State agencies need to be proactive in monitoring their website’s security and functionality. By knowing what to look for and having a plan in place, agencies can avoid any potential issues that may arise with their website. It’s important to have a strategy in place to ensure that your website is running smoothly.
Here are eight things that every state agency should know about their website.
1. Ensure Your Firewall and Antivirus Is up to Date and Running Properly
It’s important to make sure that all software is up to date with patches or updates for them to run correctly and securely.
Ensure the latest versions of anti-malware, anti-spyware, etc., are installed and running on your computers and servers (if you use a server) to protect against malware and viruses.
2. Test Your Site Regularly
Don’t assume it works just because you checked it once–test it often, even daily if possible through manual checks using browsers across different platforms (i.e., Windows, Mac, Chrome) as well as testing with different versions of browsers (i.e., Internet Explorer 9, 10, and 11).
Make sure your site functions correctly with each browser type and version you support, but also consider the fact that many people browse websites using their smartphones–make sure it works across all major smartphone platforms.
3. Know Your CMS
Websites are usually built on Content Management Systems (CMS), like Drupal or WordPress; if your agency uses a CMS to update its website content (almost every state agency does).
Make sure that you know how to manage it effectively before an issue arises because if your website goes down for any reason, it could severely hinder public access to government information which is why it is vital to keep your website up-to-date.
Also, make sure you are using the correct authoring tools for any CMS you use–many user manuals can be found online, but also check if there are any specific versions that must be used with the CMS, as plug-ins or modules may not work if they aren’t compatible with the CMS’ version requirements.
4. Consider Using a CDN and Geo Distribution
If your agency uses dynamic content (i.e., forms on your site where people enter data), consider distributing this dynamic content through a Content Delivery Network (CDN), so it is geographically closer to those who view it and will appear more quickly than if it were hosted in one place such as New York.
A CDN can also help to improve your site’s security by preventing Distributed Denial of Service (DDoS) attacks. If you do not use dynamic content on your website, geo-distributing it may not be as beneficial because the load time won’t be impacted as much.
5. Invest in Archiving Solutions
As technology changes, so do websites. Websites are archived, or archived content is cached for search engine results so that previous versions of websites will continue to be available on the Internet.
To archive content, it is necessary to “freeze” the files and structure of your website at a particular point in time. Make sure you have an experienced firm doing this for you or know how to perform these functions yourself because archiving and restoring websites can be tricky and time-consuming–it’s best to make sure everything is working before you make any changes to your website.
6. Routinely Test Your URLs
Typically, URL testing is done during development, but make sure it is checked again following any updates made to the website after launch in order to ensure no unintended changes have been made–some platforms automatically update URLs when content is updated (this can be prevented by using no-history URLs).
7. Use Secure Protocols
When possible, use SSL certificates for your website to ensure that all web traffic passing between the end-user and your agency’s website is encrypted, which makes it nearly impossible to intercept or alter in transit.
If this isn’t possible due to costs or other considerations, make sure you are always communicating over a VPN connection when working with any sensitive data, like inputting credit card information.
8. Know Your Online Security Risks
Every day, new vulnerabilities are found in software–so make sure you know what they are and how to manage them when they arise by subscribing to security newsletters funded by universities or other institutions which research the latest exploits affecting open source products.
Most exploit alerts from vulnerability websites offer a patch that can be used to close any gaps in security. By knowing what these vulnerabilities are and using patches effectively when needed, your agency’s website is much less likely to fall victim to an attack because exploitable security holes will have been plugged already.
Every state agency has a website that needs to be monitored, maintained, and updated regularly. Avoid any potential issues with your site by following our 8-step checklist for safeguarding against common security risks.