Disclaimer: This is not a political post!
In case you don’t keep up with the news, this past weekend was not great for Rudy Giuliani.
The former mayor of New York City was appointed to be a special advisor for cyber security by the incoming president. At some point shortly thereafter, tech media and security enthusiasts dug into Rudy’s background in terms of security and found his company website (along with giulianipartners.com).
You may find while reading this post that those websites are not loading. The reason is because the media has uncovered that the websites are massively insecure.
Now, I could go on and on talking about the ways you can secure a website. In this case, many of Giuliani Security’s problems were caused by simply being so outdated. The CMS on which the sites were built, Joomla, was released almost 4 years ago and not updated since it was initially installed. And the core software that runs underneath Joomla, such as PHP, was not up to date either in the case of these two sites.
In fact, a firm focused on cyber security had published a list of at least 40 or more vulnerabilities on just one of Giuliani’s websites. That is a pretty large amount for a simple marketing/awareness website.
Why would something like this happen?
Well, there are a few possible reasons. First, they may not have cared enough to check. Maybe they had a “web designer” build them a website and assure them it was safe many years ago. Obviously, the site design indicates that it hasn’t been updated in many years. Hacked or not hacked, the site wasn’t doing much to enhance Rudy’s credibility on the subject matter. So in this case, it could have been pure laziness.
Or perhaps they didn’t know. Perhaps they really had no idea that this could be a possibility or that they had to keep it up to date. Which, given the firm’s focus, is pretty alarming.
Another possible—and common—reason is that they were just cheap, which is unfortunately something that we see on a pretty regular basis. Companies assume that websites can be set up and forgotten, but that simply isn’t true.
Much like any other living, breathing piece of property, websites need to be cared after and kept current, or bad things can happen.
Any of these scenarios are horrible from a corporate/PR perspective. On one hand, they were either lazy or cheap. On the other, they were dumb.
Would you seriously consider hiring this organization after this type of embarrassment to consult with your company?
Of course you wouldn’t.
From a cost benefit analysis, it makes sense in all cases to keep your site up to date and secure. It makes even more sense to build on scalable and secure platforms in the first place. Think for a second about the lost revenues from an issue such as this. Is it in the hundreds of thousands? What dollar amount would you place on avoiding a disaster like this?
Ultimately, Giuliani’s reputation and his business success probably won’t be affected much because of this mishap. He is a highly public figure and has a long track record in law enforcement and politics. At worst, this is just a PR crisis for him that is already working its way out of the news cycle.
But if this were to happen to you, how would you be affected?
Look at it from a personal, micro level: Would your job be safe if you were in charge of overseeing the security of your website and it was compromised? Is there really any reason you are avoiding keeping your website up to date?
If/when your site is hacked or compromised, what will your story be to those who will be forced to handle the cleanup?
And on the macro level: Is your business prepared to be able to handle a PR nightmare similar to what is happening to the former mayor? Can you recover if your competitors get wind of your lack of preparedness and care, using that on every single sales call their team makes going forward? You hear about stories of hacks literally every single day. Do a Google News search and see for yourself.
If your business is in security, SaaS, banking/finance, or any other trust-based industry, you MUST take appropriate measures to secure your website. An embarrassment like this can put a business…well, out of business.
Likewise, if you are a public figure or have some level of concern about your public persona, security must be your first concern. Not web design or usability—safety and security.
Luckily, there is technology available today that allows you to control your website in a safe, secure, and scalable way. The investment can be considered an insurance policy. Let us learn from the mayor—protect yourself, your business, and everyone’s reputation around you by making the decision to take security seriously.