A client recently forwarded to me an email he received from his hosting company (no names mentioned but you all know of this one, and their constant upselling techniques). The email indicated that a routine security scan had detected potential malware on his website. Please reread that sentence…we’ll get back to it later.
I called the company behalf of my client and they simply repeated that one sentence before quickly launching into the recommended action to be taken, for a fee, stating that it would rid the site of all malware within 30 minutes and continue to scan weekly for future incidents. The cost for this piece of mind for one year was ONLY $250 (guess what? That means it will cost another $250 next year). If you’re in a position to toss that kind of money around, you need not read any further. However, because work with small businesses (by choice, I simply love them), my clients can’t afford to spend that kind of money on anything that isn’t necessary.
The representative went on to tell me that the site doesn’t have an SSL so every time someone logs in to the admin panel to add content, change a photo, etc. we are doing so in an insecure way that may allow Malware in. I deferred on the purchase of their Express Malware Protection which was also offered with “a free SSL (a $70 value!!!)” saying I was not authorized to make such a decision without prior client approval.
Now, let’s go back a bit to their original notification that a routine security scan had “detected potential malware” on the site. Note the word “potential”. Not verified, not definitive…just potential. I contacted Jennifer O’Neill of MoxDog Media Solutions, a trusted web designer that I’ve used a number of times, and who designed this client’s site about a year ago. I sent her the report which included approximately twenty links that “might potentially contain malware” and discovered they were all in a folder that contained files from the previous website, simply for reference while working on the new one. We no longer needed this folder so she simply deleted it; problem solved and money saved.
I read her the notes I took during my phone conversation with the representative from the hosting company. Here’s what she told me…
If your website it designed to collect client information then yes, you want a secure connection. However, despite that this client accepts payments through his site, information is not collected there, but instead, his customers are taken to a third party secure site for that transaction. (To be sure you are on a secure site for such transactions just look for HTTPS in the URL. If it’s not there, don’t use it).
Jennifer further explained “Google is locking down sites and their goal is that ideally, in the future, all websites will have an SSL, but at this time they are not enforcing it. Armed with this information, some hosting companies are using scare tactics to get customers to purchase added products and services”. Let’s face it, all it takes is words like “Malware” and “hacked” paired with the suggestion that your site is not secure to get many customers to pony up the extra cash.
Should you receive an alarming notice from your website host (or any other opportunistic entity), followed by a pitch to purchase added products and services, tell them you are not authorized to make this decision (it’ll buy you some time). Before hanging up, be sure to ask lots of questions and take notes. It’s always a good idea to check with an impartial third-party expert on the matter and these notes will be helpful. Should you get an SSL for your site? Perhaps. Do you need a weekly Malware scan of your site. Maybe. But I want you to make those decisions based on facts, not out of fear.
I should note, the company in question provides wonderful customer service and great prices on hosting, but business is business and they’re looking to increase revenue. As with anything, always remember, “Buyer beware”.
To read more about SSLs and the benefits and disadvantages go to https://www.sslshopper.com/why-ssl-the-purpose-of-using-ssl-certificates.html.
Reproduction or use of this article in anyway must credit the author, Debbie Bolduc, and business, BizBuzz Marketing Partners and provide a link to this site.