Are you concerned that someone might steal your data and information or your customers? What would the effect on your business be if your servers were breached and customers usernames and passwords were stolen? You might be shocked by this but a recent survey by The Hartford finds that up to 85 percent of small business owners believe a data breach is unlikely.
More importantly, many online business’ are not implementing simple security measures to help protect their customers or employee data. First, let’s take a look at business owners surveyed as it relates to their adoption of some key “risk reduction” best practices that would help reduce their business’ risk of a breach:
1. Lock and secure sensitive customer, patient or employee data - 48 percent
2. Restrict employee access to sensitive data - 79 percent
3. Shred and securely dispose of customer, patient or employee data - 53 percent
4. Use password protection and data encryption - 48 percent
6. Update systems and software on a regular basis - 47 percent
7. Use firewalls to control access and lock-out hackers - 48 percent
8. Ensure that remote access to their company’s network is secure - 41 percent
A key note to this survey is that the data showed that nearly two-thirds of business owners (61 percent) believe a data breach violates trust and would jeopardize their relationships with customers, patients and employees and more than one third (38 percent) say that they would have a more negative opinion of company that has recently experienced a breach.
How To Protect Yourself
One of the many ways that people can work to address this issue is to work with a qualified vendor or expert in the field of security to verify the steps that they could take to protect their data. For example, here at Canadian Web Hosting, we offer and integrate various service offerings to protect our customers servers and continually work with them to ensure that servers are hardened based on industry best practices and each server is protected with a full suite of services that no single small business could afford to maintain on their own. We like to call this our Unified Security Services and it is a combination of hardware security devices, software modules and people expertise that help keep our customers and our network secure. As an example, Canadian Web Hosting utilizes a range of industry leading solutions including Tipping Point Intrusion Prevention devices that protect customers through inbound/outbound content inspection. A key aspect to our security service offerings is our SSAE16 Type II SOC 1 certification. The reason for this is that it verifies through an outside audit, that our tools and security mechanisms that are in place are used to industry standards and have been tested by an outside expert. It also verifies that we (Canadian Web Hosting) have the controls and system mechanisms in place to safeguard your data and more importantly can design solutions to meet corporate governance requirements for even the most strict business entity. We will have a blog outlining our Unified Security Services in the next few weeks.
It is important to point out some of the basic things that each of you can do to maintain your server, otherwise you can have the best security on the market but your server will remain vulnerable until you get hacked. In looking at some recent customer “hacking” issues, the single biggest weakness that most people have is keeping your server and software up to date (see list above, less than 50% of respondents are doing this today). A great example is the leading blog software, WordPress. With WordPress, we continue to see an increase in the amount of “hacked” WordPress installations. One of the most significant causes of this is customers using outdated theme files, or outdated applications where existing security holes exist. I saw a great post on Serverfault.com related to this and their ability to avoid future attacks by simply keeping their tools up to date.
“Most of these attacks are carried out by automated scripts that look for known vulnerabilities in older wordpress systems. Since anyone can look at bug reports and changelogs, it's not too difficult to engineer a script to exploit a weakness. Your best defense is to always have your wordpress version AND your themes/plugins up to date.
I used to have this problem with a few of my defunct blogs, but keeping them constantly updated fixed it.
Do a grep on your existing blogs and look for any iframes or eval method calls in your WP directory. Also check the DB. Once it's all clean, update your WP version and themes/plugins and keep it updated. Next login to Google webmaster and, if you haven't already, prove ownership and ask for a review of your site. The warning should go away after awhile.”
You should always make sure that all of your themes, plugins, and add-ons are up to date. Whether it is WordPress, Windows or Linux distribution, everyone needs to make sure their files are up-to-date. If you are a Canadian Web Hosting customers and would like assistance in getting your site up-to-date, you can contact our support team at firstname.lastname@example.org or by phone at 877-871-7888.