Select Page

A Story About… The Importance of Keeping Your Technology Up To Date

by | Aug 18, 2015 | A Short Story About | 0 comments

Today I wanted to share a short story about the importance of keeping your technology up to date within your business and the consequences if you heed to take notice of this advice. Far too often within business, business owners and employees have an approach of “do it once and forget about it”, well with technology, this approach is doomed to failure and can cost your business a lot of money in the long run.

 

Computer Hardware

The first recent example relates to a business whose computer equipment wasn’t as up to date as it should have been. The hardware was around 3 years old, which on a laptop by this time the performance has already started to significantly degrade from when you first bought it, and the software simply hadn’t been managed well during this time either.

 

 

While this is a recent example, this same scenario we have seen multiple times before with businesses of varying sizes so this is certainly not uncommon which is why we want to stress the importance of keeping your technology up to date. Avoid going through the same frustrations others businesses go through by implementing a common sense approach to maintaining your technology on a regular basis.

Firstly, running your business on slow computer hardware can significantly impact the performance of you, your staff and your business as a whole. For example, I recently heard a story from a reputable source which went as follows; UPS would save $1,000,000 of costs for every 60 seconds per day of time saved for each of their delivery drivers globally. When you start to add this up over the year, this is an enormous amount. Knowing this, they spend a significant amount of time, money and resources in optimising delivery routes using technology which is ultimately designed to work towards reducing the time it takes drivers to deliver parcels. Based on this, they implemented several interesting technologies designed to reduce wasted time. They placed a Bluetooth fob on each driver and connected all devices to the cloud. What this meant is that when the delivery driver had stopped at the next delivery point, known based on the GPS location, and they turned the engine off, the rear hatch of the van would open automatically, saving precious seconds of wasted time. As the driver walked up the garden path to deliver the parcel, if the package had not been signed for on their handheld device, this was a signal that the back of the van needed to be opened again automatically as the driver returns to the vehicle so the package can be placed back into the van, again saving precious seconds. Then finally, as the driver returned to the front of the vehicle, the engine would automatically start to save a further few seconds. Based on all of these small time savings throughout the day, UPS found that they would save 17 seconds per driver per day by utilising technology to drive efficiencies within the business. Based on the savings they make per 60 seconds, it is clear to see how this significantly impacts the bottom line. Whether this story is 100% accurate or not isn’t the point, this is a believable story about a company of this size. Regardless of the accuracy of this particular story the point is still valid about companies utilising technology to improve the business as a whole which is true in endless organisations.

Now I’m not saying that your business is going to go to these lengths to optimise your business but when you look at the computer hardware running in your business and ask yourself, is it helping or hindering your business and employees? Remember, there is no middle ground. A slow running computer results in staff sat there waiting for technology to keep up with them which is extremely inefficient and can cost a significant amount of money over time;

  • 60 seconds per hour wasted
  • 8 minutes per day
  • 40 minutes per week
  • 2.6 hours per month
  • 34.6 hours per year
  • X the number of employees

What is a week of time worth to you, your employees and your business as a whole? I can bet that it is more than the cost of upgrading the underperforming technology within your business!

Now this isn’t just about cost savings, but imagine what you could achieve in a week. Having an additional 2% of time available per year per employee, I’m sure you could achieve some amazing things. New customers, new processes, technologies, investments within your business, additional revenue and more.

The same is true for website technology. There have been countless studies proving how website speed directly impacts the performance of your website, particularly ecommerce and can show significant improvements in conversion rates and revenue based on technology improvements.

Skimping on your hardware is only costing your business money, just in ways that aren’t as clear to see. You either choose to do something about this and get the right technology in place that you need, or you choose to “put up with it for another year” and cost your business money.

 

Computer Software

Along the same lines as computer hardware, it is imperative to keep your computer software up to date. This is the software that you are using on a day-in-day-out basis which is powering your business. We’ve seen organisations still using Windows XP which is no longer supported from a security point and businesses running 5 year old software because they haven’t made the small investments of generally less than £200 to upgrade their software.

