This is the first in a series of articles focused on online security written by the design + code team at Floating-Point.
These days we know a lot about users on our websites. We know where they are from, what device they are using, how long they spend on our website, even what they had for breakfast … wait maybe not that but I am sure an update is coming from Google that captures that metric for us.
In all seriousness though, we feel you need to be armed with even more data these days. We recommend detailed monthly reporting on the following areas of focus (many of our clients are already getting these custom reports):
Let’s go into a little more detail about each area and why we feel you need a partner that helps you manage these areas of your ongoing internet strategy:
When we deploy your website, we install Google Analytics to help us and you correctly profile what your users are doing. The amount of detail we can gather is astronomical so we like to focus on some of the following areas to mine your traffic data for value:
- Pages Per Session
- Session Length
- Bounce Rate
- Mobile Device Usage
- Goal Tracking
All of this information, when properly analyzed together, amounts to good criteria for decision making in regards to changes and new features to add to your website. Our Sales Department regularly reviews this data to assist you in staying current with website user trends and to suggest new ways to reach your audience.
We have found one great way to combat the dark web and all the nefarious techniques they are currently attempting to compromise your website. Use their techniques against them. Shows like the now famous “Mr Robot” have shed much light lately on what is going on with illicit hackers and cyber-criminals and how easy they can compromise insecure technological platforms. Your website unfortunately falls in this area that is constantly under attack.
To keep our clients from falling victim to these exploiters, our security experts manually perform routine ethical hacking techniques on their websites (provided they are subscribed to this service) to correctly assess, correct and report on any vulnerabilities discovered. These security gaps are addressed immediately and a detailed report on the work we completed is added to our monthly report so our clients understand at a general level what is going on with their website’s security.
Your website has the following areas that are fairly easy to compromise with the right set of black hat tools:
- Content Management System (core area)
- 3rd Party Plugins (installed into core)
- Online Forms (and anywhere users can enter data)
- Web Hosting Platform (file permissions especially)
Knowing how to scan and protect your websites from all of these areas of possible intrusion is a key reason why we are selected to handle the web security needs of our clients.
For the clients we have in Ontario, Canada, the law is progressing rapidly towards stronger requirements for accessibility in your website design and code. Our developers have been implementing WCAG guidelines since they were adopted many moons ago and that’s a good thing as they are now insanely relevant to your and your customers. WCAG guidelines are at the root of compliance checks for AODA law and will be key in determining if your organization could be subject to Ontario Government fines in the future.
A little more about the origins and implications of AODA law:
The AODA (Accessibility for Ontarians with Disabilities Act) became law on June 13, 2005. It applies to all levels of government, nonprofits, and private sector businesses in Ontario that have one or more employees (full-time, part-time, seasonal, or contract). The AODA includes requirements that all organizations must meet, with deadlines specific to an organization’s type and size.
Penalties for non-compliance
The AODA give government authority to set monetary penalties to enforce compliance with accessibility standards. The maximum penalties under the AODA include:
- A corporation/organization that is guilty can be fined up to $100,000 per day
- Directors and officers of a corporation/organization that is guilty can be fined up to $50,000 per day
See: https://accessontario.com/aoda/ to learn more about the AODA and how it applies to the internet specifically.
What matters to you right now about AODA law:
As of January 1, 2014 all organizations with 50 or more employees that create new internet websites and web content on those sites must conform with WCAG 2.0 Level A. A “new” website means:
- a site with a new domain name (i.e. a brand new website address, and not a new page or link on the existing site); or
- a site with an existing domain name undergoing a significant refresh. Significant refresh may include, but is not limited to, a new look and feel, changes to navigability, or the majority of content is being updated or changed.
In 2017, organizations with 20+ employees will need to file an online compliance report with the government confirming their continued compliance with the AODA.
By January 1, 2021, all internet websites and web content must conform with WCAG 2.0 Level AA, other than success criteria 1.2.4 Captions (Live) and success criteria 1.2.5 Audio Descriptions (Pre-recorded).
See: https://accessontario.com/aoda/aoda-faq/ to answer more questions you may have on AODA law.
Clearly this is something than cannot be ignored when building a new website or even updating an existing one. When you really start to think about how you edit your website, this is an issue where you can harm your own bottom line if you are adding content that does not comply with WCAG A or AA standards (in which AODA law is measured against).
When we develop new websites for our clients, we use WCAG Level AA techniques only to ensure compliance upon launch and work to future-proof your code. A client must then learn and understand how to continue this practice in order to keep the compliance rating that is offered upon launch of their new website. To offer true peace of mind, we now have a monitoring and reporting service that conducts our tailored form of WCAG AA compliance tests using the same software that the Canadian Federal Government is using in their own website development practices.
You need expert knowledge from a dedicated partner
In summary it was apparent to us that we needed to develop reporting tools for our clients so the TSA Report was born. A new monthly service from Floating-Point designed to keep you in the know on Traffic, Security and Accessibility. This can be purchased from us by contacting Clair Kimmett (Sales & Marketing Director) using our convenient form below.