Penetration testing, often abbreviated as pen testing, is an essential process to ensure you maintain a safe and secure website. But what exactly does pen testing involve, and how can you rest assured your agency partner is covering all potential vulnerabilities for you?
This article will provide a detailed guide to penetration testing, helping you minimise your security risks and ensure your website is fully protected.
In a recent series of articles published in our resource library, we provided an in-depth explanation of the end-to-end process of building a high-performance, enterprise-grade website. (If you’d like to read that series first before learning about pen testing, you can start here).
After you’ve worked with your agency partner to successfully build your website, you’ll also need to ensure your site is protected from cyber security threats. With that in mind, you should understand the important role that pen testing plays in effective website security and maintenance.
What is Penetration Testing?
Penetration testing is a form of website testing that’s used to identify security vulnerabilities When conducting pen testing on your site, your agency will simulate a range of cyber attacks that could be used by cyber criminals or malicious software (malware).
The purpose of this is to identify security weaknesses within your site and take action to prevent them from being exploited in the real world. This approach goes beyond basic tests, as it doesn’t just list the vulnerabilities, it examines how they could be exploited and helps to prevent that from happening.
Why is it Crucial for an Agency to Conduct Penetration Testing?
Website security is critical in today’s digital business landscape. Cyber security threats have become highly intelligent and sophisticated, now capable of penetrating even the strongest security networks.
For instance, global technology giant Acer was the victim of a cyber security attack that demanded a ransom of $50 million USD in recent years.
The outcomes of a cyber attack on your website could be catastrophic, either through sensitive data being stolen, lengthy losses of business continuity, or even reputational damage.
Remember, your site’s security isn’t just vital to you as a business, it’s also something your clients need assurance with when they agree to work with you. You should be taking as many proactive steps as possible to ensure your security measures are rigorous enough to match high levels of risk.
Covering All Bases for Robust Security (in WordPress)
It’s useful to be conscious of the common security weaknesses and pitfalls cyber criminals typically aim to take advantage of.
Security vulnerabilities can be created when your website is running on outdated versions of your platform, or if something hasn’t been configured or integrated properly. Other common pitfalls include weak authentication measures and insufficient protection from the perspective of your users.
With platforms like WordPress, there are some areas in which less experienced agencies could allow security vulnerabilities to creep in as well. For instance:
- Auto-updates – When your platform’s software is automatically updated, changes in the code can cause new security weaknesses to arise.
- Plugins – Using WordPress plugins from untrustworthy sources, or neglecting to update and maintain your plugins properly, can also cause security issues.
This is one of many reasons why it’s important to work with an experienced agency partner who has proven platform-specific knowledge and expertise. Your agency should know your CMS of choice inside out, and should therefore be well aware of all the most common security pitfalls and targets for cyber attacks.
What Does Effective Penetration Testing Involve?
To conduct pen testing, your agency’s security experts will run through a process that attempts to penetrate your site’s security measures.
This is usually done in stages, as follows:
1 – Planning and Preparation
- Review the results and analysis of any previous tests (if there are any)
- Define the scope of the testing, including which tests will be performed
- Gather all necessary data and information on the system to conduct the testing
- Determine the criteria of success or failure for the tests.
2 – Running the Tests
- Use automated tools to scan for vulnerabilities and identify weaknesses
- Attempt to exploit the identified weaknesses
- Repeat the tests with different types of user roles and permissions
- Measure the outcomes against criteria for success or failure
- Create a report on the outcomes and results of the tests.
3 – Post-Testing
- Review the reports and analyse the results
- Remediate and resolve the vulnerabilities that were able to be exploited
- Re-test the vulnerabilities to ensure remediation was successful.
The Benefits of Thorough Penetration Testing
Working with an agency partner who can support you with ongoing pen testing is a necessary step towards gaining enterprise-grade security for your website.
Technology changes so quickly today. Your platform receives updates regularly, your site is always growing, and cyber criminals are constantly finding new ways to breach your defences and gain access to your data. Penetration testing allows you to keep the pace with new emerging vulnerabilities.
Conducting regular pen testing can also help improve client relationships and create competitive advantages as well. In certain industries, a demonstrable commitment to security will be greatly appreciated by your target audience. This can help to differentiate you from the competition and provide the trust required to attract more prospective clients to work with you.
Website Security is a Never-Ending Battle
While every business with a website faces tremendous security risks today, this is a proven process that can help to minimise that risk and give you the confidence you need in your site’s security.
