Client Resources
Hosting Information
The website development process utilizes technologies and terminologies that can be very confusing. An important thing to remember is that each term listed here refers to a completely separate service and can actually be provided by different companies or can be bundled together.
Website Development: This is the process of designing, developing, and deploying your website. This process works hand-in-hand with the other list items to ensure your website is visible online. Often the development process includes graphic design, software installation, software setup, and programming. The client should be consulted on the design elements and functionality of the website.
Website Hosting: The website needs a computer home. This is the computer that hosts the website files and serves them to visitors over the internet. These computer homes are called servers. Servers are specialized computers that are optimized for website hosting. Kristen’s Koncepts can offer hosting solutions in addition to, or bundled with, some personal and small business website development work. For banks and enterprise websites, we have hosting partners that we work with to provide you with the best website hosting for the website you want.
Domain Name: A domain name is the way that people are able to find and visit your website. The domain name for this website is kristenskoncepts.com. A domain name must be registered with a domain registrar, who typically charges a nominal annual fee to maintain the registration. While some website hosting companies can bundle in domain registration with your hosting, they are actually two separate services.
DNS: DNS stands for “Domain Name Services” and is a service that works in conjunction with your domain name registration and your website and/or email. The DNS contains certain records that tell visitors computers how to get to your website or where to direct emails. Many companies who offer domain name registration and/or website hosting will bundle DNS management but this is not always the case. It is important to make sure your DNS is taken care of by a responsible and attentive service provider.
Email: Most people are familiar with email, but how it works behind the scenes is pretty complex. For most users, all they need to know is a login to access their email account and your email provider should be able to get that to you easily. Some website hosts bundle email service with their hosting service. We also see situations where some clients use email that is provided by their internet service provider or a third-party or specialty email provider. Regardless of who provides the service to you as an end-user, their service relies on DNS and domain name registration to function properly.
Hosting Resources
Security Information
Website security refers to the practices and protocols used to protect a website from cyberattacks, including malicious actors attempting to steal data, disrupt operations, or gain unauthorized access, by implementing measures like strong passwords, encryption (SSL certificates), regular updates, and monitoring for vulnerabilities to safeguard user information and maintain website integrity.
While all websites are targets of malicious threat actors, some sites tend to be on the receiving end of hack attempts more than others. Banks, Credit Unions, and e-commerce-enabled websites are among the top websites targeted by hackers. These are exactly the sites where the protection of their users’ data is a top priority. To facilitate a higher level of security, I utilize website headers to restrict access to the site, as well as software that works similar to the way anti-virus software works on your computer.
There are many different types of attacks that need to be protected against, including DNS-based attacks, Cross-Site Scripting, SQL Injections, Phishing, Spoofing, and dozens of others. I work closely with other providers where needed to ensure your site is protected against hackers. To facilitate the highest level of protection for your website, I always install and set up a Software Application Firewall, which acts like a virus scanner and firewall in one. I also utilize invisible things that happen behind the scenes to protect your site, like HSTS Best Practices headers and XSS protections. The security measures that I utilize provide the absolute highest level of protection, suitable for financial institutions and enterprise-level corporate websites. These measures are put in place by default for all websites that I develop and/or manage. Whether your site is in the financial industry or a personal blog, you are protected!
For financial institutions, quarterly vulnerability scanning is essential! This will scan your entire website and the server where it is housed, highlighting any possible intrusion routes. The report generated from your vulnerability scan can then be forwarded to the person who is responsible for your website and server security for them to see the areas where the security needs to be shored up. Vulnerability scanning is also included in FDIC and state regulatory audits in most cases. It is a smart idea to get independent vulnerability scanning performed before your audits to ensure you pass your audit with flying colors! For financial institutions, our bank hosting partner, CBAI, offers quarterly vulnerability scanning as a value-added, included perk for their hosted bank websites. For non-financial institution websites, our server support partner, LRS, can be contracted to run independent vulnerability scans on your site.
Security Resources
Compliance
The Federal Deposit Insurance Corporation (FDIC) has several compliance requirements for websites, including:
- Clearly and conspicuously visible
- Near the top of the page or screen
- Close to the insured depository institution’s (IDI) name
- In navy blue with the word “FDIC” in that color
Using the FDIC’s name or logo: The FDIC’s name or logo cannot be misused.
Advertising statements: Banks must comply with the FDIC’s regulations regarding advertising statements.
Website Policies: Website policies must include information about:
- Objectivity
- Utility
- Integrity
- Influential
- Reproducibility
- Transparency
- Encryption technology
- Strong passwords
- Firewalls
CMS: WordPress
WordPress includes a template system, plugin architecture, and a user-friendly interface. It can be used to create a wide variety of websites, from blogs to online stores, enterprise website applications, and more. WordPress is the most-used CMS, powering 43.1% of the top 10 million websites as of December 2023. It is ideally suited to such a wide variety of websites because of its flexibility in appearance and the varying array of tools, called plug-ins, that extend the functions of the website itself. The WordPress software is designed to facilitate easy content updates with a intuitive content publishing interface that many of my clients feel comfortable using after an initial training session or two, enabling them to update their interest rates on a daily basis and publish articles once or twice a month for their customers to read.
Website Maintenance and Updates
Just like your computer and phone, your website runs on software that needs to be updated regularly. The software publisher releases updates but it is up to a website manager to install those updates and to ensure the site is functioning properly after the update.
There are different types of updates that are generally released: non-vital and vital. Non-vital updates consist of updates that change cosmetics, address small bugs, or add small new features. These updates can be installed as soon as they are available but may be delayed until it is more convenient to install. Vital updates consist of core software function changes, security updates that address vulnerabilities, and major bug fixes. All vital updates should be installed immediately after they are released by the publisher to maintain the security and viability of your website.
I offer a Maintenance and Updates service agreement at some of the most affordable prices on the market, especially for the service that you receive! Most developers may offer a maintenance and updates service, but they generally only check your site for updates that need to be applied once a month. I do not feel that is nearly often enough! For a very nominal fee, I will check your website and perform all necessary maintenance and updates a minimum of 3 times a week but usually, it happens every business day, so 5 times a week as opposed to once a month. In addition to installing software updates, I perform website filesystem backups and run security scans. I can also include a few small content updates for your site every month, like holiday closure announcements or publishing articles for you. Entering into a Maintenance and Updates service agreement is the easiest and most cost-effective way to ensure your website is always kept up to date, scanned for threats, and kept in the best shape possible without having to hire an in-house technician to handle it for you.