Canadians know that we have much stricter online privacy laws than most of our counterparts around the world and with that said, as a company, Canadian Web Hosting, always follows and keeps track of stories that breach our Canadians laws. Why? Because Canadian people and Canadians businesses care very much about where their own data are stored which is right here on Canadian soil. Both of our data centres are located in Vancouver, BC, and Toronto, ON and as you can imagine, we pride ourselves in protecting our customers' data very seriously. Your online data.
Now, if you are the kind of user who enjoys apps and texting, you are probably familiar with WhatsApp Messenger, a cross-platform mobile messaging app which allows you to exchange messages without having to pay for SMS since the app uses your data plan instead of your texting plan. The app is readily available for iPhone, BlackBerry, Android, Windows Phone and Nokia.
A few days ago, the media reported that privacy commissioner Jennifer Stoddart said that the mobile chat app WhatsApp violated Canadian privacy law and needed to be updated to comply with all her concerns. The article states:
Investigators found messages were being transmitted unencrypted, which left them vulnerable to being intercepted by hackers, particularly on public WiFi hotspots. The company did begin encrypting messages in September in response to the privacy agencies. But Stoddart says WhatsApp still has work to do to resolve all its identified issues. She was unhappy that users were not getting adequate disclosure about how their status messages could be seen by people not on their contact list. The company says it will address the complaint in a new release expected in the fall.
If you're a heavy app user, you might want to think twice about the purpose of the apps that you are using and how one company is utilizing your personal contact information. We often blog about privacy and you can keep up by following our "privacy" tag. Recently, we wrote about data centre physical security, our deployment of SecureIT Botnet and Malware Prevention, and the roles of StopTheHacker and prevention.
If you're looking for additional information on this topic, you may email us at email@example.com, or call us at 1-877-871-7888. You may also contact us through social media on Twitter at @cawebhosting, through our Facebook Page or leave us a comment below.Felice Lam Online Community Manager Canadian Web Hosting
In today's ever-growing regulatory compliance landscape, companies and organizations are continually looking for alternatives to reduce expensive in-house IT hosting but continually run into the problem of meeting corporate governance and compliance requirements. What’s more, these companies are seeking to use services from companies like Canadian Web Hosting who can provide assurances that a strong control environment is in place, complete with data centre and physical security best practices.
The focus of this article is to take a deeper look at an equally important aspect of web hosting and that is looking at the facility that the servers are actually hosted in and outlining integral best practices that allow you to meet your governance needs and ensure that the servers are hosted in an environment that provides limited access and ensures physical protection. Because of this, Canadian Web Hosting’s best practices for physical and data centre security, which are tested by an independent CPA firm for SSAE16 (formerly SAS70) audit compliance, are implemented throughout all areas of a data centre, rather than being segmented to cover only specific areas and include both data centre facilities located in Vancouver, BC and Toronto, ON.
Why is it important to look for the SSAE16 auditing standard? Since 1992, SSAE 16 and SAS70 have been, and will continue to be, one of the most effective and well-recognized compliance audits for testing and reporting on controls in place at data centres.
So, how does physical security actually benefit the end user? Let’s take a deeper look at what types of best practices and physical security features each of our data centres has. It is important to note that these processes are the same regardless of location.
Built and Constructed for Ensuring Physical Protection
The exterior perimeter walls, doors, and windows are constructed of materials that provide Underwriters Laboratories Inc. (UL) rated ballistic protection.
Protection of the Physical Grounds
The data centre has physical elements in place that serve as a physical protection barrier that protect the facility from intruders.
Bullet Resistant Glass
Certain areas within the data centre, such as the lobby area and other entrance mechanisms, are protected by bullet proof or bullet resistant glass.
Security Systems and 24x7 Backup Power
The data centre's security systems are functioning at all times, complete with uninterruptible power supply (UPS) for ensuring its continuous operation.
Cages, Cabinets and Vaults
The physical structures which house equipment must be properly installed with no loose or moving components, ultimately ensuring their overall strength and rigidity.
Each data centre has a man trap that allows for secure access to the data centre "floor".
Electronic Access Control Systems (ACS)
Access to all entry points into and within the data centre are protected by electronic access control mechanisms which allow only authorized individuals to enter the facility. Included within the framework of electronic access control should also be biometric safeguards, such as palm readers, iris recognition, and fingerprint readers.
Any individual requesting access to the data centre are enrolled in a structured and documented provisioning process for ensuring the integrity of the person entering the facility.
Any data centre personnel or clients utilizing the facility services must be immediately removed from systems that have allowed access to the facility itself. This includes all electronic access control mechanism along with removal of all systems, databases, Web portals, or any other type of sign-in mechanism that requires authentication and authorization activities.
All visitors must be properly identified with a current, valid form of identification and must be given a temporary facility badge allowing access to certain areas within the data centre. This process must also be documented in a ticketing system.
