GDPR: 65,000 Euro penalty for missing updates
In Lower Saxony, a company was fined €65,000 GDPR.
As heise online reports, critical security updates have not been installed for years.
The shop software xt:commerce is in use in a version that has been considered obsolete since 2014 at the latest and is no longer supplied with security updates by the manufacturer.
This shows how important regular maintenance and updates are for a website.
The most reliable protection against security vulnerabilities is regular updates – since WordPress distributes and installs critical security updates fully automatically, it is considered one of the most secure content management systems worldwide.
We at straightvisions used to implement some shop systems based on xt:commerce and therefore know how time-consuming and nerve-wracking updates in this shop software can be. Nevertheless, regular updates are crucial for security and frequent implementation also make the effort manageable. It becomes particularly time-consuming if you are already several major versions behind.
In the above-named case of the hacked xt:commerce shop, completely insecure password encryption techniques were now used in the completely outdated shop version. Just by regularly updating the shop software, the hack could have been avoided.
As an end user, you should also pay attention to secure passwords.
Websites have a half-life
Maintenance serves to maintain value
In addition to security aspects, regular maintenance of the website also ensures that a one-time investment becomes a permanent investment – i.e. after value building, the value preservation is ensured.
A website that is not regularly maintained has not only represented a security risk since the GDPR at the latest, but also a liability risk.