Blog Is Your Website Working? Are You Sure?

What could go wrong?

Internet-facing systems such as websites can experience a number of issues, including:

• Software updates – Many websites consist of a main content management system, such as WordPress, with a variety of plug-ins used to provide critical functions such as ecommerce, tax calculation and multi-currency. When one or more of these are updated, there is no guarantee that they will continue to work correctly together.
• DDoS (Distributed Denial of Service) attacks – It can be relatively easy for an attacker to bring your website down by hitting it with a storm of requests from all over the world, overwhelming its capacity and locking real customers out.
• Hacking – As soon as you expose a server to the Internet, it becomes the target of (often automated) attempts to test your defences and find a way to gain control over your network, in many cases as a route into your internal systems. These attacks can bring your website down.

What are the main impacts of downtime?

1.  Reputation cost – Downtime of your server or website can have a big impact on how your company is perceived by customers. If your website is down, how does that reflect on your other services? Frequent outages could cause customers to move on or not make that initial purchase.
2. Revenue loss – If you’re operating an ecommerce website this could be particularly damaging. If a customer visits your website for the first time and it is down, they won’t have a very good first impression, and are unlikely to purchase from you in the future. The more you rely on your ecommerce website for income, the bigger the impact if it is down. Similarly, for software companies, customers may move to a new provider if their experience isn’t optimal due to frequent problems.
3. Employee productivity – Downtime can take technical employees away from their usual tasks to try to resolve the problem. Often an investigation is required, which may involve support teams recovering lost data or finding the source of the issue. Additionally, your sales team may have to work on improving damaged customer relations and making up for lost sales.

But how do you know your website is down?

Unless you’re on your website or web service all the time, you may not be the best person to detect if it’s working or not. Simple tools are available to perform a basic “ping” to check that the website is there, but often it’s not an all or nothing issue; it may only be your potential customers who realise that your checkout is not working properly because of a failed update. If you’re lucky, one of them will contact you to make you aware, but this could take days and for a busy ecommerce website, that’s a lot of lost revenue.

What you really need is a way to automatically simulate the kinds of actions that your customers do all the time, such as looking at products, selecting a currency and going through the checkout process. And to do this many times a day from as many locations as possible so that you’re the first to know if there’s a problem.

We at Certikit use UpTrends and we have no hesitation is suggesting you take a look at them too. Their innovative software can monitor your website, APIs and servers from over 200 locations around the world, checking that key features are working and providing you with alerts to keep you informed and ready to act quickly if required.

How does the ISO27001 standard help?

The ISO27001 Information Security Management standard is a risk-based approach and helps identify potential issues and solutions within your business. If one of the risks identified is downtime, then you’ll be guided through how to analyse the threat level and implement solutions to lower the risk. As well as monitoring, risk treatments can often include back-ups, software update management and incorporating third-party applications to help.

As part of your risk treatment, a scheduled maintenance programme can also contribute towards ensuring that everything is being done to prevent downtime. This can include:

1. Server testing and back-ups – If your server or website does go down, it’s important to get it back online quickly. Regular checks and testing of back-ups are key to returning to business as usual.
2. Regular updates – Maintain the security of your web servers by performing regular updates and patches in a managed way. Automating security updates where possible saves time and ensures they are being completed.
3. Monitoring – Monitoring your servers can help establish if there are any red flags before the impact is seen by your customers.

Summary

Many businesses rely strongly on their website to interact with customers and make sales, and if it’s down then it can be a big problem. But knowing it’s not working as it should can be a challenge and if you’re not on the ball issues can last for days, where your customers are aware but you’re not. Taking basic precautions such as effective monitoring, backups and update management can help to address the risk and keep your organization’s reputation intact.