Web Hosting and Management – Five Long-Standing Security Myths

The subject of Internet security is becoming more complex and vast all the time. The reason of course being that the web itself and the prevalence of networking are likewise growing in size, scope and complexity like never before – the bigger the web and the more connected the world becomes, the harder it is to keep everyone safe.

Unsurprisingly, there’s a lot of conflicting information doing the rounds when it comes to what the average web business owner should and shouldn’t be doing to look after their best interests. Quite a lot of the basics of web security come down to little more than common sense, but on the other side of the fence there are hundreds of debatable theories and outright falsehoods.

Just to illustrate the point in relation to web hosting and data management, what follows is a quick rundown of five of the longest-standing myths of all which really should not be read into for the sake of overall security:

1 – Your Site Is Too Humble and Unimportant to Get Hacked

There will always be those who insist that if you are running a smaller and less lucrative business, chances are you’ll never get hacked. After all, with so many huge businesses already doing the rounds on line, surely it makes more sense for online criminals to target them instead, right? Sadly, this is flawed logic at its finest.

Think of it this way – how often is it that smaller shops and businesses get robbed compared to say the biggest banks and uber-protected jewelry stores on the High Street? The answer is exponentially more often – those with less-than world-class security make the most inviting targets for criminal gangs of all shapes and sizes. And it’s the same with the web too, as while hacking your site may not make a hacker rich, they’ll probably have a much easier job getting in than they would with a much bigger, more powerful company.

2 – A Strong Password Is More than Sufficient

You’d be forgiven for thinking so, but just spare a thought for those caught up in the recent celebrity phone-hacking scandal and you’ll soon realise it’s not in fact the case at all. There are just so many ways and means these days to breach password security with little to no effort at all. From malicious software that tracks key-presses to the classic code-busting programs that try every possible letter or number combination, when all that stands between them and their target is a password, they’ll find a way in.

This is why it’s more-than highly recommended to implement a two-step verification system as a minimum, which essentially ensures that your password is bolstered by at least one more security ‘fence’ that’s not so easy to jump.

3 – If You’re Backed Up, You Needn’t Worry

While a good site and data backup system will indeed be a life-saver should the worst happen, it’s never a good idea to lose sight of the real threat. Sure, you’ll be able to get your business back up and running, but what about the data that was stolen by those hacking into your system? Worse still, what about the damage done to your reputation and the small matter of losing the trust of perhaps every last one of your customers? Backups are crucially important, but to place too much emphasis on them in terms of security is not advisable at all.

4 – One Annual Penetration Test Is Good Enough

Penetration testing is no longer the kind of security test that can be considered optional. It’s one thing to believe your systems are secure, but it’s another entirely to actually put them to the test and make sure this is the case. But while a penetration test carried out by a leading security company is invaluable to say the least, simply booking your business in for a single annual test is anything but sufficient.

The reason for this is the plain and simple fact that penetration tests are implemented to test the security of the IT and network systems against current threats. Or in other words, they’re great for seeing how your systems stand up against the threats of today – but what about the threats of tomorrow? Should a new threat emerge even a week after a pen test, you might not be in a position to ward it off.

5 – A Solid Hosting Provider Ticks Every Box

Last but not least, while a world-class hosting provider will work wonders when it comes to protecting what’s yours, charity very much begins at home. Even the most outstanding and expensive hosting package in the world is pretty much useless if robust security processes and procedures are not followed to the letter by the business in an in-house sense. More often than not, it’s this kind of ‘take-it-for-granted’ attitude that leads to unmitigated disaster.

 

 

About Tait Pollack

Leave a Reply

Your email address will not be published.