Any agency partner you work with should have the knowledge and expertise to understand the importance of pen testing, and should insist on making this an integral, ongoing part of your site’s maintenance.
Would you like these insights straight to your mailbox?
- 24/7 support
- Back-up and disaster recovery
- Fully-managed service
- Automated monitoring and alerts
- 99.99% up-time
- 100% pass-rate for data centre audits.
- WordPress by itself, out-of-the-box, is secure enough for most businesses to use.
- WordPress in the hands of an inexperienced or negligent agency will create significant security risks.
- WordPress is the hands of a dedicated, specialist partner is a platform you can trust and rely on without any concerns.
- You risk going through a long, expensive discovery and definition exercise that you could’ve done yourself internally for no cost.
- You risk being given a quote that’s too expensive, or a project timeline that’s longer than necessary.
- You risk receiving a service from the agency that doesn’t align with your request or meet your expectations. In turn, you’ll then have to spend even more time and money on a new project to get your original idea developed.
- How will you be backing up the site’s data?
- What level of data encryption do you need?
- How will users’ personal details be stored and protected?
- Will you have two-factor authentication?
- What password recovery process will there be for users?
Digital Business
25 January, 2023
Is WordPress Secure Enough for Large Businesses?
Summary
Despite being the most popular content management system in the world, many large businesses and organisations in strictly regulated industries are still asking, “Is WordPress secure enough for us?”
This article will give you a detailed explanation of how WordPress can provide enterprise-grade security, to help you make your own decision about whether it’s secure enough for your own business. We’ll also share some helpful tips to enhance the platform’s security and reduce its risks even further.
As technology has become more pervasive in our daily lives, cyber security concerns have intensified, especially in the workplace. Each year, we read about more high-profile cases of global brands becoming victims of malicious cyber attacks, most often with sensitive data being the real target.
As a business, you should be increasingly careful and vigilant about the technology solutions you deploy today. This is even more important for large businesses and organisations in industries with strict regulations, where the consequences of security issues can be catastrophic.
When you’re choosing a content management system (CMS) to build critical digital assets like your website, security must therefore be a top priority.
Despite being the most popular CMSs in the world today – powering almost 45% of the world’s websites – WordPress is still seen by some as the platform for smaller organisations. You’d think its popularity alone would be sufficient evidence that WordPress is secure, especially as a large fraction of that user base includes enterprises across both the public and private sectors. However, when it comes to WordPress security, there are still some question marks.
So, is WordPress secure?
Yes, absolutely.
But there are certain factors and potential pitfalls you should be aware of if you’re considering WordPress as your CMS of choice.
Understanding Security in a CMS
As business challenges with cyber security and data protection continue to grow, selecting a platform that offers robust security is crucial. But how does that work, exactly?
Ultimately, a CMS like WordPress is just a piece of software, and all software can be vulnerable to security issues in a variety of ways.
The most obvious of these is a cyber security attack, either by hackers, a virus, or malicious software (malware). Any CMS used in a business environment needs to be built to withstand these attacks on a daily basis, and WordPress is definitely capable of doing so.
Another significant risk is when software has accidental weaknesses, issues, or vulnerabilities – known as bugs – built into its code. Bugs are common in software, and they can manifest as anything from a box appearing in the wrong place on your website to a platform vulnerability that leaks mission-critical data to cyber criminals.
Bugs aren’t difficult to fix, and we’ll explain later in this article why WordPress users can be confident that these kinds of risks are minimal with the platform.
However, when it comes to a CMS’s security, it’s important to understand the following point:
The biggest security risks, and the greatest opportunities for cyber criminals, are unsafe user behaviour, lack of best practices, insufficient maintenance, and poorly built sites. Not the platform itself.
Your behaviour, and the behaviour of your end-users, is an area that can be exploited or cause problems if you don’t prioritise security. That’s why it’s necessary to take a proactive, rather than reactive, approach to protecting your data. The rest of this article will help you do that, and remove any concerns you still have about WordPress security.
Is WordPress Secure?
The misconception that WordPress isn’t secure enough for large businesses still lingers, but why? Well, the main reason is because the platform is free-to-use, and so it was initially most popular among B2C blogs and smaller independent businesses.
Today, however, this couldn’t be further from the truth. Industry-leading enterprises such as private equity advisory firm Rede Partners LLP, global investment firm Coller Capital, and global research and advisory leader Forrester use WordPress for their CMS, just to name a few. This goes a long way to proving the apprehension towards WordPress security is unnecessary.
