Chris Lema is the CTO and Chief Strategist at Crowd Favorite. He’s also a daily blogger, a public speaker, and product strategist. He helps companies leverage WordPress, and helps WordPress companies find leverage.
For twenty years Chris has developed and managed high performing engineers to build software products – particularly SaaS products in a variety of B2B vertical markets. He’s also spent the last ten years coaching startups on product development & marketing strategies. Chris offered us a video testimonial detailing his experience with Sucuri as the former VP Software Engineering at Emphasys-Software.com.
There was a time when I would wake up and roll over, and right on the side of my bed was my nightstand. On my nightstand was my phone. I would wake up 5, 5:30 in the morning because my company ran on East Coast Time. The day would be starting. I'd wake up and essentially head straight downstairs to my home office where I could get on phone calls and start emailing. But I would wake up 5 in the morning, 5:30 in the morning and the first thing I do is I'd roll over and I'd grab my phone.
One particular morning, I opened up my email on the phone and it was just filled, filled with notifications and emails.
We ran a whole series of websites, membership websites for all of our customers across several different vertical markets. Each of these membership sites had public facing and non-public facing content on it, protected content if you will. Each of these sites were Wordpress sites, part of a large network of sites and each of these sites essentially manage the relationships between the staff that we had and that division that was working for that vertical market and all of those customers.
Some of those markets were only worth 2 or 3 million in revenue to our business, other worth three to five times that. Everyone of these sets of relationships was driven in terms of the maintenance of that relationship through this membership site, this internet extension that allow the customers to read content, knowledge-based articles, download patches and even distribute new versions of software.
Here on that morning, I looked on my phone. As I looked at it, I started noticing that there were some common themes. People were writing in telling us they couldn't get access to different parts of the sites. Employees were writing in telling us that people had been calling them asking to get access to the sites. Monitoring software was telling us there was a problem with the sites. My own staff was contacting me to say, "Wake up, we have a problem with our sites." I won't forget the feeling that I had.
I don't know if you've ever had it where you're laying in bed and you're thinking, "What day is it? Is there a chance today is Saturday? Is there a possibility that I could just pull all the sheets and covers up over my head, go back to sleep because my pillow is still warm, I'm still ready to take another hour or two to sleep? Is there a chance I woke up on the wrong day, that maybe I set my alarm for a Saturday instead of a Friday? Is there a chance that I could ignore all of this and go back to bed?" Yet, I couldn't. I couldn't because it was a weekday and because we had several sites that weren't working.
Now, at that time I didn't know what was broken. I didn't know what the issue was. I just knew there was an issue. It wasn't one issue. It wasn't just on one site. From the look of all the different emails, all the different vectors, of all the different people that were communicating and telling me that they were having problems, it was clear it was across several of our sites.
Before I even got dressed and went downstairs to start making calls and getting on Skype and writing emails, I had the sense that we were probably talking about five, six, maybe 10 sites that were somehow incapacitated.
At the time, I remember that morning and it was early morning. I don't think most people on the West Coast were up yet, definitely not doing business. I sent an email to a friend of mine. I said, "I've been to your website at Sucuri and I see that I can buy even a package of up to five sites. But what do I do if I need a package for 20 sites?" I still didn't know the exact number of sites that were having problems but I guessed it was 10, maybe a little more and I guessed that we had some sort of malware attack. I wasn't interested in solving the problem on my own.
There's a lot of things I can do. I mean, we're a software company after all. I had a lot of technical staff but there's some things that you leave to a professional. In the same way that I would tell our customers, "We want you to do your core business and that's why you let us build and manage the software for your core business so that you can worry about what you do best and let us worry about what we do best," well, security for websites is not something I would ever try and say I do best.
I contacted my friend Tony and said, "Hey, how do I buy? I don't even see the package on your site that I need." He sent me a link. I bought it.
You're going to get an email from this company, Sucuri, give them whatever they need. Give them whatever information they ask for. Give them access, they're going to solve this problem.
Now, I need to highlight the difference of the experience I had that morning by telling you about another morning. This actually was a Saturday. On this particular Saturday, the idea had been that I was going to hang out with my wife. We were going to go have a lot of fun.
These were the kinds of clients that were small businesses. These were the kind of clients that I wasn't even making money off. I had helped them build their site, maybe charged them a little something but I'd put them all on my hosting plan because they didn't really do much. There wasn't a lot of traffic and I just left them there.
