cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Manager

An Agency's Guide to Website Security - GoDaddy Pro Webinar

We wrapped up our October security month events with Krystle Herbrandson 's security strategies for web agencies. 

 

Here's what we learned:

  • The agency's role in website security
  • Why security is important for both the agency and their clients
  • How to create an ongoing website security process
  • Methods for delivering security to clients

 

Watch the recording @GoDaddyPro on Twitter

 

In  case you missed it, here's a quick recap:

 

What is the agency's role in website security?

  • The web agency is a trusted partner that clients rely on for information and education.
  • Agencies have the ability to impact the state of website security.
  • It's the ethical thing to do.

 

Why is security important?

Business Impact

  • Brand: Websites are a critical part of brand reputation. Loss of trust can drive audience to look for other alternatives.
  • Economics: Compromise can result in 90% drop in traffic. The cost associated includes time and money spent on tools to correct the problem.
  • Emotional distress: Compromise causes customers to panic. They are confused about who to talk to (web developer, hosting provider), and they can get angry. It erodes their trust in technology & the people they've employed to get their business online.

Technical Impact

  • Website blacklist: Getting blacklisted by web browsers deters site visitors.
  • SEO impact: Lack of trust, loss of traffic, and loss of domain authority can affect your standing online. 

Have a risk management plan

"It's about risk reduction, not risk elimination."

 

Identify

  1. Identify your client's needs (PCI compliance, etc.)
  2. Take inventory (domains, plugins, themes)
  3. Web host (shared or dedicated?

Protection

  1. Mitigate risk and make a plan to respond to worst case scenarios
  2. Reduce attack vectors (access control, hosting, software vulnerabilities)

Detect

  1. Watch for indicators of compromise (downtime, DNS changes, WhoIs changes)
  2. Be aware of front end issues
  3. Keep an eye on server & core files for malware signatures and file integrity

Respond

  1. Isolate the site
  2. Remove all malicious code
  3. Clean hacked database files
  4. Submit for blacklist removal
  5. Verify all admin user accounts
  6. Change all passwords
  7. Have a team ready to respond

Recovery

  1. Harden the site and patch vulnerabilities. The "Identify" step can help you find these.
  2. Rebuild the SEO
  3. Repair customer relationships. Being able to explain what happened goes a long way.

 

How do I deliver security to my client?

Proactive approach

  • Security is a continuous process, a part of ongoing maintenance.
  • Provide 3rd party security tools as a managed service.
  • Give guidance and education to your client.
  • Refer your clients to a trusted vendor if you don't want to do it yourself.

Reactive approach

  • Respond to issues as they arise.
  • Have a plan in place on how to respond because you can't eliminate all risks.
  • Use this as an opportunity to demonstrate value in a proactive approach.

Working with a 3rd party security provider

  • Do your research on tools and platforms to find one that best meets your needs.
  • Test the platforms before going live.
  • Understand your needs.

 

Security is a continuous process.

It's not just about technology, but people think of it that way. Without people and processes, it doesn't work. Security should be part of every stage in your project lifecycle.

 

Upcoming Events

We have more virtual events and meetups coming up with subject matter experts, industry leaders, and some familiar faces from the community. You can find them all on our new GoDaddy Pro Events site!

https://proevents.godaddy.com/

 

Angela B - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.
1 REPLY 1
Super User I

Thank you for sharing the informative post, @Angela_B !


Very Respectfully,

Drew Davis
Navy Veteran and Entrepreneur | GoDaddy Pro user | "Proud to be serving others!"

*** Please note that I offer free advice on this forum. Please feel free to give me KUDOS on this topic/discussion; mark my comment as ACCEPTED SOLUTION if you believe I've helped solved your issue. Thanks! ***