 

Computer Software

 

To put this into perspective, the same situation occurred with two businesses recently who were running outdated software on the computer. When it came to upgrading a completely separate system, their business email addresses, then integrating this into their current desktop software of their choice, the result was nothing but problems with their computer software.

What should have been a 2 minute job to integrate the two together turned out to be hours worth of work from both parties testing various solutions to fix the desktop software to work as it should do. Again, hours of wasted time for all involved because the wrong technology was implemented from the start, configured by someone who had no idea what they were doing and working form software that is now almost 6 years out of date.

Within business the decisions are simple, you either do the right thing, or you choose not to do the right thing. We see time and time again the cost of bad decisions when it comes to technology which is why we try and educate businesses to working with the right technology from the start to save them money.

We aren’t an IT support company, there are plenty of great IT support companies around who do that far better than we ever could. That being said, as we are in the technology industry working with leading edge technologies, we come across a lot of antiquated systems before we get around to upgrading them which often requires us to cross that bridge into the IT support world to integrate systems together.

 

Website Technology

Again, along the same lines as the several examples already given but now looking at website technology. A story about a businesses who required serious security updates to their WordPress website. On first glance, this sounded like an hour or two’s worth of work which was explained with the caveat that we would need to take a look at the underlying technology in a little more detail before we could provide an accurate estimate of the work involved.

 

WordPress Logos Page Header

 

Lo and behold, the same bad decisions in a different area we see time and time again. This time, the decision around 3 years ago was to purchase a cheap WordPress Theme from one of the many Theme Directories / Marketplaces on the web. This was likely an innocent decision to purchase a $49 theme “because it looked nice”. The realities of this meant that it was not possible to upgrade their system in the expected hour or two’s worth of work. Instead, this was looking like 4-5 day’s worth of time to implement the right solution and patch the security holes.

I won’t bore you with the finer technical details of this, so suffice to say that the problem lied with purchasing a poorly built WordPress Theme 3 years ago. Due to this, certain key ecommerce technologies and core WordPress files once upgraded would actively break the website, essentially closing the digital doors of your business and turning off your revenue stream. So it was either leave the website open to hackers by not patching known and commonly exploited security holes, or, making the essential upgrade to the right solution.

All of this can be avoided when you are working with the right digital agency and you select the suppliers who are adding value to your business. I’d urge you to consider the longer term impacts of the technology decisions you are making today. Time and time again we see bad decisions made with businesses having to spend a lot of money fixing problems instead of implementing real solutions to grow their business. For us, this is part and part of what we do, what we enjoy and ultimately what we get paid for. We would much rather be focusing work towards implementing technologies within your business that are going to take your business to the next level rather than fixing problems caused by poor decisions years ago. We do both thankfully and I can honestly say that the clients who see the greatest returns from their investment in digital and technology are the clients who make the right technology decisions time and time again. I’ll never forget a phrase an old colleague once said to me and it couldn’t be truer in this scenario, “Quick wins lead to long losses”. Think about that.

 

Solution

Ok, so we’ve talked about the problems that poor technology causes and given a few prime examples related to this. So what next? How do you keep your technology up to date without spending an arm and a leg every month? Well, it’s actually relatively straight forward and only requires a strict procedure within your business or from your suppliers who actively maintain the core aspects of your business;

  • Hardware Technology: Keep it up to date! Slow hardware costs money in terms of staff time, unproductive time, missed opportunities and more. Invest in the right equipment to do the job. You could eat soup with a fork, but it’s probably best you use a spoon…
  • Software Technology: Keep it up to date! Patch software and update as soon as possible after the improvement has been announced. Don’t delay and don’t wait years before upgrading. Out of date software causes a lot of problems and makes any integrations harder to work with. There is only so much you can do with the digital equivalent of Gaffer tape…
  • Website Technology: Keep it up to date! Particularly when using popular open source software and 3rd party plugins, it is imperative to keep your website up to date purely from a security point of view to update core files, plugins and themes. Beyond this, regular website maintenance packages and continual improvements allows your website to be ever evolving and working for your business. So rather than seeing your website as a cost look at this as a digital asset worthy of investing in.