So, let’s explore the WordPress platform in more detail to understand why these global enterprises have full confidence in the security of their data, as well as the data of their clients and partners.
WordPress is already a secure, stable platform out-of-the-box.. You can rest assured its core code is highly secure, because it’s overseen by a team of security experts who thoroughly test and quality-check it on a continual basis. They regularly release updates and reinforce any potential weaknesses before they’re exploited to protect you against any new-found threats.
A team of security analysts study the ever-changing cyber security landscape and respond to it with speed and precision.
While WordPress may be seen by some as a CMS for small businesses, the speed at which security updates are implemented is arguably the best in the world when compared to other platforms.
WordPress is also open-source software, which means all the code it’s built on is available to the public. Anyone from outside the WordPress team can view it, download it, and make adjustments to it. Users often suggest their own changes and updates to the code by submitting them to the WordPress moderator team for approval. If improvements are made to the WordPress code, these updates will be released to the global user base.
These people are part of a global community of dedicated, passionate users who work hard to ensure the platform is always developing into the best version of itself possible. Anything WordPress’s own team misses, the developer community will catch. This means users are often fixing bugs and shutting down potential opportunities for cyber criminals, keeping the platform safe for everyone else.
WordPress Security Vulnerabilities
While WordPress does have the support of some of the brightest developers in the world, who keep it as secure as possible, they can’t take care of everything for you. As mentioned earlier, your biggest security risks will probably lie within your own business, regardless of what CMS you’re using.
Additional security vulnerabilities can arise in certain scenarios, often caused by ignoring best practices or failing to take responsibility for simple maintenance of the platform.
Web Hosting
Your hosting environment is an important factor that can influence how secure and protected your data will be. Your WordPress websites will be hosted in a server that stores your files and data in a data centre.
WordPress, like any platform, should be hosted in a secure environment, with an experienced provider who prioritises security as part of their services. This should include putting proactive security measures in place for scenarios like unplanned down-time or even natural disasters.
Secure hosting should also involve automated monitoring for malicious activity and vulnerabilities in your servers and software, as well as incident response.
Before choosing your hosting service, be sure to carry out some due diligence and look into the security best practices of your host. In many cases, it’s wise to work with an agency partner who will help you with this, but more on that later.
Plugins
While the WordPress community is one of the platform’s greatest strengths, interacting with unsafe additions to the software can also be its downfall for some businesses. It’s important to be cautious of the constant stream of new features, updates, and plugins being made available, because some of them could create issues for you.
To avoid these problems, you shouldn’t download plugins unless they come from recognised, credible sources. Furthermore, you should always ensure all your plugins are correctly tested, maintained, and updated.
We appreciate this may sound complicated. For that reason, you should entrust this responsibility to a partner. When using WordPress to build and manage websites, a good agency should help you ensure everything is secure and up-to-date.
Software Updates
When you’re running a website or application on WordPress, you’ll regularly receive software updates from the platform. Any time an update comes through, it’s because certain bugs have been fixed or some improvements have been made.
It’s crucial that you keep up with WordPress updates because they’re there to keep your site secure. By leaving your site running on outdated versions, you’re at risk of a known issue being exploited by cyber attacks. Again, this should be taken care of by your agency partner so you don’t need to worry about keeping your web platform up-to-date.
Tips to Strengthen WordPress Security
If you still have doubts, there are some simple steps you can take to further strengthen the security of the WordPress CMS. Some of these more general tips can also be applied to most website platforms and other software software products in general as well.
Use a managed hosting service that offers enterprise-grade security.
You wouldn’t rent an office in a building that leaves its doors unlocked at night. Why would you place your sensitive data in a data centre that isn’t fully secure?
Some things you should consider non-negotiable for a web hosting provider to offer include:
Put back-up and disaster recovery services in place to ensure you’re protected from all potential risks.
To build on the above point, ensure your hosting service has measures in place for back-up and disaster recovery. This fail-safe measure will give you a way to save and recover all your data in the event of any losses.
Do not use, or allow your agency to use, any plugins from unrecognised sources.
As mentioned earlier, only use plugins from sources you trust. You should also keep all plugins and additions to the platform up-to-date, and make sure they’re rigorously tested – or, rather, make sure you can rely on your agency partner to do this for you behind the scenes.
Use plugins alongside security-specific enhancements.
