matt Loria with Auxiom, bringing you another Golden Nugget, where we’re bringing you helpful tips and timely information on IT and cybersecurity for
your business. I’m sitting here with Curtis Hays, who’s the founder of Collideascope.
(0:16) They’re a digital marketing agency and they specialize in WordPress.
(0:20) WordPress only, yeah. Right, and also want to mention that you are our partner in WordPress hosting and security that we offer to our clients as well.
(0:31) Yeah, so where I’m a little bit different than a lot of other marketing agencies, my background is in IT, like you guys, and so when I approached the marketing side of things, I wanted to not only just make sure things were secure, but that I had a tech stack that was repeatable, that we could support, (
0:51) that I could bring in somebody else and train, and you know, be easier for them.
(0:56) to understand what we were doing and understand that across multiple clients to make it easier support across multiple clients.
So, we picked a platform and then we picked a host, which is WP Engine, and then along with that
(1:09) host comes a lot of other, you know, features, functionality, those types of (
1:14) things that we can make sure our clients are secure and protected. Great, great, and
(1:20) you make it real simple for a client to say, hey Curtis, take care of my website, and they know it’s secure, they know it’s functioning, they know it’s up to date, and you offer those managed services for that as well. Right, right,
(1:33) so say a company comes to us and they’re hosting with a GoDaddy or a Bluehost, those are fine hosts, but we’re working with businesses who need, they need reliability, they need to make sure that things are secure, they’ve got the uptime.
(1:48) that they need, and so what we do is we can easily take that out of the environment they’re in, put them into WP Engine, with that we have what’s called a global edge security product that WP Engine offers, which is a firewall that’s
(2:02) at the edge, so it’s a hardware level firewall, we can install our own software level firewall, so we’ve got multiple layers of protection, with that we add.
(2:11) two-factor authentication to make sure that we’re monitoring and, you know, the admins that we’re logging in are only the admins who are authorized.
(2:21) and there’s that multi-level authentication, make sure nobody’s being brute force attacked, and that’s another thing that we do, is we protect the default WordPress.
(2:31) login URL, so none of our clients have the slash WP admin, that there’s gonna be something else that can’t be guessed, that makes it more difficult than for brute force, but the biggest vulnerability in pretty much all of these content.
(2:44) management systems, which is what WordPress is, is plugins being outdated, or your theme being outdated, and so another product that’s offered with this global
(2:55) edge security is an automated plug-in updater, so we can schedule either daily or weekly plug-in updates that happen automatically, just like Windows,
(3:03) Microsoft Forever has had, you know, updates to your computer, and you can schedule those updates on your computer, or in a business environment, they could
(3:12) be scheduled from a server and deployed across the network, so we do that for
(3:17) our websites, and we schedule, on the weekends, updates to run, so we make sure everything’s always patched, but we’re also notified if there’s a critical
(3:27) patch that needs to happen, there’s a vulnerability that comes out into the market, and we need to get those patched, and we go in, and we manually do those,
(3:34) and we’re notified when that happens, so which is great about WPNG, is they let us know if we have an environment that is vulnerable, they will email us, and
(3:42) they’ll say, you need to patch this, or we’ll patch it ourselves, so it’s that sort of multi-level support that we have, you have us sort of at the front
(3:52) line, but behind the scenes, we’ve got a bunch of techs and a bunch of technology that are making sure everything’s running great.
(4:00) Great, we always talk about that security is a multi-layered approach, it’s multifaceted,
(4:05) and I will tell you that most people understand about a firewall, they understand about email security, they understand about multi-factor, but most people do not think about their website, it’s almost the last thing that they think about with cyber security, and really it’s one of the most important things, because so many companies are relying on their website, not just as
(4:26) an online brochure, but they’re actually transacting some sort of business,
(4:30) whether they’re allowing clients to upload files or download files from the site, getting other types of information from there, so really glad that you’re offering something that can secure what could be the
(4:43) revenue-generating aspect of these companies. Right, yeah, I mean as you know, if you are impacted through some sort of breach, usually it’s the brand reputation hit that you get from that breach, that if that becomes public,
(5:02) that’s pretty detrimental to your brand, and your website is the front door to your business in many cases, so it definitely should not be overlooked.
(5:11) you should be protecting your website just as much as you’re protecting your internal infrastructure, and then certainly if you have customer data or something like that, that’s on your website,
(5:22) and most websites are at the very least even used to collect form data, so I’m, you know, a prospect,
(5:28) I come to your website, I fill out a form, they may not be a customer yet, but you are still capturing data on an individual, and to ignore that and not protect that when you’re protecting everything else in your environment, I think is an oversight,
(5:42) and it’s just so easy to do, and it really doesn’t cost that much, like to protect a website the difference from maybe $15 a month with GoDaddy,
(5:53) it might be $100 a month with a managed service plan, so you know, I think it’s worth the investment for most businesses.
(6:04) Sure, well and if you want to find out more about website security for WordPress and other sites, you can visit the Auxiom site, auxiom.com, and go to the cybersecurity section of the website and you can find the managed websites.
Yeah, appreciate it.
(6:18) Thanks for being here, Curtis. Of course.
