We talked with Ellie Alexander and Josefina Terrera about:
- How simple website upkeep can keep your inbox from going spooky silent
- Haunting compatibility issues and how keeping up with today’s “digital hygiene” like routine backups and testing can keep you from spooky surprises
- Cross-platform compatibility and how to keep your brand materials looking their best no matter what program they’re viewed in
About Ellie and Josefina:
At Out & About Communications, Ellie and Josefina are dedicated to guiding clients to achieve their brand and digital goals. As design director, Ellie collaborates closely with clients to refine their brands and showcase what makes them unique. Her background spans traditional ad agencies, in-house branding, and boutique marketing, all of which have shaped her expertise and approach. Josefina serves as senior developer, crafting visually appealing and functional websites to meet client needs. Together, they bring creative precision and dedication to Out & About website projects, helping clients stand out and connect authentically.
Featured Resources
Enjoyed This? You’ll Also Love:
- FAQs: When to Engage and How to Navigate Outsourced Marketing in Financial Services
- Website Redesigns: The Process Behind Building Websites for Financial Services Companies
- Financial Services Branding: When and How Should You Redesign Your Company Logo?
Full Audio Transcript:
00:00:00 - 00:22:21
Lauren Hong
All right. Welcome. We have a spooky on purpose podcast today for Halloween. Ellie, you are dressed very much in color. And Josephine, you’ve kind of got it going on. Maybe we should have worn costumes; that would have been fun.
00:22:21 - 00:25:25
Josefina Terrera
I was going to bring a flashlight and a hoodie but decided against it.
00:25:25 - 00:48:25
Lauren Hong
I've got a lot of princess gear around the house with kids. So many ways to dress up. Okay, so speaking of Halloween, we have seen some spooky things. We have some spooky case studies regarding website design — all kinds of things where you're like, oh, I didn't want that to happen.
00:48:28 - 01:09:20
Lauren Hong
We're going to talk through some of those and how we can avoid them. So, Josefina, I'm going to pass it over to you because you have a pretty meaty case study you were able to pull up that I think really helps to connect the dots. If you're a small company or if you're a pretty large organization, you can be in the way of a digital threat.
01:09:20 - 01:13:21
Lauren Hong
So, you want to share with folks?
01:13:28 - 01:39:11
Josefina Terrera
Yeah, sure. Well, for me, I guess the spooky part is the things we cannot control and in our websites we cannot control what other people are doing. So I was howling about this story that happened in 2016, and I knew about it because it was all over the media. It involved many presidents and prime ministers.
01:39:13 - 02:06:00
Josefina Terrera
It's called the Panama Papers Breach, and it's the largest breach documented, because it involved 11 million documents. I just read about it at the time and how all these people were involved with tax evasion and offshore activities. But as you know, I was reading recently that everything started with a WordPress website, from a law firm in Panama.
02:06:02 - 02:33:03
Josefina Terrera
They had an outdated side and the plugin Slider Revolution, which is what you would use for your slideshows. And hackers were able to enter the site through that plugin. But it didn't stop there. They didn't have the 11 million documents on the website. They had them on the server, which they were sharing with the website.
02:33:05 - 02:58:01
Josefina Terrera
Well, everything else is history. People went to jail and whatnot. But it does leave some very important takeaway lessons from other people's mistakes. Number one, keep your website up to date, keep your plugins up to date. Plugins are somebody else's code and you don't know what they're doing.
02:58:01 - 03:29:18
Josefina Terrera
You don't know they're maintaining it. Personally, I don't even like to use that many plugins. I trust some basic building blocks — HTML, CSS, JavaScript — and use as few plugins as possible because you know you're giving too much control up to other people. Keep your themes up to date. Number two, practice some digital hygiene where you keep your website in one place and your sensitive data in another place.
03:29:18 - 04:03:00
Josefina Terrera
Be very cautious about what data you're taking from your clients. We're dealing with financial companies. People are very cautious about their data. So treat it with respect. And then I think number three is to have a password manager, which seemingly contradicts digital hygiene because you are having all your passwords in one place. But password managers work all day, their brand is working all day to keep your passwords safe.
04:03:02 - 04:38:25
Josefina Terrera
So I guess also encrypting your passwords, suggesting hard to guess passwords and everything they can do in terms of security they're going to apply because they're training for that all day. So I would say if you have a password manager just memorize that password or maybe you can write it down in your one safe spot, have two-factor authentication, and as an extra level of precaution sign in from a browser that doesn't have any Google extensions.