You can further bolster the security of the WordPress platform by leveraging security-specific plugins such as WordFence, Sucuri, and Defender Pro. These can inform you of potential vulnerabilities or incidents so you can respond quickly before they have an impact on your business.
Don’t use tools that enable direct access to your site database from within the dashboard.
Some digital tools or extensions give direct access to your site’s database or files from within the dashboard, to make managing your website easier. This is something to avoid, because they’re often a major security risk.
Enable SSL
Enabling SSL (Secure Sockets Layer) introduces a protocol which encrypts the transfer of data between your website and your users’ browsers. This makes it more difficult for cyber criminals to steal information and data online.
Encourage your users to follow security best practices.
You can put all the security measures and data protection possible in place, but they could all be for nothing if a weak password or bad behaviour compromises your website.
Some security best practices every business can easily implement include making strong passwords compulsory among all users and introducing additional measures like two-factor authentication.
Rely on an Expert to Minimise Your Security Risks
As touched on throughout this article, another factor which will determine how secure your WordPress platform is will be which agency you decide to work with.
While deciding whether to invest in WordPress is a big decision, don’t underestimate the importance of finding the right agency partner to support you with your CMS, especially when it comes to WordPress security.
Ultimately, you should understand that:
Your data will be fully protected if you work with an agency who takes security seriously and prioritises it at the core of every development task they deliver for you.
That means they should be capable of handling secure architecture, testing, monitoring, updates, and ongoing support for you as part of your service. You should always take the time and care to find a specialist agency partner who has a proven track record of building robust, reliable sites, to ensure you’re minimising your risk.
WordPress is a Suitable Platform for the Enterprise
Cyber security and data protection are critical for businesses of all sizes, across all industries. But it can’t be denied that large businesses often face more severe consequences by falling victim to a cyber attack or data breach.
Choosing a platform that you have total confidence in is a necessary factor in the process of evaluating your options for a CMS.
When you have your own role and responsibilities to focus on, the last thing you want is to be constantly worrying about the security of your site. Following the advice and best practices listed in this article will provide you with a highly resilient WordPress platform with enterprise-grade security. That will allow you to spend more of your time creating an outstanding website that differentiates you from your competitors and drives business growth.
If you need more help understanding and evaluating platforms to deliver a web design and development project, read our comprehensive guide to selecting the right solution here.
Would you like these insights straight to your mailbox?
Digital Business
30 November, 2022
How to Create a Brief That Will Ensure Your Web Development Project is Successful
Summary
If you’re looking to build a website for your business, a proven approach is to work with an agency and have them deliver the project for you. This could be a bespoke website design and development agency or solely a website or platform development agency.
Before you approach an agency, however, you’ll first need to reach a clear, detailed understanding of your requirements.
This article will provide an in-depth guide to help you through the briefing process and ensure your chosen agency delivers your project successfully, including a free template you can use to create your own brief. This template can also be used for other types of development projects as well, including anything from an online portal to an internal training platform.
Where to Start
Whether you need to design and develop a new website, or rebuild or migrate an existing site, a natural first step is to take your idea to an agency with a view to launching a web development project.
However, it’s a common mistake to go to an agency too early with just a raw, under-developed concept. Rather than meeting with an agency prematurely, we strongly suggest going through the process of defining your specific requirements and creating a project brief first.
The first thing to do is hold a discussion with the relevant people internally. Talk through the idea, and try to define what it is you need and what you want to achieve with it. Get a clear picture of what that idea or a concept will turn into, but also think carefully about what it should do from the perspective of your end-users.
Once you have a more tangible understanding of what you’re looking to build, you should begin creating a brief.
This is a document outlining the key details and requirements for the project. It’s something you’ll need to take with you to your introductory meetings with the agencies you’re considering, as it will be a very useful tool in helping you explain your idea clearly.
A brief doesn’t have to be complicated. It’s just a simple written document that lists everything you want at this early stage. However, while a brief can be simple, it’s important that it’s as specific as possible too. The more detail you provide for your agency, the more chance you’ll have the project delivered on time, within your budget, and meeting your expectations.
Why Having a Brief is Crucial
There are some potential pitfalls to be aware of that could create challenges for you if you don’t create a thorough brief.
Unfortunately, some agencies will be willing to work with you without a detailed brief, glossing over important details and keeping the expectations and requirements vague. This is a red flag to look out for, as it will likely result in one of several outcomes:
A brief is what gives you and the agency a mutual understanding of the work that needs to be done to successfully deliver the project. Without that specificity, you might end up disappointed. That’s why it’s always wise to put some time and effort in up front before taking your idea to an agency.
