The Quickest Way to Find the Right (and Safest) CMS


Content Management System

Before shopping for a content management system (CMS), credit unions need to decide several things: how much of a budget they have allocated, what kinds of functionality are needed, how the system will integrate with their existing third-party tools, whether the CMS comes with support for compliance with the Americans with Disabilities Act (ADA), and what levels of security it offers against hackers.

The quickest way to rule out the bad-fits and find the this-could-be-a-good-fits amongst CMS options is to create a checklist that tackles the following:

  • Cost – Not only the upfront cost, but what ongoing costs does the CMS have?
    • The costs for content management systems can vary wildly, depending on whether an organization is using open-source or closed-source systems, whether the credit union is directly managing the system with in-house staff or relying on a third-party, etc. Credit unions need to balance affordability with security and reliability.
  • Scalability – Can the CMS grow with your credit union?
    • Is the CMS scalable? Many content management systems are customizable and can be upgraded to serve the credit union as it grows. However, scalability options can differ between different systems, especially with proprietary systems.
  • Support – How reliable is the support for the CMS?
    • Not all credit unions can afford the training or staff needed to completely manage their websites, so some degree of support may be needed for the CMS. What is the provider’s reputation for support, and how timely is it?
  • Integration – Does it mesh with your current third-party applications?
    • How easy or difficult would it be for the CMS to work alongside your current third-party applications, such as calculators, mobile applications, real-time chat services, etc.?
  • Compliance – Is the CMS ADA compliant?
    • Some CMSs are designed specifically for financial institutions and understand and comply with the correct regulations, such as disclosures and notices, as defined by NCUA rules and ADA-related compliance as it relates to WCAG 2.0 or newer. Purpose-built systems have pre-built functionality to make compliance easier, while adopting an open-source CMS may require a credit union to seek additional vendors.


This is so important, it deserves its own section!

Above all else, financial institutions need to ensure the security of their websites, which is one reason why many opt for a closed-source, proprietary CMS as opposed to open-source.

Open-source code’s greatest upside—being open to the public—is also its greatest downside. There are thousands of developers working with open-source CMSs—and many hackers as well. Open-source developers need to constantly stay ahead of cybercriminals when it comes to detecting and fixing flaws in the system, as weak points can be quickly found and spread through word-of-mouth. Outdated plugins and modules are especially vulnerable to malicious activity. According to WordPress security firm WordFence, more than 50 percent of security breaches on WordPress occurred due to a compromised plugin.

Content Management Security

What security factors should a credit union keep an eye on?

  • Secure hosting
    • Having secure hosting is a basic cybersecurity requirement and one that credit unions need regardless of what CMS they are using. Banks and credit unions are required to meet SSAE 16 standards for their web hosting. For many financial institutions, hosting transactional systems such as online banking may require dedicated servers.
    • Specifically, credit unions need to consider a solid, granular, modular hosting environment.
  • Solid passwords and multi-factor authentication
    • According to WordFence, the second biggest factor for security breaches is brute force, or computer-aided password cracking. Credit unions can mitigate dangers from this by increasing their password security and having multi-factor authentication — the practice of requiring two or more pieces of identification before users can access the CMS or website.
  • Keeping the CMS updated
    • Keeping the CMS itself up-to-date is very important in combating the latest batch of security breaches. Many closed-source systems will update automatically, as ongoing support is typically one of the big selling points of a proprietary system.
  • Use safe plugins or modules
    • Outdated plugins are a major security threat and should always either be updated to the latest version or removed entirely.
  • SSL encryption
    • SSL certificates not only ensure that the connection between the member’s browser and the credit union’s server is secure, but can also positively benefit your website, giving users peace of mind and even providing SEO benefits.
  • Backups are vital
    • The common advice to “back up your work” also applies to your website as well. While many content management systems have options for creating backup version of a website, credit unions should keep an off-system backup as well.

Credit unions looking to bring content management in-house should assign a role to familiarize themselves with the system. Additionally, IT should be aware of any new risks a new CMS may present over their previous system. But overall, thanks to increasingly user-friendly CMSs, credit unions of any size can effectively manage their own online content, whether they have a large, specialized marketing department or just a team of one.

« Return to "CUSG Blog Corner"