04:38:27 - 05:10:18
Josefina Terrera
Because somebody could sometimes inject malicious code. I think if you do all of that, you should be relatively safe. I have other stories too. I just don't want to take over because we have not experienced some serious hacks in our websites. I do remember at some point we had a situation that is very common in WordPress where things just get abandoned.
05:10:21 - 05:37:00
Josefina Terrera
So you buy a theme, you build the whole website around the theme but then the developer decides it can’t be yours. Then the theme is there but you still have to update WordPress and the plugins and it's like WordPress goes this way and your theme stays here, and they're just not synced anymore.
05:37:03 - 06:08
Josefina Terrera
What happened to a website was that every time we would do an update, we would risk having all these shortcodes and gibberish appearing on the website, and we had to recreate components. That's something to think about when you're building with WordPress. Eventually there was a happy ending; they didn't get hacked, fortunately.
06:08 - 06:26:05
Josefina Terrera
And they got a new website. But you have to be very vigilant. Don't depend so much on plugins. I guess if a plugin has one million installs, it's steady. You can trust that plugin because then you only know that one million people will have your same problem. But you don't need a plugin for everything.
06:26:07 - 06:36:19
Josefina Terrera
I'm very adamant about adding things that later on, you just have to deal with, all that junk on your website and you don't know why.
06:36:21 - 06:50:06
Lauren Hong
Yeah. And we should run quick introductions too. So for folks who are listening and aren't familiar with your background, you might just share a quick intro and then Ellie we’ll pop over to you to do a quick intro. And then unpack some stuff because I'm sure you're like, yes, I've seen this and I've seen that.
06:50:06 - 06:56:10
Lauren Hong
So yeah. Josefina, you might just do a quick intro.
06:56:12 - 07:13:10
Josefina Terrera
Well, I'm Josefina and the developer here at Out & About. I'm based in North Carolina. I love geeking out about this stuff.
07:13:12 - 07:33:12
Lauren Hong
Totally. And you are so well versed in a number of different things. You’ve worked on a number of different backends. You're not platform agnostic. And you also know a number of different languages, website development languages. So you've seen a lot over the years.
07:33:14 - 07:52:03
Josefina Terrera
Yeah and over the years you just develop your preference and your way. It's not even your preference, oh, I like to do things this way, I find it more sustainable doing things this way or that way. But I know from experience.
07:52:05 - 07:53:24
Lauren Hong
Ellie.
07:59:29 - 08:19:09
Ellie Alexander
I'm Ellie, I'm the design director here at Out & About. So my specialty is a little bit more design focused and broader. Josefina knows much more of the technical background, like web development stuff. And my purview is more of the design side, the esthetics, and the brand.
08:19:11 - 08:32:03
Ellie Alexander
I've been in the industry for, gosh, about like 15 years now. And I've worked in small agencies, corporate, all over the place and I still see the same issues pop up, the same spooky things over time.
08:32:06 - 08:38:10
Lauren Hong
What kind of spooky things are we seeing? I feel like we need some intro music.
08:38:12 - 08:59:04
Ellie Alexander
Yeah, I know. So one of the most serious ones — none of mine are as serious and catastrophic as Josefina’s example — I guess that's since I'm coming more from the design side. But one of the more serious ones I have seen is not having your website at least somewhat accessible.
08:59:06 - 09:11:26
Ellie Alexander
And to be accessible in this context means for people who might be hard of sight and have to use a screen reader, or for people who might have other disabilities that make it difficult to interact with websites.
09:11:28 - 09:12:06
Lauren Hong
Yep.
09:12:14 - 09:33:05
Ellie Alexander
And at its best, it can simply be that the text is too small. And if you're someone who even just needs reading glasses, you pull it up on your phone and you're like, well, I can't read this. Thanks, guys. This isn't helpful. Or not having good enough contrast, like if the text and the background are too close in color or tone it can be really difficult for certain people to read.
09:33:08 - 09:49:29
Ellie Alexander
And including text in your images is another thing I see a lot that's just a big no no because then it's completely not screen reader-enabled. Or if someone just even happens to be on a bad broadband connection, the image just won't load and they might miss a really important piece of what the content of your website is.