Once you submit your brief, you may be invited to participate in a follow-up session to further explore the requirements you’ve listed. This is perfectly normal, and actually a good sign. Experienced agencies will want to talk through each of the elements of your brief with you to help determine the best possible way to deliver those in the project.
How to Create Your Brief
When you begin to discuss and plan the requirements of your project between your team, we recommend thinking carefully about the following points.
Please note: There are a lot of things that could go into a project brief, depending on how complex your requirements are, so we won’t include everything here in this article.
The Project’s Purpose and Goals
Start by thinking about what the purpose of the project is. There’s no use speaking to an agency until you have a clear, specific understanding of exactly what you’re trying to achieve with this project. This should relate to your strategic business objectives, but it should also be designed to meet the needs of your end-users.
Ask yourself how this will allow you to improve your end-users’ experience or solve a problem for them. Answering this might involve working on user personas or developing user stories, or potentially even working directly with some members of your target audience to gather their input.
Project Timelines and Deadlines
Timing is another important point to think about, particularly how much time you have to deliver the project. Deadlines can sometimes relate to certain dates that are out of your control, so it’s better to start as early as possible in those cases. If there’s any flexibility with the timeline for delivery, make a note of that as well.
Project Stakeholders
Make a list of all the stakeholders involved. This is a good thing for the agency to be aware of early on, because the project becomes more complex with a higher number of stakeholders.
Depending on the size of your business, and the nature of your site, your project team will usually be some combination of: A marketing director or marketing manager, someone from your operations department, and someone from IT.
However, if you also have people like someone from your IT team responsible for security, a content writer to provide all the written text, or any external consultants, that should be made clear in advance. If your site will need to integrate with other platforms, such as your CRM system, you may have an integration manager specifically in charge of overseeing that as well.
It’s useful to designate roles to certain stakeholders, such as project sponsors, product owners, administrators, and so on. This will help you understand who’s responsible for different aspects of the project internally.
If you plan to work with external agencies for things like SEO or branding, it’s important to note that in your brief. This is necessary for the development agency to be aware of as early as possible, because collaborating with other third-parties at different stages of the project requires a lot of coordination.
Certain processes may also have to run differently if other third-party agencies want to be more hands-on or handle some parts of the site themselves. The earlier this is made clear, the more smoothly the project will run.
Technology Preferences
If you have any preference of technology platform or any requirements related to your existing tech stack, that will be something you’ll need to decide early on. For example, would you prefer to use WordPress due to its scalability, or do you have any existing investment in any other platforms?
Think about any preference you have for the various technology choices available, why they’re important to you, and whether your agency will have to tailor their approach to accommodate that.
If you need help understanding and evaluating your options for technology platforms, check out our helpful guide here.
Budget
Try to determine a minimum and maximum budget for your project, even if it’s just a loose range for now. It will help you evaluate agencies, and will also help you prioritise the various aspects of the project as “must have” or “nice to have” in many cases.
Design Look and Feel
This is where your company’s brand comes into play. You’ll want your site to reflect your brand and that will come through in the design. Bring any brand guidelines to the table, and think about what sort of tone or experience you want to convey to your end-users.
If you don’t have any recent brand guidelines and want help updating them, or need to go through a rebranding process, mention that in your brief as well. Design and development agencies will often be able to help you in these areas too, or at least refer you to a trusted partner who can.
User Interface (UI)
How your end-users will interact with your site, and what kind of experience they’ll have, is largely determined by the user interface. When it comes to design and UI, simplicity is usually the best approach. However, depending on the function you’re providing, you might have some specific or bespoke UI requirements.
Consider your target audience carefully here as well. For example, if most of your users will be accessing your site from a mobile device, it’s probably wise to opt for a mobile-first design.
Some other important things to think about here include how you’d like your sitemap to be structured, especially if you have an existing site that you’re already happy with.
If your project will involve rebuilding or migrating an existing site or platform, it will be helpful to gather any existing data sources, such as Google Analytics, that will provide insight into your current site.
Non-Functional Requirements
Non-functional requirements are all the aspects of your site that happen behind the scenes. These are things that allow your site to do its job properly for your end-users, but won’t be evident to those people while they’re using it.
There’s a lot of things to consider with non-functional requirements, so we won’t cover everything here.