All exterior doors and sensitive areas within the facility must be hard wired with alarms.
Each Canadian data centre facility has a mixture of security cameras in place throughout all critical areas, both inside and out, of the data centre. This includes the following cameras: Fixed and pan, tilt, and zoom (PTZ) cameras.
"Threat Conditions Policy"
Each Canadian data centre location has a "threat conditions policy" in place whereby employees and customers are made aware of changes in the threat level.
Badge and Equipment Checks
Periodic checks are done on employees to verify badge access and equipment ownership.
Local Law Enforcement Agencies
Canadian Web Hosting Management has documented contact information for all local law enforcement officials in the case of an emergency.
A third-party contractor is utilized for shredding documents on-site, then removing them from the facility, all in a documented fashion, complete with sign-off each time shredding is done.
Data Centre Security Staff
These individuals must perform a host of duties on a daily basis, such as monitor intrusion security alarm systems; dispatch mobile security officers to emergencies; monitoring to prevent unauthorized access, such as tailgating; assist all individuals who have authorized access to enter the data centre; controlling access to the data centre by confirming identity; issue and retrieve access badges; respond to telephone and radio communications.
Additionally, they should also conduct the following activities:
Response and resolution to security alarms; assistance for cage lockouts and escorts; scheduled and unscheduled security inspections; enforcement of no food or drinks on the raised floor area; Enforcement of no unauthorized photography policy; fire and safety patrol inspections.
Physical Security Features
Specific to each location, Canadian Web Hosting also utilizes several additional security processes that enhance the above best practices. This includes, but is not limited to, the following:
• Access to sensitive areas within the data centre is controlled with an electromagnetic badge and/or biometric access system that is maintained, administered and controlled by physical security or operations personnel
• Visitors must be pre-scheduled seventy-two (72) hours in advance and present a valid photo ID or and be pre-authorized to gain admittance to data centre facilities
• To gain access to secured raised floor area, visitors (and documented employee) must sign in and be escorted by authorized data centre personnel
• Monitored through surveillance cameras, CCTV and regular patrols by security and operations personnel 24 hours per day, seven days per week
• Areas housing critical IT infrastructure are protected by a two-door access control system
• Management maintains documented security policies and procedures to guide employees’ activities for controlling and monitoring physical access to and within the facility
• Digital surveillance cameras monitor and record physical access to and within the facility
• Video backups of surveillance activity for a minimum of 30 days
• A dual challenged badge access system that requires an access card and personal identification number (PIN) is used to control access and movement within the facility. This system logs facility access and is available for review purposes.
• Biometric fingerprint scanning is used to control access to the data centre, telecom and power rooms
• Combination or key locks and biometric scanners must be used to access server/network equipment
If you're looking for additional information on this topic, you may email us at firstname.lastname@example.org, call us at 1-877-871-7888, or contact us through social media on Twitter at @cawebhosting or through our Facebook Page. You could also leave us a comment below.
Canadian Web Hosting Deploys Secure IT Botnet and Malware Prevention Across its Entire Network in Canada
Canadian Web Hosting has deployed Secure IT to increase network security that further protects business IT infrastructure for Canadian Web Hosting customers.
Vancouver, British Columbia, October 30, 2012
Canadian Web Hosting, the leading IT services and web hosting solutions, VPS, VM and cloud hosting services, announced today the deployment of Secure IT Botnet and Malware Prevention across its entire network. Secure IT is a combination of industry-leading technologies and partnerships that have been combined to create an advanced Defense Network layer that protects and monitors botnets and a website’s IP reputation to protect users and networks from possible malware attacks. Canadian Web Hosting customers utilizing this service will immediately benefit by eliminating attempts at data theft, reducing detrimental network activity, decrease spam to their inbox, and improve overall server and network performance. More importantly, Secure IT ensures that business infrastructure and IPs are protected and helps business customers remain competitive by improving productivity, and avoiding possible reputational damage.
The Botnet Defense and anti-malware technologies work by enabling Canadian Web Hosting’s network-based firewalls to block both inbound and outbound traffic by tracking, updating, reporting, and delivering malicious activities to the firewall gateway to enforce pre-determined security policies. The technology automatically stops any incoming or outgoing traffic including those coming from malware sites, and makes the host server invisible to the remote user.
"Over the next five years, the number of Web sites on the Internet will grow to almost five to seven times today's number, and more and more of those sites will become targets by inappropriate or outright malicious attacks," said Kevin Liang, Canadian Web Hosting CTO. "With these new technologies, we are providing a streamlined security platform that allows us to create custom white and black lists, lists for inbound and outbound blocking, as well as focusing on geographical regions or malware types. In doing so, we are able to remove a significant amount of malware for our customers. By giving our customers Secure IT, their content, systems, and reputation values will be protected from malicious attacks."
