After getting hacked earlier this week, I thought it might be timely to cover some things to look at for security through your web host – and as I am not a technical expert, I’d love to hear your tips too so we can all have the best chance of avoiding these time wasters.
So here are some tips from me…
- who are you sharing a server with? Dedicated server hosting is the most secure option but also a lot more expensive. My host has servers just for their clients which I see as the next best thing as at least I am not sharing with just anybody and my host has put some precautions in place (such as minimum 70 strength passwords)
- does your host/server have a SSL certificate? This may be shared with everyone on the sever but it certainly beats no certificate at all!
- where are the servers located? The recent flooding in Victoria shows the value of storing servers somewhere high (on top of a mountain isn’t quite what I mean though! Off the floor and preferably in a room protected against flooding to some extent). Are they protected from other physical dangers too?
- what physical security applies to the servers? Are they in locked cupboards in secure buildings? Is there 24 hour security (guards, cameras, sensors) turned on?
- what routines and programs does your host use to monitor the servers for attacks and errors? For example, my host now constantly runs a security scan and a program that detects prohibited activity
- does your host offer suitable privacy protection? Your information and your payment details should be kept private and safe
- who can access the server shells? This is the core of the operation and is where real damage can be done to websites – ideally very few people even within the host company can access this
- what back ups does the host do? where do they store these back ups (on site or remotely)? I’m glad to say my host does daily and weekly back ups so were able to reinstall everything from a back up after Tuesday’s attack – and they did a more recent back up of the databases, too. I would not have wanted to replace all that work and data myself or have lost it completely.
I have discovered that not many hosts cover this information on their website so I suggest you ask them questions. It is easy to just trust them and even to take the cheapest option but think about the consequences of loosing your website (for an hour, a day, a week…) or of having your website damaged and perhaps clients’ information breached. Makes asking a few questions a small but critical task doesn’t it?
According to WAtoday, the threat of an attack on a medium sized business has grown by 54% in the last year. That makes it a pretty big risk and something to be aware of in business budgeting, planning and contingency. I hope it never happens to you.
What steps have you taken to secure your website hosting?