Today’s highly technical world makes it critical that we have all our electronic loopholes covered. We need to make sure all the bugs and kinks are cleared out and taken care off before we go online. Businesses should principally make sure they aren’t exposed to the outside world in a way that can be taken advantage of by hackers and malicious software.
They should also be aware that despite their best efforts, there is always the chance that they can – and will – be hit by an attack should it simply be their lucky turn. This is because no matter how hard they try they can never be truly secure; even the biggest online companies out there get hit at one time or another.
All they need to do is search for the news and they will realize that companies like JPMorgan Chase, eBay, LinkedIn and Microsoft are in a constant battle with the bad guys. These global entities have at one time or another had to fend of attacks that were aimed at gaining control of their clients’ accounts or their physical personal devices.
The point being made here is that no matter how hard you try to secure your business website and your network, there is always a chance that you might have them breached.
But, can the breaches and attacks occur due to no fault of yours? Are there outside factors that could influence how secure your server/website/network is?
The answer is “Yes!” and one such weak point could be your hosting provider.
As a matter of a rule hosting providers do their utmost to make sure that their servers and networks are as safe as could be because their livelihoods depend on it. And so, unless they make a mistake, you can rest assured that your website is safe and secure.
But when they do make a mistake it could be:
-
Not having a disaster recovery plan or not making sure the one they have works by testing it in a real-life scenario.
There is never a 100% guarantee when it comes to keeping data safe and this means hosting providers should regularly carry out disaster recovery drills to make sure the backed-up data can actually be used to make a complete recovery.
-
Not having enough juice to keep their servers running in case of a blackout. Now, although servers in the United States can pretty much rely on a power grid that supplies electricity 24-7-365, there have been times when they (the grids) have been knocked out – mostly due to natural disasters in the vicinity.
In this case, a hosting provider should have a backup source of power that will tide it over the “dark times” which could last anything from a couple of days to several weeks.
-
Not delving into the idea of replicating servers. This is a complicated issue – replicating servers, especially when they are located in another region can be a costly affair that will challenge even the most experienced IT staff.
But, nothing can show dedication and grandiosity like being able to tell customers that their data can always be recovered in case something goes wrong – even when it is caused by the total annihilation (knock wood) of one of their sites.
-
Not protecting DNS records. Most hosting providers invest heavily in protecting their clients’ active data – transactions, personal information and financial data… the works. When it comes to configuration data, they tend to be a little cocky thinking it isn’t that big of a target.
Well, just take the example of what happened at DreamHost. In 2007 the hosting provider faced a serious attack that left hundreds of websites down. They found out there was a bug in their router. They dealt with it and thought the worst was over. But, it was only after their customers still complained that their sites were again going (and staying) down that they realized they had lost a significant number of their DNS records – which were being deleted.
Well, the twist in the tale was that it was the scripts the company had created to solve the first problem that had led to the DNS records being deleted. It’s enough to say there were many red faces at the end of the day.
Moral of the story: DNS records data is important, so keep it safe.
-
Not having the proper role, privilege and protocol assignments implemented. A company can, and should, trust its employees – especially if it entrusts them with the handling of valuable assets… like confidential records.
But that trust shouldn’t be blind. Employees can, and do, make mistakes. Sometimes it is so horrible, that the consequences spill into the real world.
Case in hand is what happened in England in 2008: The British Home Office couldn’t find the data of 84,000 English and Welsh prisoners. Their data was lost.
What happened was an employee of the Office – a contractor at that – downloaded all the prisoners’ records from their servers and onto a flash-drive. He then lost the drive.
This could have been prevented if the proper protocol – disabling USB drives for example – had been put in place. The contractor’s role allowing him to access and download the data should have been curtailed.
Let’s just hope your hosting provider doesn’t make any of these fumbles – keep your fingers crossed and your backups current.