You may be noticing a trend here….keep your technology up to date or it will cost your business money further down the line. If you would like an informal conversation about how we can work together to keep your technology up to date then get in touch. Our focus is on digital marketing, online technologies and software integrations so if you need any IT support then if you don’t know of anyone who does this just drop us an email and we’ll be sure to point you in the right direction of a few great companies. If you’re looking for a sounding board for your technology decisions within your business we are more than happy to talk and have starter packages designed to give your business the expertise it needs to grow through our Digital Lifeline packages.

A Short Story About… A Poorly Designed Website Allowing Anyone to Register as an Administrator Without Validation or Authorisation

by | Jun 10, 2015 | A Short Story About, Security | 0 comments

A Short Story About… series, sharing stories about epic fails related to digital marketing, web design, technology choices and more. All designed to make you aware of what can happen when you work with the wrong people and an inexperienced digital agency. Remember the importance of working with the right digital agency.

Sharing these real life stories with you allows you to review your own setup to make sure you aren’t making the same rookie mistakes. Sharing is caring and it also makes our life easier when you speak with us about increasing your revenue through digital marketing and technology.

 

Look at our new shiny website!

The story starts here…. We received an email from a business owner who mentioned that they had passed on our details to another business owner related to some work that they needed support with. Nothing too strange here, we get this all the time.

Naturally, when we receive requests such as this, we have a quick nosey around to get a feel for the website, digital marketing channels, technologies in use and more. Based on this quick analysis we soon get a feel for where the business is at when it comes to how digitally advanced they are, or aren’t, as the case may be.

Having already heard of the business that had been referred to us, we already knew that the website was in development with another agency (sorry, we’re not going to name and shame here, but we shall say that they are local to us…). Based on this, we had a quick look around the new website;

 

Poorly Designed Website X

Website X

 

Initial Investigations

One of the key areas we investigate is to see what technology the website has been built with and ultimately decide if we even want to get involved with helping the business. Depending on the technology used and other factors, we often turn down work that is just too far gone to help and there is no budget for a complete rebuild. Often bad decisions in the past can lead to costly solutions in the future, often which businesses don’t have budgets for re-doing something. Thankfully though, there is generally something we can help with in one way shape or form.

We always recommend the right solutions for businesses, it’s unfortunate that this ethos isn’t the same for all agencies, with many often using poorly configured technology, custom built technology and everything in between. Hence, why businesses come to us when things have gone wrong elsewhere and they are looking for a good solution that is truly suitable for their long term needs. As a caveat, there are a lot of good agencies around alongside ourselves and we can quite happily point you to them. It is also true, as many businesses are painfully aware, that there are a lot of charlatans around too.

So, while investigating what technology was powering the website, we soon noticed a login button on the website;

 

Login Button Website X

 

So we had a quick look at the login page to see if this resembled any of the common content management systems around;

 

Login Page Website X

 

And what do we see here, a nice “Register” button, so we investigated a little further;

 

Register Page Website X

 

Ooohh, that looks like a nice easy registration form, so we tested a little further…;

  • Username: test
  • Password: test123
  • Confirm password: test123

Surely any content management system or website worth it’s weight in salt would handle guest registrations in a graceful and secure way? Well, no, and this is where we were really shocked to see how bad this system has actually been built in terms of security. After registering a user using the form available on the website for anyone to see, we went back to the login page from earlier and tested these details;

 

Manage Pages Website X

 

And here we are, straight into the administration area where we can edit the content of the website as we choose. Adding content, deleting content, uploading images in the gallery, addling links to websites of our choosing and more. To test that we do indeed have the right privileges, we added (and then immediately removed) a piece of content to the website which was visible once we updated this;

 

Edited Website Content Website X

(Click for larger view)

 

The above isn’t the actual content that was added to the website for obvious reasons. It was simply a number “1” which was added to one of the sentences then removed immediately. The above image is purely for illustrative purposes and to emphasise the point.