Hosting
If you have any specific hosting requirements, such as a preference for a certain cloud-based platform, or a particularly secure data centre, those will be important to identify as early as possible.
Say, for instance, that sustainability is a core value for your business, this could also have an influence on how and where your hosting is managed.
If you have an internal IT team that will be contributing towards the hosting decision, make sure you involve them in the discussion.
Security and Compliance
Security is a growing concern for all businesses today. It’s crucial to think about security as a core component of any web development project, to minimise any potential risks for your business.
If you have someone in your team responsible for security, they should begin to think about issues such as:
Robust security also involves keeping compliant with any specific security or industry regulations that may affect your business. Of course, compliance with things like GDPR should be planned for at this stage too.
Some other common non-functional requirements include things like session management capabilities to track and things like log-in time, session length, pages visited, and so on. Search engine optimisation (SEO) tools, analytics, or other capabilities might need to be built into your site as well.
Accessibility, Usability, and Responsive Design
When it comes to aspects that will make your users’ experience as seamless as possible, such as accessibility, a good agency will ensure all these things are taken care of for you. This is also the case for ensuring all major web browsers, operating systems, and devices are fully supported and compatible. Development should always be compliant with industry standards, taking into account optimum accessibility and usability.
However, if you have any additional or bespoke requirements for any of these things, those will be useful to note early on.
Functional Requirements
The term ‘functional requirements’ refers to everything that your site will be able to do for its users, in terms of its features, functionality, and capabilities.
As mentioned earlier, one of the first things you discussed was what the site will help your end-users achieve. From the perspective of building something your target audience can use, you should start to get a feel for what functionality is required to ensure they can achieve that.
Features
Your features are the things your site will allow your users to do. These can be very simple, or very sophisticated, depending on what you’re aiming to provide for them.
When putting your brief together, think of any and all features and functionality that might benefit your users. Your agency will then work with you to explore these and find the best way to turn that into intuitive, user-friendly features for you.
What to Do Next
Once your team has been through the process of talking through all the points listed above, you should have a very thorough, useful brief to work with. The next step is to take that brief to any introductory meetings you have with agencies and ask them what they think of the project initially.
It’s normal for an agency to ask lots of questions at that stage and really dive into the ‘WHY’ behind all the things you’ve put into your brief. A good agency will even challenge you on certain decisions, to help you determine the best possible way to build what you need.
Once you’ve discussed your brief with an agency, determine which one feels like the best fit. Choosing the right agency is crucial, as it will have a huge influence on whether or not your project is successful.
As mentioned earlier, some agencies will agree to launch into a project without a brief, and that can be extremely problematic. While the main purpose of a brief is to help you and your agency understand exactly what you need, it should also be used as a way to spot partners who may not be sufficiently thorough or conscientious.
Whichever agency you choose, a detailed brief will help you ensure you’re given a fair quote, realistic timelines for completion, and a finished product that meets your requirements and expectations.
More Helpful Resources
If you’re considering a bespoke development project, our related article provides useful guidance to help you choose the right technology platform for your specific needs:
Understanding and Evaluating Enterprise Options for Bespoke Web Development
Would you like these insights straight to your mailbox?
Latest from agency
24 November, 2022
SoBold obtain Skilled Worker Sponsorship Licence
SoBold are delighted to announce that we have obtained a sponsor licence in order to sponsor international skilled workers to come and work at SoBold.
SoBold have always put heavy emphasis on hiring the best global talent for our needs, and we have strengthened our ability to do this by obtaining a Skilled Worker Sponsorship Licence.
With all sponsorship licences that the Home Offices grants they need to be reassured that the sponsors can live up to the “significant trust” that the department places in them. The Home Office further made checks that SoBold is a “honest, dependable and reliable” workplace, and capable of meeting the responsibilities that it expects from sponsors.
Since being granted our Skiller Worker Licence, we have been fortunate enough to put it to use to hire two new team members.
Anna de Moraes, joined SoBold, from Portuguese company, SpringParrot. Anna had been able to work remotely, and was living and working from the UK, when she got in touch with SoBold. Anna, who is natively from Brazil, said of the process:
“The steps were pretty clear and the whole process was quite simple. I’ve had friends waiting years for their visas to be approved while we were able to complete everything in a short period of time! I was already excited to start and, in a blink of an eye, I was finally part of the SoBold team!”
