A Scary Website Story for Halloween

Members started calling to complain that they were getting a messageYour connection to this site is notsecure”when they visited the association’s website.It grew to a storm of complaints, but it was the report from a major donor threatening to cut off funding because they had received a routine security scan report that showed the website was not securethat led toaction.

Scary Website_social_mediaAn angry board meetingquickly followed. Something had to be done,and it fell on the head of marketing and communications to fix it, and fast.

It seemed like an easy fix – just get the hosting company to update the Secure Certificate on the website.(It used to be thata simplesecure certificate, or SSL, was what you needed. Butnow the industry standard is theTransport Layer Security, or TLS.The most current version of TLS wasdefinedin August 2018, but for now the acceptedstandard is still TLS 1.2.)

Website_not_Secure-1

Is itenoughtojust install TLS 1.2 and be done with it? No, TLS 1.2 may not be compatible withthe underlying software that makes up your website.The hosting company reported that in order to install a TLS 1.2 certificate, you would need to upgrade the software running the website.And that could takeweeks. By that time, the zombies will have taken over.

In this case, the problemwasthat the organization had not updated their CMS in years. They were runningthe popularKenticoversion6, and Kentico 6 is not compatible withTLS(Kentico 12 is the most current version.)Like most software products, there are layers of other components used to create the product. The Kenticoproductis built on Microsoft.NET framework and in sticking with an old version of Kentico, this organization was also sticking with the underlying software that was woefully out of date and not supported by the related vendors who developed the software.Kentico no longer officially supports any version prior to version 10.
{{cta(‘6d5b719a-7293-4d0b-b7ef-79bb90cfa08a’,’justifycenter’)}}

Trick or Treat!
Of course, the associationneverbudgetedfor maintenancerelated to the website software. All of the support funds go to contentand designchanges throughout the year.Any upgrades to Kenticoor any other underlying softwarewould have to be funded from a new source. While saving money, the association put itself in the unfortunate position ofnot staying current. It is a lot like nothavingenoughcandy when the trick-or-treaters come around.Now the upgrade is not a quick fix. Upgrading to the most current version of all the software could be quite extensive, and expensive.

Baby Steps or One Big Step?
Should the association upgrade from Kentico 6 to version 7, then to version 8, then to version 9et ceterato gettothe least disruptive and least costly upgrade that is still supported and compatible with TLS 1.2? Or is it better to just bite the bullet and upgrade to Kentico 11or 12in one big step?

The problem with letting your software fall this far out of maintenance is thatleapingfive versions forward is likely to cause everything to break. It isunlikely that a big step forward will work due to the changes and underlying software updates, as well as the impact on third-party applications.

Upgrading in baby steps is not particularly enticing either – essentially they would be upgrading five times, one after another. That is the most expensive approach and likely to cause the most headaches.

Is There a Good Answer?
The marketing and communications chief felt that just switching to a different platform was the most logical answer and chose a popular inexpensive solution – just switch toWordPress! Unfortunately, she did not think through the functionality thatled to the selection of the full-featured Kentico CMS in the first place. Switching to WordPress guaranteed that the support team would need to learn a new platform, but the loss of features for marketing to the association’s members was a loss that had a real impact on the organization’s ability to communicate and track member engagement through analytics. With WordPress, the association was left with Google Analytics and while that is not such a terrible result, it has none of the marketing automation features that led to choosing Kentico when version 6 was the current version.

Happy Ending
As it turns out, the cost of upgradingthe entire sitefrom version 6 to version 11wasn’t such a big deal after all. The cost of the upgrade was well worth the peace of mind that the website was secure, and that member data was well protected. Comparing the cost of redoing the entire websiteon a new platform, including changing the connectors for the third-party APIs and integrations,retraining the staff, dealing with design tweaks, and considering new functions that would need to be provided by another method,the upgrade turned out to be the least costly answer.

The marketing and communications chief now budgets for upgrades of the software every year and there are no more skeletons in the closet. The moral of the story is that a website runs on software and that software needs to be kept up to date along with everything else. While it might be OK to not upgrade every year, skipping versions will eventually catch up to you. In this case, the site really was at risk because of security problems.

Working with ATS is a breath of fresh air. ATS takes our information security concerns seriously and advises us how to avoid potential pitfalls with both hardware and software. We are beyond thrilled with ATS and only wish we had selected them a year earlier.
Joseph A. AppelbaumPresident & CEO, Potomac Companies, Inc.
ATS has been our trusted partner in recent upgrades we have made to our IT infrastructure and cyber security. Their account management, project management, and technical teams have all provided top-notch service, guiding us to make informed decisions, managing timelines for multiple projects, and most of all, listening to our needs and making recommendations based on our unique work environment. During the transitions, they have kept us operating smoothly and provided quick and helpful support through their Help Desk.
Amy GavinNutrition.org
I just wanted to take a moment to reach out and thank you for the excellent service you and your team have provided with the hosted SEIM solution. AlienVault is great, but the real value comes from your partnership. The appliance would not do nearly as much for us without your monitoring and consulting services. You have always been on top of things and there for us whenever there is an incident. I feel confident in that our network is secure and I am able to report that our board and clients with full assurance.
Chris HansfordEducationWeek.org
Previous
Next

Related

Top Security Predictions for SMBs in 2017

As technology continues to make the world ever more interconnected, 2017 could mark a significant shift in cybersecurity threats that small and medium-size businesses face.…

The Road to A Truly Semantic Web

Some of you might have heard about the Trees of Mystery in Klamath, California. A 49-foot Paul Bunyan and his 35-foot blue ox – Babe…

HQ
2751 Prosperity Avenue
6th Floor
Fairfax, VA 22031
Map & Directions
Phone: 703-876-0300
NY
140 Broadway
Suite 2410
New York, NY 10005
Map & Directions
Phone: 888-876-0302
Previous
Next
Contact Us
Linkedin Twitter Facebook Youtube

© 2023 American Technology Services, LLC. All Rights Reserved. Privacy Policy

Scroll to Top