09:50:01 - 10:12:06
Ellie Alexander
But worst-case scenarios, especially for midsize to large organizations — and I've seen this happen at past workplaces — there are predatory people whose whole job is filing predatory lawsuits on companies whose websites aren't accessible, and they just scour the internet for websites they can think they can file a reasonably founded lawsuit.
10:12:06 - 10:36:09
Ellie Alexander
And it's just unfortunate because in these cases it's not coming from anyone disabled who is actually impacted by it. It's just people looking for people they can sue to make money. So that's one of the more serious ones I've seen. But other ones are just not having your website optimized for mobile. That's gotten a lot easier over the last couple of years, since now drag and drop platforms like Squarespace and Wix will let you do more customization for mobile.
10:36:16 - 10:54:24
Ellie Alexander
But if you don't take that into consideration, you could just end up with content that's out of order and no longer makes sense. Or as I mentioned before, is simply too small to read. So in this situation, it's more just usually like it makes your website look awkward and not as professional. That's usually not a catastrophic issue, like a lawsuit or a breach or something.
10:54:27 - 11:14:16
Lauren Hong
Totally. In going back to Josefina’s point, I've literally seen websites on the brink — they look great on the outside but on the backend it's a hot mess. So I really appreciated your takeaways too about how we make sure we're keeping up the backend so it doesn't fall apart on the frontend.
11:14:20 - 11:41:12
Lauren Hong
And what you're saying too is like on the frontend that it's accessible for people if they're on mobile, if there's like you were saying, a challenge with being able to see or access the website from a variety of different angles. So any other like spooky situations or things you guys can think of that we run into or things to avoid?.
11:41:14 - 11:59:22
Ellie Alexander
This is one actually. It honestly just popped into my head while we were talking, and it's more from a consumer angle. I've actually taught a couple of my friends this. There are so many borderline, questionable e-commerce sites that pop up these days. Say you get an ad on Instagram and you're like, oh, this looks cool.
11:59:24 - 12:04:00
Ellie Alexander
And this is why it's spooky. Because the websites can look pretty legit.
12:04:02 - 12:09:19
Lauren Hong
Definitely, like Tiffany and Company. I’ve totally seen fake websites like.
12:09:21 - 12:25:17
Ellie Alexander
That's spooky. Yeah, that's really scary. You’re usually like, it must be a small startup I've never heard of but no — and then you've got the product and it's complete garbage. There are ways that people who are really savvy at doing that can make it extra impressive.
12:25:17 - 12:45:13
Ellie Alexander
But a really good way to tell is, especially if it's a retail site, look at the photography and see if the photography is all done in the same style. That's one way I've been able to get them and teach my friends about them. If you look at all the clothing and one photo is done on a white background and one photo is in nature and another one is very bright and another one is very dark.
12:45:13 - 13:11
Ellie Alexander
If the photography is all over the place, it's probably because they stole the pictures from different websites. So that's a big red flag. If the photography on a website, especially their product photos, is not consistent, unless you know it's legit, probably don't trust it because they're probably just stealing those images.
13:14 - 13:12:03
Lauren Hong
Yeah, totally. I know we do a lot of website backups too. I don't know if you want to talk to that because that's another preventive way to avoid issues or just the importance of digital hygiene.
13:12:05 - 13:40:29
Josefina Terrera
Yeah, just do regular backups because sometimes malicious code is just so hard to take out or whatever, just having previous versions of it and an external backup. Many hosting companies provide you a backup for 30 days but sometimes it's hard to know when things happen. One code gets injected.
13:41:01 - 14:11:16
Josefina Terrera
I mean, what Ellie was saying about sometimes what they do — there was like a famous case of pharmaceuticals where hidden things get injected into the website and people pressed a link from the pharma website, and then they go and buy something on a counterfeit company. So you don't know what may have happened over 30 days ago.
14:11:16 - 14:40:01
Josefina Terrera
So it's good to just keep those regular backups outside of the hosting and going back to that ecommerce website like Ellie was saying, I am very cautious with my credit card. At this point, I don't pay anything unless it has PayPal, Stripe, or Apple Pay. You know, I just don't trust your website.
14:40:08 - 15:13
Josefina Terrera
I don't trust it. Random websites holding your credit card data is not safe anymore. And you know there's safer methods to do it. So if that's a product I like and they don't offer alternative methods of payments, I'll just learn to wait.