More recently, SoBold hired Santosh Gajera as a Back End WordPress Developer. Santosh has relocated from India in order to provide his services to SoBold. When asked about the process behind him getting his Skilled Worker VISA granted, Santosh said:
“To keep my IT career moving forward, I needed sponsorship from an organisation that sponsored my visa. SoBold has been an invaluable help in obtaining my Tier-2 (Skilled worker) visa. I am very thankful to their hard work and professionalism. My documents were handled very scrupulously by them, and they provided full support throughout the whole application process . I got my visa approved in two days, which is amazing, and they handled everything for me.”
SoBold worked with all-in-one digital platform, Nation Better in order to achieve our sponsorship licence and the process was streamlined, affordable and transparent.
SoBold already have a diverse talent pool, with staff from all over Europe, and with the help of Nation Better, we have been able to improve the way in which we hire international talent and open up opportunities further afield. We look forward to continue growing our team with exceptional overseas talent and have access to a wider talent pool.
SoBold Managing Director, Will Newland said:
We are absolutely delighted to welcome both Anna and Santosh to the SoBold team. Without our Sponsorship Licence we would be missing out on a large pool of talent that is the future of our business. We very much look forward to continuing to use our Sponsorship Licence to our advantage and giving skilled employees the opportunity to come and work here at SoBold.
For more information on what current vacancies we have, please visit our website careers page.
Would you like these insights straight to your mailbox?
UX Design
11 July, 2022
Speak our language: UX/UI Glossary
For designers, it’s almost an impossible task to effectively deliver a project without understanding the joint language of design. This terminology and jargon can often get thrown around in meetings, although it’s good practice to read the room and speak a mutual language it’s good to get a little insight. Below is a glossary of essential UX/UI terms grouped into topics.
General terms
Accessibility
A measure of a web pages usability for a range of people, including people with disabilities.
Design system
A document that houses design components and styles to use across a website or product, ensuring consistency.
Design thinking
The process of creating and executing strategic ideas that solve problems.
Flat design
A form of design that focuses on minimalism using 2D elements and strong colours.
Human-centred design
An approach that finds solutions with a human perspective in every step of the design process.
Information architecture
Or otherwise known as a sitemap, is the structural design of information.
Landing page
A stand-alone page that a person lands on after clicking from a digital location.
Onboarding
A flow that guides the user through a set of instructions such as choosing preferences, product usage and UI elements.
Responsive design
A design and usability process that adjusts content based on the device screen size.
UI Design
This determines how an interface will look and guide the user on how to interact with a product such a colour choices and layout.
Usability
The quality of the start-to-end user experience.
UX Design
The process of determining how a digital product should work based on relevant user research and best practices.
Acronyms
CTA (Call to action)
A graphical component that guides the user through the main flow and encourages them to take a specific action. Normally it will be the element that stands out most on a page.
CWV (core web vitals)
Are three metrics that score a user experience loading a page, those are: how quickly content loads, how quickly a browser loads the webpage and how unstable the content is as it loads.
GA (Google Analytics)
A web analytics service offered by Google that tracks and reports web traffic.
KPI (Key performance indicators)
A Performance measurement approach based on certain metrics over a certain time period.
MVP (minimum viable product)
A version of a product that is released with just enough features that deliver on the initial user needs to then improve and develop further.
PM (Project manager)
A person that leads a team in order to achieve all the project goals in a set of timelines.
SVG (Scalable Vector Graphic)
A two-dimensional vector-based graphical element that is scalable and widely supported across the web.
SWOT (strengths, weaknesses, opportunities and threats)
A marketing tool that identities assess your business and analyse your competitors.
Design Process
A/B testing
A UX method that involves showing two versions of a specific page or product to see which one works better.
Card sorting
A technique that can be used by both UX designers and users that help determine the information architecture of the product based on logical ordering.
Cluster mapping
In other words, an affinity diagram is for sorting UX user findings into organised sets to lay down the foundations for desirable features.
Competitor analysis
A research method that shows strategic insights into a competitor’s features, functions and even visual positioning.
Eyetracking
A study that allows researchers to evaluate the movements of a particular user when they are using a product.
Focus group
Typically a researcher will talk to a group of people to find out opinions and generate ideas on the product or service.
F shaped pattern
Is a layout designed to guide the user’s eye to specific information based on human behaviour.
Mockup
A visual representation of a product in an environment could be a concept or the finished product.
Moodboard/style scape
Is a collection of visual inspiration gathered from an initial concept to visually communicate an idea.
Prototype
Is an early version of a product that is simplified to test main user journeys and functionalities.
