Whether you are running a small web start-up, a non-profit organisation, a large e-commerce website, or an international brand, your business undoubtedly holds important information on its servers. Businesses can find themselves in hot water should their servers be compromised, with heavy penalties for companies who do not take the right precautions.
The headlines are hit with tales of security breaches on an almost daily basis, with large companies falling prey to hack attacks and viruses which render them powerless. Recent incidents in November 2012 include alleged breaches to the servers of ImageShack, Symantec and PayPal by a hacker group named HTP. In the same week, hackers gained access to and defaced websites belonging to NBC, as well as a Lady Gaga fan site.
According to Computer Weekly, there are thousands of virtual servers left unprotected and exposed on the web. In fact, it has been reported that most organisations fail to implement the necessary protection for data held in a virtual setting, which leaves hundreds of websites and databases open to attack.
Many servers could be accessed in under a minute by running a simple password hash against rainbow tables – even a well thought out username and password is of little use in this instance. Once a hacker has gained access to the server, they have their hands on everything stored therein.
The penalty of a security breach
The penalties for companies that lose data are purposefully set high in an attempt to encourage organisations to be vigilant when it comes to protecting sensitive data. In the last month alone, the Information Commissioners Office (ICO) fined Stoke-on-Trent City Council £120,000 after they breached data protection by emailing unencrypted data about a child protection legal case to the wrong person. The ICO said the severity of the penalty depicted the importance of protecting sensitive data when storing or sending online.
Such a fine could be fatal to a small business or organisation.
How to guarantee secure hosting
It doesn’t matter how large or small your enterprise, security should be a central focus of every action you perform online – from choosing complex, one-time-only passwords to encrypting files. By implementing a strong security culture at every level of your organisation, you can vastly improve the security of your business.
When signing up with a hosting provider, businesses and organisations should ask detailed questions regarding web security. For example, e-commerce businesses should enquire about and invest in an SSL certificate, providing peace of mind for the organisation and customers alike that important details are encrypted.
Check that your secure hosting provider offers vulnerability scans as part of its offering, to ensure your servers are safe from backdoors, Trojans, CGI abuses and vulnerabilities.
Firewalls are vital for all data stored online; ensuring the only traffic that makes it onto your network is legitimate. Your Firewall should be monitored for complete confidence that your servers are secured from malicious attack. A monitored Firewall will log all suspicious attempts to gain access – providing information should someone attempt to breach the security of your network.