15:15 - 15:26:29
Lauren Hong
Totally fair. And I think that's also a good reminder. If you are looking to take digital payments, make sure you have a secure methodology to be able to take that payment in. I totally hear you. Ellie, you were going to say something. Do you agree? You had mentioned earlier before we started, one thing I think is super spooky and very real — broken forms — so that's a very real thing.
15:26:29 - 15:30:24
Lauren Hong
What was it? The other thing that you said was a snag.
15:30:27 - 15:39:07
Ellie Alexander
It is a snag. I don't remember the thing I said. There was a snag in the contact form; maybe you can remember while I'm talking. So I don't recall. Yeah.
15:39:07 - 15:40:04
Josefina Terrera
Yeah.
15:40:06 - 15:53:24
Ellie Alexander
The contact form, especially for small businesses. I definitely think people are like, oh, I'm just surprised we haven't gotten leads in a couple of weeks. Why? What's going on? Maybe we need to do more in a marketing push. Well, have you checked your contact form to make sure it's still working?
15:53:24 - 16:15:14
Ellie Alexander
It could be a WordPress plugin issue like that plugin is no longer supported. So the form is simply not working. Or did the person who used to get your inquiries leave the company and we forgot to set the contact form to redirect to somebody else? Or did you, as an organization, change the format of all your email addresses?
16:15:14 - 16:29:27
Ellie Alexander
And that didn’t get updated. There's lots of reasons why a contact form can just not work — if it's just being sent to an old inbox or not going through. So just check that, especially if it seems like you're getting a lot lower level of leads recently; just make sure the contact form is working.
16:30:00 - 16:48:28
Lauren Hong
Totally. It's basic. I've also seen hackers input malicious code through contact forms too, which I think is another good thing to know. And Josefina, to your point earlier, keep those plugins updated and it's so easy to do shortcuts. So I'm going to throw another plugin on the site, I'm going to do this, I'm going to do that.
16:48:28 - 17:05:18
Lauren Hong
And then you forget about it. And then you go to the backend of the site and you're like, oh my gosh, there's like 50 plugins here. We're only using five of the 50. Those other ones need to just say goodbye to, so just that idea of hygiene. I don't know, Josefina, if there's anything more you want to share on that too.
17:05:21 - 17:31:21
Josefina Terrera
Yeah, it's definitely a very important step. Like being on top of what’s in your house. What happened? What is all this stuff in the closet? It’s good to always be checking. The more familiar I am with a website, the easier it is for me to maintain that hygiene, because it's like, okay, I know this.
17:31:21 - 17:56:06
Josefina Terrera
I know when this was inserted. One common thing I like to do is deactivate things, keep them deactivated for a while. Nothing happens. Then we consider deleting them. There're many WordPress plugins that have to do with searching or nothing that will affect your frontend; they are just tools.
17:56:13 - 18:18:15
Josefina Terrera
So those are the easiest ones to delete. And then there's one like Slider Revolution that goes with a slider somewhere. Because I've learned many stories start with Slider Revolution. I for one don't like sliders and don't like plugins for sliders.
18:25:29 - 18:52:17
Josefina Terrera
And as far as forms, I'm very attentive to forms because it's what the whole marketing effort is about, from beginning to end. You want to reach people. You can have the most awesome website but if you have a form that hasn't been set up properly, the whole thing feels incredibly frustrating.
18:52:17 - 19:21:25
Josefina Terrera
So, I'm very intentional about it. I know with our own website, we even have a backup because ours is with Webflow. So even if we miss some submission or whatever was to happen to our integration, Webflow will say whatever was submitted. So that's my favorite platform; I always feel safest with that one.
19:21:28 - 19:46:21
Josefina Terrera
You can still get hacked with a Webflow website because there's always the possibility that you can add a third-party library. You can always inject some code or there's always the login credentials, everything is vulnerable. But at least with that, it is a hosted platform. So everything that's a plugin, even HubSpot.
19:46:21 - 20:17
Josefina Terrera
I don't like HubSpot but it is a hosted platform. So they are going to handle security stuff with WordPress. Sometimes it does feel like the wild, wild West, so you have to be very diligent.
20:20 - 20:24:10
Lauren Hong
Yeah, yeah. Different people maintaining different code, which is not bad. Actually there's a beautiful thing about it, right? There's an art to being able to pull these pieces together but you just want to be smart about how you do it. I think just another takeaway, as you guys are talking, is that these things, why they seem simple are never really simple, because like you were talking earlier about, well, I'm going to take a plugin away and I'm going to wait to see if it impacts anything else.