Unbeknownst to me, one of them had uploaded something that had a backdoor opening to it so that someone could maliciously break in, and once they broke in, they were able to infect all five of those sites. At that time, I didn't know Sucuri so I started fixing it myself. I spent money to send my wife to the spa for the day because that's what you do when you ruin the plans for the weekend, and you say, "I'm sorry honey, why don't you go to the spa and get whatever you want and I'll sit here and I'll work on this site and I'll clean up everything so that people aren't calling me."
I spent seven or eight hours working on it. I felt like I had it all clean because at the time I thought I knew something about something and I thought I could figure this out, it's not that hard.
I'll look for the files that don't look right. I'll pull out some other files. I'll drop in the baseline, the core files from Wordpress. I'll take care of this. At the end of the day, my wife came back from the spa. I said, "How was your day?" She said, "It was great." She said, "How was your day?" I said, "Well, I'm feeling pretty good. I got it all cleaned up. We're good. Nobody's upset."
I'd like to tell you that it was some new malicious vector out there on the prowl trying to hit my sites but that's not what happen. What happened was that I had a false sense of security when I thought I had cleaned everything off because I hadn't cleaned everything off. I hadn't solved every problem. There were places I hadn't looked and things I hadn't done. Just days later, I was like, "I don't even know where I'm going to send my wife this weekend," because I'm going to be back at the computer all weekend working again for no money just trying to keep a couple of free sites live.
It was just a little after that when I met Sucuri. You can imagine when I realized my company had a problem. An enterprise that was doing a whole bunch of work and building relationship with its clients through the web and how quickly I needed to get that resolved. I told one of my staff, "You're going to get a call from Sucuri, give them whatever access they need. Give them whatever information they need. They're going to solve this problem."
I thought in my head, in the back of my head, I had this idea that, "Yeah, we've spent some money but maybe, maybe by tomorrow afternoon, I could start prepping customers. I started drafting the email that said, "Tomorrow afternoon, everything will be fine so on the third day, we will rise back up. Everything will be better."
It wasn't more than two or three hours later that I got the first report that said, "These are the things you should do." The hardening that they were recommending that we do. Then within another hour, the long list of everything they had done. I remember looking over that list and thinking, "Wow, yeah, I didn't even know how to do that."
The only problem that I have with my relationship with Sucuri is that now whenever I open a ticket and I have had to unfortunately open tickets every now and then, every couple of years, Tony seems to flag it, catch it and have it sent directly to him and every time he sends me a note saying, "Hey, looks like you need some help." I feel embarrassed that I haven't solved all the problems myself yet here's the reality. There's some things that I do very well. I'm never embarrassed about those things. There's some things I don't do very well. I've had to learn not to be embarrassed by letting someone else take care of it for me. It's their core competence.
By all means, I want to live with best practices of security but I'm not a security expert. Frankly, I don't have the time to become one because the nature of that space changes so rapidly that I can't even keep up.
What I think I know to do becomes antiquated and outdated way too fast. That's why Emphasys software had, has a long term contract with Sucuri because it's a business because I now don't work there any longer. As the guy in charge there, VP of software engineering, my role was to make sure that that software, that everything we built and every site we ran would stay secure and protected and available to our customers.
Even though I just left a few months ago, right, I know that I left them in good hands because of the relationship that I started a couple of years ago between Emphasys and Sucuri.
Chris reached out to Sucuri’s sales staff and upgraded his subscription to the new AntiVirus plan. Now he was sure his online businesses were safely protected, and he gained peace of mind.
I had the best protection package for my sanity.
Looking back at that moment, Chris remembers not having any issues since:
I have had no issues since. None. It’s cool to see how many attacks my remaining four sites still attract each day - but your firewall remains firm. I can see the antivirus monitoring “live” - I know when the last daily scan occurred and can see if any issues (blacklisting, compromised files, etc.) have been found. They never have - so far.
From a business impact standpoint, the protection we offer lets him sleep at night knowing that Sucuri “has his back” with keeping his sites safe and performing well.
My websites are my “live billboards,” the visible evidence of my content, my expertise, and my services around the globe. If my billboards are dark, at any time, I’m losing business. You all make me happy.
If you find yourself in a situation where you are experiencing malware or even blacklisting on your websites, instead of spending hours like Chris, away from your business or family, let Sucuri take the heat. We’re really good at it. Let us worry, dig and find the problems, clean them and restore your website, your business and your peace of mind.
When we’re around, hacked websites and malware files have a tendency to run and never come back. We detect and destroy all malware. If they ever attempt to attack you again, our protective Website Application Firewall (WAF) will cut them to pieces.
Try us today and then come back and let us know your story. We’d be happy to feature it here on our Customers page. Get real security, by real people.