Matrix Group International

Month: January 2018

  • A New CMS Won’t Fix Your Broken Web Strategy

    A New CMS Won’t Fix Your Broken Web Strategy

    I read a lot of RFPs (Requests For Proposals) for website redesigns, and I sit through a lot of demos and presentations. What strikes me is the number of projects where the focus is on the content management system, and not the goals and strategy of the project.

    Why do we have such an obsession with changing platforms and technology when a “website isn’t working?”

    I believe this is because we think the problem all along has been the platform. And I believe that in most cases, this approach is wrong.

    As a technology vendor and implementer of technologies and platforms, this thinking might seem counter-intuitive. But the truth is this: web content management systems have come a looooong way and most systems do more than any organization can ever hope to use. Yep, there are differences between WordPress, Sitefinity, Drupal, Sitecore and Ektron for sure, but today, I think these differences are at the margins.

    Ultimately, the things that really matter are the strategy behind the website redesign, the ability of an organization to rally behind the strategy, a solid implementation that includes lots of training, and the quality of the technology vendor.

    If your website isn’t working for your organization, investing in a new CMS with a fancy WYSIWYG editor, drag and drop interface and complicated workflow won’t’ solve your problems. They will help, for sure, but if your content strategy isn’t in place, if you don’t make a commitment to fabulous images, you don’t have a plan for marketing your site, you don’t measure results, and you don’t have the right team in place, you’ll be replacing that CMS in a few short years.

    BTW, don’t confuse my being CMS-agnostic with the idea that once you invest in a CMS, you can let it sit as is — forever. Content management systems must be upgraded on a regular basis so you have benefit of the latest security patches, new functionality, and vendor support. I tell clients to use the upgrade process as an opportunity to reevaluate their businesses processes, get staff trained and retrained, and make optimization tweaks to the website.

    The next time you find yourself saying, “our website sucks, we need a new CMS,” ask yourself this: Is it really the CMS or does your strategy, process and/or training need the reboot?

     

  • The One Thing You Can Do Now to Protect Your Website From Hackers – Create a Strong Password

    The One Thing You Can Do Now to Protect Your Website From Hackers – Create a Strong Password

    A couple of weeks ago, there was a lot of news about a massive brute force attack against WordPress sites to install Minero Miner, Minero is a javascript Crypto miner. The attack used information from the site, like the domain name, common logins and common passwords, to try and gain access to the site.

    Let me say this again. The attack used common logins and password to gain access. This means the attack basically used a whole lot of computers to try and guess credentials. And guess what? If a site uses “admin” and “password123” as the credentials, it was compromised in about five seconds, probably less.

    So this is my regular please to please, please use strong passwords and don’t reuse passwords. What’s a strong password? My tips are below:

    • Create a long password. Some sites recommend 6-8 characters. That’s outdated information. Make your password as long as you can. My Windows password at work is 15 characters.
    • Don’t just add numbers or replace letters with numbers. DOgFi$h123 may have been an acceptable password in the past, but no longer.
    • Don’t use a common phrase from life, a book or the movies. It’s easy to think that “DoOrDoNotThereIsNoTry” is a great password because it’s really long. But guess what? This phrase exists in dictionary attacks used by hackers. Don’t use this password.
    • You are better off stringing together words that are meaningful to you, but don’t commonly belong together. For example, I was staying at the Bellagio Hotel one time and I needed to change my password. So I looked up, saw some balls on the ceiling and came up with “99BouncingBellagioBalls)).” How Secure is My Password says it would be 15 octillion years to guess this password, which I don’t believe, but you get the point that this password is strong because it’s long, it’s got a combination of upper case, lower case, numbers and non-alphanumeric characters. And yet, most importantly, this password was easy for me to remember. I will sometimes string random English, Tagalog and French words together and add in some numbers in the middle of the password to create a strong password.
    • Use a password manager. No, Excel is not a password manager, especially if the file is called passwords.xlsx. A Word doc is not a password manager. A spiral bound notebook locked in your house is much safer than an Excel file on your laptop or share drive. Instead, use a manager like LastPass, KeePass, 1Password or Dashlane. At the company level, use an enterprise password manager like Secret Server (which Matrix Group uses as a company.) Me, I use KeePass.
    • Commit commonly used passwords to memory; let the password manager handle the rest. Me? I remember my office network password and my KeePass password. For everything else, I create long passwords or let KeePass generate them, and then I store them in KeePass.

    Want to learn more about passwords? I like these articles:

    https://lifehacker.com/how-to-create-a-strong-password-1797681069
    https://www.technologyreview.com/s/542576/youve-been-misled-about-what-makes-a-good-password/
    https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/

    Make it one of your 2018 resolutions to replace your passwords with strong ones NOW!