Today, botnets, spear-phishing, and related malware among the greatest network security risks. These malicious activities are designed to steal valuable data and control user machines and can cause great financial, competitive and reputational damage. Industry surveys show that botnet infection is near 100% for organizations of all sizes. For just a few dollars a month, Canadian Web Hosting customers can add the new defense layer to their plans and feel reassured that their IP, their business and their investment are secure. Contact Canadian Web Hosting today at 888-821-7888 or by email at email@example.com to find out how to get Secure IT Botnet and Malware Prevention today.
About CANADIAN WEB HOSTING Hosting
Since 1998, Canadian Web Hosting has been providing a 100% all Canadian service that delivers on-demand hosting solutions including Shared hosting, Virtual Private Servers (VPS), Cloud Hosting, Dedicated Servers, and IT as a Service for Canadian companies of all sizes. Through the use of innovative technologies and experienced support personnel, they continually focus on helping each customer by offering configurable solutions that are tailored to their exacting business requirements. Canadian Web Hosting guarantees a 100% network uptime, and a total money back guarantee that backs everything they do. Customers can get help by calling 1-888-821-7888 to get basic support. For more advanced technical support, customers can use email, ticketing or real time live chat support with support staff.
For more information, visit them at http://www.canadianwebhosting.com, or get the latest news by following them on Facebook and Twitter at @cawebhosting. This information can also be found on their site in the press room section or you may also view other related media content on their Pinterest page.
Canadian Web Hosting
The 2012 Olympics in London are in full swing and like other tech and business bloggers, we feel the urge to make an Olympics’ reference to make topics more relatable to our audience and current events. At the time of this post, Canadians are currently 25th in the medal count leaderboard – 0 gold, 2 silver and 5 bronze. Go Canada go! (Why do we sound like Canucks fans? Sorry, we can't help ourselves.)
How does an Olympian’s Training Relate to Web Hosting Online Prevention?
If you happen to be an athlete, say a hockey player, you might already know that according to sports’ studies, athletes can prevent injuries by taking some prevention steps such as strength training, which is one of the benefits in building muscles prior to competing. Strength training is necessary to promote success and safety. As such, the main keyword connects to: prevention. It’s simple. Prevention is one of the elements in an athlete’s overall training and in the web hosting world, prevention is highly important when it comes to protecting your sites, including your blogs. Our team often blogs about online privacy topics, and this time, we want to share with you how StopTheHacker can help you and your business regarding online security. If an athlete gets injured, he or she will lose precious time with physical therapy and such. It’s the same thing with your sites, if you get infected, you’ll lose hours, days and maybe weeks trying to recover data and preventing that from happening should be a must, so please read on. We want to help you become more productive in business and for you to worry less.
What is StopTheHacker?
StopTheHacker is a cloud based website protection suite (AV for Websites) to help prevent, detect and recover from malware (and viruses) attacks. StopTheHacker's technology, supported by the US National Science Foundation, has won multiple awards since 2009, and is a leading application supporting customers all over the globe, protecting their online presence from emerging threats. Each edition comes with a different feature set tailored to each specific target group and varying security requirements.
What are the Key Features of StopTheHacker?
Standard and Advanced Detections. StopTheHacker comes with standard or advanced detections. The standard feature checks all of your pages on your website for known viruses and web malware threats to see if hackers may have injected malicious code into your website. When enrolled, the built-in notification system immediately informs you about any scans found, so you, or your web master, can take actions if needed. The advanced version, in addition to what the standard version does, protects the website from never-before-identified malware. It detects malware within the following website elements including HTML, Java Script, php, iframes to name a few.
Automatic Malware Cleanup. You may not be a security expert, or have the resources available to handle a malware attack. Therefore, the automated malware scanning system can remove it for you and you can decide which level of automations fits the best for you. Let StopTheHacker tool do the work for you, so that you can focus on what’s important for your business.
Blacklist and Reputation Monitoring. It is a comprehensive daily check on the status of your website on Google’s Safe Browsing List and other search engines including Yahoo, and Bing; malware blacklists like Malware Patrol and Malware URL; DNS Blacklists; phishing blacklists like PhishTank; spam blacklists like SpamCop; and many more. We will automatically notify you if your website ends up on a blacklist and help you to remove your site from the search engine blacklist.
Vulnerability Assessment. It scans to identify vulnerabilities in your server/application configuration, so you can patch them to prevent web-based attacks by bots and hackers. Today, the tool checks over 35,000 vulnerabilities on your server(s), website and infrastructure. We also check for web application vulnerabilities in some of the most popular software applications like WordPress, Drupal, Django, Joomla, Ruby on Rails, OpenCMS. Through these scans, we can uncover vulnerabilities in custom installations too.