It is extremely worrying that a website can be built with no security in place at all. This process took no more than 5 minutes to investigate, test and access the admin area. Imagine what we could do in 10 minutes…

Now if someone came along who had an axe to grind or was looking to infect websites with malware and other code, this would be extremely easy thing to do. Not only could this result in the website being blacklisted from Google, your own website visitors and customers could be infected with viruses or your website could be (unknowing to you) part of a bot net that is hacking many websites around the world.

This blog post is not designed to show how good we are when it comes to identifying security issues related to websites (although we aren’t too bad at that…), this blog post is designed to highlight how easy security issues can occur when you are using either the wrong technology, incorrectly configured technology, sloppy web developers or an agency who clearly has no idea what they are doing.

For any website or web application, security should be embedded from the start of the project and clear testing throughout to ensure that only those who have access to the administration area do have access to it. Security is not an added extra, this is your own business and website that we are talking about. An area that you have clearly worked hard on and one that will no doubt have been a reasonable investment. Don’t get caught out with rookie mistakes.

Imaging if the administration area contained a list of all of your customers who had registered with your website? Or if this contained personal sensitive information in unencrypted form, names, email addresses, phone numbers or heavens forbid credit card details? Such a simple mistake can turn into an enormous problem. All preventable when you are working with the right people who have the skills, knowledge and experience to do the job properly.

 

Technology

For reference, the technology behind the website in this case study was running the following;

  • IIS 8 Web Server
  • Net / ASP.Net MVC Framework (this is where the problem and solution lie, allowing anyone to view the user registration page and allowing the default user to be created as an Administrator)
  • Google Hosted Libraries
  • jQuery
  • Fancybox

Incorrectly configuring technology is one of the most common pitfalls related to website security. It is so important that you are working with a well-respected company who have staff with a wealth of experience and capable of preventing issues like this occurring.

 

The Solution

Throughout this blog post, the company has remained masked and is not identifiable in any way for obvious reasons. The company has also been notified and their agency is working on a solution as a priority. We believe in responsible disclosure, which is why we have published these findings, to avoid others falling into the same trap.

For reference for the developers working on this solution, if any pointers are needed, a quick Google search for the solution came up which may be quite useful;

Please also have some form of robust security processes in place within your business to prevent this happening again in the future. Please also check all of your other clients who you have built websites for in this same fashion, as this could also need fixing on their website too. Again, it is extremely simply to gather a list of websites built by the same agency where this problem could also exist;

 

All Other Websites Possibly Open to Attack

 

For anyone looking to do harm, this could turn into a reputational nightmare for the agency involved along with causing all of the businesses involved an awful lot of lost revenue if this was exploited fully by a hacker before a solution was implemented. Staff training, for both technical and non-technical users is key in this area to ensure that problems are identified before other people find them and exploit them.

 

Summary

As mentioned at the start, it is essential that you are working with the right digital agency who is capable of delivering projects in a secure fashion. Simply working with the cheapest company, the company who can talk the best talk or the company who manages to convince you that their solution is the best one over all of the others just isn’t going to cut it. As a business owner or decision maker, it is ultimately your responsibility that you are working with well-respected agencies who know what they are doing.

If you are concerned by the contents of this blog post, if you are questioning your current supplier or are generally concerned about the security of your digital assets, then get in touch. Cyber security is a hot topic for a reason, it is hugely important to protect the future of your online presence and more.

The learning point: Ensure your website registration process doesn’t allow new users to access parts of the website they shouldn’t. In this example, using a well-respected content management system would have prevented this issue altogether. Many website builds do not require any fancy custom built content management system solution, popular platforms such as WordPress or Magento are often perfect for the job.