Data security – it should be one of the top things on any businesses list however, many small businesses overlook or just simply are not aware of the issues relating to securing data that is held in the cloud.
By “cloud”, I mean anything that sits outside your local network. Your webserver is considered to be “in the cloud”.
A recent article: “Russian hackers hold Gold Coast doctors to ransom” highlights the risks to business owners and the implications on data security. What struck me in this article, is the fact that the business relies on patient records in the cloud… and indicates that perhaps they don’t have current backup, or perhaps a backup that was stored ‘offsite’.
Here are a few tips that you can use to reduce these types of impacts on your business:
Data Security: Make Sure You Have Current Backups stored offsite
What would you do if one day you woke up and your hosting provider has gone broke, or they’ve had such a catastrophic failure in their system they simply can not recover your data. Now, imagine that you have been diligently backing up your site but you store those backups on the same server your website is hosted….. As much as it pains me to say it – there is very little anyone can do for you!
It’s really important that you not only have a backup schedule that backs up your database (where the information for your site is stored – this includes the pages, post, article content) but one that also backs up the physical files (images, audios, file downloads etc), as well.
However, just doing the backups isn’t enough. Many backup solutions will allow you to backup the database and the physical files, but store the backups on the server they are backing up!!!
Use a solution that allows you to move your backups to a secure storage solution that you have access to, to ensure that you can quickly and easily recover your website should the worst occur.
If you run a WordPress website – check out my videos on how to increase your data security by using Backup Buddy.
Data Security: Make Sure Your Webserver Uses Current Version Software
Most webservers run on a variant of Linux, PHP and MySQL. It is imperative to ensure that all software is at the current version – if ‘down rev’ software is used, the capacity for compromise is increased (exponentially).
As a version of software is released, security vulnerabilities become evident. The providers themselves will release a list of vulnerabilities with each version – the hackers don’t even need to work them out because the providers will list them. If you aren’t using the latest versions, you are inviting hackers to do you over.
Ensure that your hosting provider is using the most current version of operating software. For example:
PHP – good data security practice
There are two variants of PHP in circulation Version 5.3 and Version 5.4. Anything before these versions shouldn’t be used. Current stable versions of PHP are 5.4.9 and 5.3.19.
Ask your hosting provider what version they are using and what the upgrade path and timeframe is. Sometimes they will be a patch or two behind (i.e 5.4.7 instead of 5.4.9) because the patches come out pretty quickly, but they should be close, very close, to the current stable version.
Oh yeah, if you want to check the current release versions, head to PHP.net and look at the current release versions of PHP in the right hand column
MySQL – good data security practice
The current generally available release fo MySQL is 5.5.28.
Find out what version of MySQL your hosting provider is using and what the upgrade path and timeframe is. Sometimes they will be a patch or two behind because the patches come out pretty quickly, but they should be close, very close, to the current stable version.
Look at the current release versions of MySQL here.
Data Security: Other Software
Are you using WordPress, Joomla, phpBB or other programs to enable your web presence? Make sure you keep these updated.
If you aren’t sure about doing the updates and keeping your site running, contact us or your Web Developer and see how they can help you… for a few dollars a month, you are saving yourself from a hacking attempt.
Data Security: User Names and Passwords
This is something really, really simple and easy for site owners to fix.
Make sure your FTP, CPanel, website user names and passwords are unique and relatively unguessable.
Change your password often, use Characters, Numbers and Symbols as well as a Capital letter…. Certainly use a pass phrase that means something to you – it will be easier to remember but make sure you mix it up so you have a combination of characters, symbols and numbers.
Where ever possible, don’t use the default account names – admin, administrator etc. Use something that isn’t expected – this will make it harder to hack your account.
Now, these practices won’t make it impossible to hack your account, but it might make your account less attractive to hack.
Data Security
As a business owner, you are responsible for the data security on your site. Make sure you have the appropriate processes in place to protect you from the unforseen – a webhost disappearing or a hacking attempt.
0 comments