Sketch
There will always be a place for pen and paper. At this stage in the prototyping process, a researcher can quickly come up with design solutions and compare them to determine the best one.
Storyboard
A visual way of communicating the user journey.
Usability testing
An approach that is done typically throughout the whole design process, ensuring that the product has ease of use and matches the user’s requirements.
User flows
A flow that represents a users task from an entry point to a desirable end one.
User interview
A one-on-one chat that can gather information for a user persona and insight on their behavioural habits on a product and or service.
User journey
Like the user flow, a user journey is a route that maps out their journey from beginning to end, the difference is that a journey includes emotions and behavioural choices.
User Stories
A narrative-based resource that sums up the patterns of how they interact with the product, focusing on motivations and frustrations.
Wireframes
A low-fidelity design that focuses just on structure and layout without clouding the mind with visuals. Its purpose is to ensure the interaction between user and interface is solid.
Design elements
Breadcrumbs
A layered component that allows users to navigate through multi-level pages.
Contrast Colour
Ensuring there is enough visibility between two colours to the layer or text is legible and ideally meets WCAG standards.
Grid
Is a layout system with rows and columns, making it easier for designers and developers, also for making clean and symmetrical interfaces for users.
Layout
The order of certain content such as text and images are laid out on a page.
Navigation
An organised hierarchy of information allows the user to find the information they are looking for.
Typography
Typeface or Font. there is a difference. A Font is a weight or variation of a typeface and typography is the arrangement of those styles to ensure it’s legible and appealing.
White space
Or negative space is the strategic positioning of elements on a page so they have room to breathe and for people to absorb content.
Widget
A self-contained design component that has certain functionality.
Would you like these insights straight to your mailbox?
Announcement
31 January, 2023
SoBold launches bespoke online platform that is considered a “game-changer” for global financial services firm
SoBold, the High-Performance WordPress design and development agency, has delivered an industry-first portal for Rede Partners, a private equity fundraising advisory firm that provides fundraising services to PE funds across Europe, North America and the APAC region.
This bespoke portal, built on the WordPress platform, allows institutional investors to navigate upcoming funds advised by the placement agent.
Rede approached SoBold wanting to create a better user experience and improve fundraising outcomes for its customers. Rede wanted to achieve this by replacing its ‘Current Fund Offering’ mailout and PDF with an interactive, personalised, and secure online portal. Rede and SoBold worked in close collaboration to devise a simple, bespoke solution capable of delivering on a complex set of requirements, and that online portal soon became RedeWire.
RedeWire was fully integrated with Rede’s CRM system, Dealcloud, passing back data on user interactions and page views, allowing the team to follow up with interested clients.
RedeWire has been built fully personalisable for users, meaning that limited Partners are able to set all their preferences on first login, and through their account, allowing them to tailor the funds they see on their fund offering dashboard.
As part of the RedeWire platform, SoBold also designed and developed a bespoke front-end editing and approval interface to digitalise their offline fund approval process. This process has enabled Rede Partners and their clients to send out live previews of how a fund will appear on RedeWire, gather real-time comments, or make fully audited edits to a page’s content before submitting it for approval and publication on the RedeWire portal.
RedeWire has now launched to Rede’s full customer base and initial feedback has been overwhelmingly positive. The platform has already seen a high number of account activations and interactions within its first full week of use.
SoBold and Rede will continue to work together to develop RedeWire’s capabilities further and improve the portal’s user experience. SoBold will provide ongoing support to manage the platform and deliver enhancements on a monthly basis.
You can read more on our working relationship with Rede Partners here.
Gabrielle Joseph, Head of Due Diligence and Client Development for Rede Partners said,
“The SoBold team has been a real pleasure to work with and has successfully made our vision a reality. Originally conceived as a game-changer within our industry, we are thrilled with the outcome of RedeWire and have had several clients highlight how intuitive and easy-to-use the platform is.”
“Throughout the project, SoBold clearly understood our vision and provided thoughtful solutions to our needs. Choosing to partner with this team was one of the best decisions we’ve made, and we couldn’t be happier. We look forward to continuing to work with the team as the site evolves.”
Will Newland, Managing Director, SoBold said,
“We’re delighted to see such high early adoption of the new platform. The user feedback has been excellent so far, and this is the first of its kind in the private equity space, creating a personalised experience. We’re continuing to roll out enhancements on a monthly basis and can’t wait to grow the platform further.”