Data security is of the utmost concern when you are running a business, and it becomes even more important if you work and transact online. Your clients and customers expect you to keep secure whatever information they entrust you with.

You and your business, in turn, should make it your mission in life to protect them from prying eyes and the people that can do worse with the data. In fact, security of your servers, websites and network should be the basis of all your business’ transactions. After all, having the best designed ecommerce site that runs like a well-oiled machine will be of no use if it has a leaky database or a network with gaping holes in it.

But then again there are times when – despite all your efforts of locking your server down, tightening the security on your network and polishing your website’s codes and scripts – you will still have a point of breach and a potential security risk.

Case in hand is if you are using a hosting provider. You, of course, realize that once you have relinquished your data and hardware to a third-party entity you have granted them the permission to do whatever they want with it.

It should be noted here that we are not saying they will do anything with it, but that they could. After all, your hosting provider has the administrator password and, with that key in hand, can unlock everything you place with them.

The question then becomes, what (if anything), can you do to stop your hosting provider from snooping through your data?

A few suggestions:

1. The best solution to making sure that something isn’t lost is to not have it in the first place. You should consider whether or not it is really worth collecting other people’s information. For example, do you really need usernames and passwords to offer services to your clients? If you’re thinking about creating a mailing list or a way to contact them, then won’t it be enough to have them log in using their social media accounts? This way, you will still have access to your clients without having to save any of their data.
2. Don’t store sensitive data on a hosting provider’s server or in the cloud. If you think that no one, and absolutely nobody, can see your data then the best and safest thing to do is to avoid putting it out there. If there is any way you can avoid getting the data out, do so – even if it means going old school and using pen and paper or using an offline spreadsheet or to keep it on your own offline laptop or desktop.
3. If you think you need to store the data on a database, then you will have to make sure that you, and only you, have access to it. This means, the data will have to go on a local server that sits behind your network and firewall. To achieve this you will need to implement a hybrid networking systems that integrates either a cloud or hosted environment with a LAN/WAN one. Whatever data and transactions you deem “ok” to be seen by the world you send out to your hosting provider while your sensitive data is retained behind your firewalls.
4. Wherever you can, use data encryption and passwords – lock it all down. Yes, this will mean you will run up costs, time and bandwidth, but if you truly want to make data inaccessible to someone, you will have to pay the price. Encrypted data will only be viewed by whoever is allowed to do so. The same with your password-protected files.
5. Make sure you are working with a hosting provider that has an established reputation. These better-known companies rely on their reputations and public opinions to further their businesses. They are therefore unlikely to be caught with their pants down and sniffing through your data – they simply won’t risk it.
6. Alternatively, and this is not advisable, if you think you have a well-grounded fear that your data will be sifted through by a hosting provider (who might be working for one of your competitors, let’s say) you can choose to have your site hosted out of the country. That way, with the proper barriers put in place, you can prevent potential attackers from even knowing where your data is hosted. This of course comes with its own risks including raising eyebrows (and questions why you would actually take such drastic measures) and legal issues on jurisdiction should a dispute arise with your host over ownership and the retrieval of your data.

Now, having gone through all this, we would like you to know that most hosting providers – especially the bigger ones with thousands of clients on their servers – will simply have no reason (or the time) to go through your data and codes.

Unless you give them that reason, that is.

If you run a safe and secure website that has no infections or doesn’t run malicious code in the background, if you do not attract traffic from suspicious sources or aren’t the source of complaints from any of their customers or the public (in other words if you abide by their terms and regulations and do not pique their interest) they will simply have no time to go around poking their noses in other people’s databases and source codes.

So, behave! It’s much easier for everyone.