Other Features. They include speed and up-time monitoring, Facebook protection and because it’s cloud based, there’s no software to manage and it’s easy to set up. All services are offered on Software as a Service (SaaS) platform, and they are run outside the firewall.
How can a Customer Take Advantage of StopTheHacker?
It’s easy to implement StopTheHacker for your web hosting prevention needs, contact our sales teams today at 888-821-7888 or by email at firstname.lastname@example.org. Our expert team will work with you to examine your existing infrastructure and to relate back to our introduction, as strength training helps sports performance, it is important to remember that it is only one component of an integrated program, and compared to web hosting, prevention is only one of the components too. When you reach out to us, we can help you identify next steps to leverage our industry best services with Canadian Web Hosting along with prevention tools like StopTheHacker. Prevention is key, so don't wait!
What other online tools do you use to prevent your online sites? Please share your thoughts by leaving us a comment, otherwise, you may catch us on Twitter at @cawebhosting or on our Facebook Page, on a social side, we'll even chat with you about your favourite Olympics' event.Felice Lam Online Community Manager Canadian Web Hosting
Are you concerned that someone might steal your data and information or your customers? What would the effect on your business be if your servers were breached and customers usernames and passwords were stolen? You might be shocked by this but a recent survey by The Hartford finds that up to 85 percent of small business owners believe a data breach is unlikely.
More importantly, many online business’ are not implementing simple security measures to help protect their customers or employee data. First, let’s take a look at business owners surveyed as it relates to their adoption of some key “risk reduction” best practices that would help reduce their business’ risk of a breach:
1. Lock and secure sensitive customer, patient or employee data - 48 percent
2. Restrict employee access to sensitive data - 79 percent
3. Shred and securely dispose of customer, patient or employee data - 53 percent
4. Use password protection and data encryption - 48 percent
6. Update systems and software on a regular basis - 47 percent
7. Use firewalls to control access and lock-out hackers - 48 percent
8. Ensure that remote access to their company’s network is secure - 41 percent
A key note to this survey is that the data showed that nearly two-thirds of business owners (61 percent) believe a data breach violates trust and would jeopardize their relationships with customers, patients and employees and more than one third (38 percent) say that they would have a more negative opinion of company that has recently experienced a breach.
How To Protect Yourself
One of the many ways that people can work to address this issue is to work with a qualified vendor or expert in the field of security to verify the steps that they could take to protect their data. For example, here at Canadian Web Hosting, we offer and integrate various service offerings to protect our customers servers and continually work with them to ensure that servers are hardened based on industry best practices and each server is protected with a full suite of services that no single small business could afford to maintain on their own. We like to call this our Unified Security Services and it is a combination of hardware security devices, software modules and people expertise that help keep our customers and our network secure. As an example, Canadian Web Hosting utilizes a range of industry leading solutions including Tipping Point Intrusion Prevention devices that protect customers through inbound/outbound content inspection. A key aspect to our security service offerings is our SSAE16 Type II SOC 1 certification. The reason for this is that it verifies through an outside audit, that our tools and security mechanisms that are in place are used to industry standards and have been tested by an outside expert. It also verifies that we (Canadian Web Hosting) have the controls and system mechanisms in place to safeguard your data and more importantly can design solutions to meet corporate governance requirements for even the most strict business entity. We will have a blog outlining our Unified Security Services in the next few weeks.
It is important to point out some of the basic things that each of you can do to maintain your server, otherwise you can have the best security on the market but your server will remain vulnerable until you get hacked. In looking at some recent customer “hacking” issues, the single biggest weakness that most people have is keeping your server and software up to date (see list above, less than 50% of respondents are doing this today). A great example is the leading blog software, WordPress. With WordPress, we continue to see an increase in the amount of “hacked” WordPress installations. One of the most significant causes of this is customers using outdated theme files, or outdated applications where existing security holes exist. I saw a great post on Serverfault.com related to this and their ability to avoid future attacks by simply keeping their tools up to date.
“Most of these attacks are carried out by automated scripts that look for known vulnerabilities in older wordpress systems. Since anyone can look at bug reports and changelogs, it's not too difficult to engineer a script to exploit a weakness. Your best defense is to always have your wordpress version AND your themes/plugins up to date.
I used to have this problem with a few of my defunct blogs, but keeping them constantly updated fixed it.
Do a grep on your existing blogs and look for any iframes or eval method calls in your WP directory. Also check the DB. Once it's all clean, update your WP version and themes/plugins and keep it updated. Next login to Google webmaster and, if you haven't already, prove ownership and ask for a review of your site. The warning should go away after awhile.”
You should always make sure that all of your themes, plugins, and add-ons are up to date. Whether it is WordPress, Windows or Linux distribution, everyone needs to make sure their files are up-to-date. If you are a Canadian Web Hosting customers and would like assistance in getting your site up-to-date, you can contact our support team at email@example.com or by phone at 877-871-7888.