Win this fight!
…with secure web hosting
Did you know that over 200 Jamaican websites have been hacked over the past 10 years?1 That’s not a lot you say. Certainly nothing when compared to 10 terabytes of personal information stolen from Sony Pictures servers last November. Or the breach of the USA State Department’s website which resulted in the White House email security system being compromised during the same week as President Barack Obama’s recent visit to Jamaica. What’s common to all of these incidents is that adequate protection was not in place for all of these sites; and thankfully all of these entities have now taken steps to prevent any further intrusion.
But what about your business? It could just as easily have been your online business that was compromised. Have you taken measures to secure your online business?
Hosting Service – You Get What You Pay for
Have you ever wondered why one hosting provider is several times more expensive than another? As the saying goes …”you get what you pay for”. The cheaper service is comparable to you parking your brand new Mercedes Benz C Class Coupe in the middle of a huge open lot, along with several thousand other cars,… with the keys left in the door and only one security patrol.
As an entrepreneur, you wouldn’t take that kind of risk with your business – cheaper is not always better. Your online business is a global extension of your brand and an important communication (and transaction) channel to your customers and prospects, so it must be protected to preserve the integrity and legitimacy of your business. It is money well spent to acquire the secure web hosting services from a provider that has the requisite security infrastructure and policies in place to prevent known and emerging cyber-attacks on your business.
Here are 5 security measures that at a minimum, your hosting provider should be offering you:
- Malware detection & filtering
- Application Security Services
- Backup and Recovery Services
- Vulnerability assessment
- 24/7 monitoring
Malware detection for immediate notification
Malware detection technology scans your website for thousands of threats. Each scan checks all pages of the website for known viruses and web malware threats to see if hackers have injected malicious code. With this feature, there is an extra layer of security of knowing that you will be notified the minute something goes wrong.
Blacklisted – This is one list you don’t want to be on
Thousands of websites are blacklisted daily by Google, Microsoft, Yahoo, and others because hackers have injected malware on their websites. Apart from being hacked, the last thing you want happening to your website is for it to be blacklisted. When your website is blacklisted, not only is the site blocked, but it suffers the public embarrassment of having a “Reported Attack Site” message plastered across the page. The immeasurable cost being the reputational damage to your brand.
Application Security Services
While Intrusion Detection Systems (IDS) and general-purpose network firewalls are important services in securing the web hosting infrastructure, they are poorly suited to protecting the application (software) layer which supports and delivers your online business. This will include but is not limited to the web server, content management system and custom software written by your development team.
In order to detect application misuse and fraud, a service must understand the dialogue between the application and the end user. Web Application Firewalls (WAFs) were designed for this need, and they ‘understand’ application protocols so they can identify when your online business application is under attack.
In addition, The Payment Card Industry’s Data Security Standard (PCI-DSS) prescribes WAF as an appropriate protection for applications that process credit card data. In relation to secure code development, WAF has simply been the fastest and most cost-effective way to satisfy the PCI-DSS standard.
So ask your current hosting provider today about its layers of security and how it is currently protecting your online business.
Backup and Recovery Services
Backups are a necessary part of any security and continuity plan. There are two main situations in which backups could play a key role: firstly in the case of an equipment failure at the hosting provider and secondly in the case of a malicious or accidental compromise of your online business. Knowing whether your data is backed up, how your data is backed up and how long it will take to restore, and any associated costs to restore, allows you to understand the impact of an incident.
As your online business can be compromised in several ways, it is important that Backups should cover restoring your online business to a non-compromised state which may include database recovery as well as restoring the files in your web folders.
Prevention is always better than a cure. Vulnerability Assessment will inform you of the level of vulnerability of your website. For example, it will identify old software components that need to be updated or patched. A hosting provider who offers an annual security scan or none at all isn’t living in a world where thousands of sites are compromised every day.
Proactive 24/7 monitoring is the only way
The truth is, the only way to maintain security is to be proactive 24/7. Technology is released today, and in six months it may be old and vulnerable. Plus, with today’s level of cybercrime activity, it is simply not possible for you to effectively handle your web security on your own. Companies in the know, opt to minimise business risk and outsource this vital and non-core service.
Info Exchange’s WebSECURE hosting service is one such option open to your business. WebSECURE will give you peace of mind. Contact Info Exchange Limited at email@example.com to find out more.
1 The Gleaner, “Easy targets – Scores of government websites open to hackers”, June 29, 2014