Years ago, a well-known web host sent a message to its clients about a security breach of one of its employee accounts. They followed that with this thread in their forum.
This morning, we sent a notification to a group of our customers possibly affected by a compromised employee account’s access to our internal customer management portal. We will be sending an additional communication to all customers with information about the apparent security breach, but in the meantime, we would like to answer any additional questions about the communication in this thread.
Please understand that we will not provide specifics information about the security breach due to the sensitive nature of the investigation, but we will do our best to provide as much detail as possible. As we assured in the note, based upon our security review of access logs, we do not believe any credit card information was compromised.
We strongly suggest you implement a security best-practices approach by immediately taking four steps to mitigate risk:
•1. Change your xxxxx log-in passwords immediately and do so again every 60 days.
•2. Change your server passwords and do so again every 60 days.
•3. Be alert to any suspicious activity on your account.
•4. If you suspect any unusual activity, please retain your access logs along with any other information and contact us as soon as possible.
This should raise some questions.
What security measures do hosts normally have in place (regarding their employees) to protect their clients? Are they allowed to bring in USB thumb drives (some are marketed very cleverly looking like wrist bands or writing utensils)? What about PDAs? Could they place data on these devices and simply walk out the door with gigabytes of files? Could those files be broadcast on the Internet, or used as blackmail?
They mentioned implementing a security best practices approach. Regardless of your level of comfort with your current host, these four suggestions need to be implemented to minimize your risk. I can’t emphasize this enough – your data is your business. Lose your data and you risk losing your business!
What about inside your own business?
The same applies to in-house servers and workstations. Most security breaches are by disgruntled employees. It’s amazing how many companies give administrative privileges to low level supervisors. Entire databases can be downloaded in minutes with thumb drives, then transported offsite.
What about security or IT audits?
Financial institutions have very strict guidelines with respect to security, but what about the thousands of small to medium sized firms that comprise the majority of businesses – your local printer, clothing retailer, auto repair shop, electrical contractors, car dealerships? How at risk is their data – and your data as their consumer? It’s astonishing how many firms broadcast unsecured Wi-Fi networks. What’s more alarming is how easy it is to intercept and infiltrate their networks. How many times have we been alerted to intrusion theft of well-known retailers, just in the past year?
Would an IT audit be worthwhile? Volumes of information has been written about IT audits and IT security. Do you trust your IT department to have fully provisioned and managed security? Most owners have no clue how vulnerable their companies are without a 3rd party audit.
Dot your i’s and cross your t’s with disaster recovery and business continuity plans. If you receive a notice like our web hosts comrades, follow their advice. Do it as a matter of habit. Being habitually secure is far better than being victimized with no recourse.
Brought to you by ProlimeHost
We’ve been in the web hosting industry for over a decade, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in Virtual Private Servers (VPS) and dedicated servers, with data centers in Los Angeles, Denver & Singapore.
VPS Services: Lightning Fast SSD Virtual Servers
Our Virtual Private Servers all feature high performance Xeon processors and SSD storage in a RAID10 configuration to optimize your server’s performance, which dramatically enhances visitor experiences on your site.
That speed is backed by unparalleled 24/7 support, featuring both outstanding response AND resolution times to maximize your uptime.
Now is the time to join the ProlimeHost virtual private server revolution.
Dedicated Servers: Backed by a 99.9% SLA network uptime guarantee
We only use enterprise-class hardware in our dedicated servers and offer a four (4) hour hardware replacement. Throw in IPMI for remote management, support for public and private networks, free operating system (OS) re-installs, and SATA, SAS & SSD (including NVMe) storage. Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.