20:24:10 - 20:39:24
Lauren Hong
Sometimes there's domino effects. So just being really cautious about changes that are being made, and taking those backups and just that overall digital hygiene is important as you proceed forward. So any other thoughts guys?
20:39:26 - 21:13:09
Josefina Terrera
Yeah, I mean there's a lot of spooky things. We were talking about CSS stuff. Fortunately many of those things have been solved with time but it used to be the worst thing having to deal with Internet Explorer. Because let's just say, I used to create websites for pharmaceuticals and many boomers use IE.
21:13:12 - 21:35:14
Josefina Terrera
So you have to be building for IE. So let's just say you have something, some component that's working perfectly in any browser but it's not working in IE8. But then if you Google analytics I was like oh, I guess people are still using IE8. You know, you call your doctor.
21:35:16 - 21:38:23
Josefina Terrera
I used to be using IE.
21:38:25 - 21:41:26
Lauren Hong
In finance too, which is crazy.
21:42:03 - 21:49:04
Ellie Alexander
So secondly, I thought what you were talking about was AI. I was like, I'm embarrassed to ask. That is oh my gosh, Internet Explorer. That's a throwback.
21:49:06 - 22:10:05
Josefina Terrera
Yeah. But this wasn't so much way back. Let's just say 2018, 19. And yeah, what was interesting is sometimes you had that dilemma and fixed it at IE but it looks a little bit more messed up now in Chrome. I'm making compromises for the sake of IE.
22:10:07 - 22:38:22
Josefina Terrera
Even Microsoft has said we stopped supporting IE, so it's like you were really on your own. Or they would stop supporting older versions. They were using Edge. Eventually Edge started using Chrome. So it just became a more homogeneous environment that ( ) and different browsers, videos, we use BrowserStack, which solves a lot of these issues.
22:38:22 - 23:01:26
Josefina Terrera
So it's like a virtual computer that allows you to login to your website on any computer, on any device you can think of. Let's say you run your analytics and you realize many of your clients use Android, then maybe you want to focus a little bit more on Android. it's worth it.
23:01:26 - 23:23:15
Josefina Terrera
So those are some other spooky things. There’s a lot of things you have to keep in mind when you're building components and yeah, with CSS, all kinds of fun things.
23:35:21 - 23:46:27
Ellie Alexander
This is borderline website related but something you just said Josefina about things being updated and new versions of things aren't supported anymore.
23:48:28 - 24:06:01
Ellie Alexander
One thing that just drives me crazy is, especially now with cloud storage and like, some organizations use Google Drive and they use Google Docs and they use that and some organizations use Microsoft programs, and you think, oh, I can just put one into the other.
24:06:01 - 24:36:26
Ellie Alexander
Especially if your organization is using both or people in your organization are using different versions of those, it can really mess up your documents. Because a lot of our work focuses on business to consumer materials but we also do a lot for just organizations internally. And so if you're even making your email signatures, if you create a beautifully designed email signature but then you send it to someone in your organization who uses Outlook and someone in your organization who uses Google or Apple Mail, they could put them in and they would look completely different because those programs use different default fonts or they’re running on different versions.
24:36:26 - 24:52:23
Ellie Alexander
And it's just so spooky how you can design something like a beautiful PowerPoint template or a beautiful Word doc. But then as soon as it starts going off to different machines and gets uploaded into Google and then downloaded back and used in Microsoft again, it can just get trashed. And it drives me crazy.
24:52:29 - 25:13:10
Lauren Hong
You know, again, it's not just machines, like you're saying. Sometimes it's just because you're on an Apple or a PC or different versions or printers. Yeah, it is kind of wild and there's ways to avoid certain things but there's also system upgrades. You can get it just perfect and then it's like, whew, like email.
25:13:12 - 25:37:20
Lauren Hong
That could be a whole other podcast. So oh my gosh. So fun. Really appreciate the conversation expertise you brought to the table and to some really good takeaways. I think, like websites, all of this can totally be spooky but making sure we're a smart website with digital hygiene and backups, and not taking shortcuts on things is the way to go.
25:37:20 - 25:40:17
Lauren Hong
So thank you guys for your time.
25:40:20 - 25:45:18
Ellie Alexander
Thanks for having us.
