Your home care website is an essential part of your marketing. It's the place that seniors and their families first experience the difference that you offer. Like a salesperson that's available 24/7, your website is the hub around which you should be building both marketing and caregiver recruiting. If that critical online resource becomes a risk for seniors, it threatens their security and your business.
Because you understand the vulnerability of your clients when it comes to scammers, you'd never intentionally use marketing approaches that could make it easy for cyber criminals, but that is exactly what thousands of home care companies are doing. It may be happening through your website.
When your website becomes a threat to seniors
If you're wondering how a website can be used by hackers to defraud your clients or other seniors, here's how: First, they hack into your open source website, establish a page that you don't know about and may collect user names from your staff or clients. They then use that page to masquerade as you. They may also insert themselves in between your website and the outside web services that you use for collecting payments, offering support or any other function. In either case, it allows them to collect personal details from trusting seniors under the guise of your brand. The outcome? Seniors can lose their private information, and hackers can gain access to their financial resources, homes, and credit.
This threat is most common when you are using open source software like WordPress which is a common choice for home care agencies. WordPress is vulnerable because it relies upon many layers of software, all of which are created and maintained by different people. While the idea of open-source software is noble, it is an ideal setting for cyber criminals. The hackers can even create or alter some of the software that your website runs upon.
Even though you don't keep financial information on your website, hackers can still use it effectively. While most home care agencies don't keep financial data or credit card numbers on their website, the scenario described above which leads to phishing is very common. Hacking your website can also reveal the passwords and login patterns of any staff who use the website, giving hackers inroads to the rest of your care management, financial management and credit accounts.
What can be done to secure WordPress websites?
While there are prudent steps that must be taken if you have a WordPress website, there is an economic scale that must be applied. Should you pay for expensive hosting, constant updates and the specialized security that is required to secure your WordPress website? Or should you simply look for a way for someone else to be responsible for that ongoing security burden? The truth is that very few businesses who use WordPress have the staff available to manage the security required, and many web designers neglect to make this mandatory. Just ask your web providers if they have "hardened your WordPress installation?" Or, just enter your domain name followed by "/wp-admin". If a login screen appears, the website has not been hardened, and you'll have your answer. You are vulnerable.
The secret behind how to secure a WordPress site also points to a superior solution
What prudent WordPress owners do to secure their websites is to find SaaS hosting. SaaS hosting is "software as a service," which outsources the upkeep, security and maintenance of the website to a professional provider. The problem is, most of the SaaS WordPress hosting leaves the essential software updates to the website owner. They make it easier to identify vulnerable software, but they aren't doing it for you, and leave the burden of essential security updates on you. When those updates are not completed in a timely manner, they open a security vulnerability which is the focus on millions of WordPress hacks every year.
- In 2019, over 60% of websites were vulnerable due to lack of updated code at the point of infection. (Sucuri)
- 47% of infections included a backdoor, allowing hackers ongoing web access. (Securi)
- In May of 2020, 24,000 unique web addresses were used to attack over 900,000 WordPress websites. (Defiant)
The reality is that WordPress was never designed for the ways that it is used today. It relies upon a massive list of add-ons and plugins to do the things that websites need to do. As a result, it is a huge security risk for companies that choose to use it.
One temptation is to downgrade your website capacity to a DIY website builder. These simplistic hosting solutions offer templated websites that are desired for the hobbyist web builder or start-up business. These template website builders were made possible by cloud computing and a DIY version of SaaS, but they don't deliver the real power of enterprise computing. Home care agencies that want to grow should upscale to enterprise level software that not only delivers the security they need, but all the other benefits that SaaS software provides such as built-in CRMs, marketing and sales software.
Upgrading to an Enterprise level website won't increase your monthly costs
If you take into account the cost of all the themes, plugins, add-ons like CDNs, updates and high-security web hosting and compare that to the cost of true enterprise quality all-in-one website and marketing software, there is not a big cost difference. If you factor in the cyber insurance that you certainly need if you plan to run your website on WordPress, and the cost of staff time to keep everything up to date, you are probably saving money by upgrading. Of course that is not true if you plan to run on the least expensive (and most vulnerable) WordPress hosting.
By upgrading, you stand to gain in three big ways:
- Your security, website performance and the quality of the website experience for your customers will go up dramatically- more people will find you online.
- Staff focus can be moved from updates and security concerns.
- You can gain important new functionality that will improve your marketing and the personalized way that you reach out to buyers as they consider your company.
The good news is that your website can be quickly transferred away from WordPress in a pain-free manner.