(Editor’s note: Chris Drake is CEO and founder of FireHost, Inc., a secure Web hosting company. He submitted this story to VentureBeat.)
Many entrepreneurs have preconceptions about their place in the cyber crime world – usually wrong ones.
Some feel that if large organizations like Sears can easily fall prey to hackers, there’s really nothing they can do to protect their own small business. Other think their company is too small to hold value for cyber criminals, making them safe from attack, as it wouldn’t be worth the hacker’s time.
The truth is: Security measures in place at most small- and medium-sized businesses are "easy pickings" for hackers, and there is a booming community of C2C (criminal to criminal) interactions focused solely on stealing customer data from SMBs that conduct business online.
The same way you work every day to develop new, enticing products and easier ways for your customers to shop, cyber theft "shop owners" fuel this underground economy (valued at more than $276 million) by devising faster, easier and more effective methods to steal your company's data.
Preventing data leakage takes an ongoing, concerted effort, so it's important that you take proactive control over your immediate environment. Here's how:
Only run software you need. Thoroughly review all third-party applications before introducing them to your environment. Only install third-party applications if they are absolutely necessary. Remove all inactive programs at once. Paring down your list of installed programs alleviates your susceptibility to any known or future security threats they may pose.
Stop ignoring those updates. Install every software update, and do it quickly. Addressing security vulnerabilities is a top priority of software patches - so don't get versions behind.
S = More Secure. Traditional FTP connections are insecure. Look for “SSH” and “SFTP” connections as they are in an encrypted format and are the minimum standard for eCommerce Web site administration.
Manage change. Terminate access credentials for former website administrators and employees immediately after (and sometimes before) they exit the company. Open logins create an extremely popular data leakage point. Implementing strict, consistent, change management protocols will reduce the chances your website is compromised by a password breach.
Check configurations and permissions. Regularly check that server configurations and file permissions are set correctly, and that there are no open permissions on directories.
Cheaply outsourced labor could cost you. Do you really want to outsource your livelihood to the lowest bidder? Websites require ongoing maintenance, bug fixes and enhancements - and working closely with a local developer that you can meet in person might be the best solution in the long run.
Hire a hacker. Hire a hacker to try and penetrate your environment to find its vulnerabilities. I’m serious.
Achieve PCI Compliance if you conduct eCommerce. The payment Card Industry has devised a succinct list of requirements to which every organization must adhere if they accept credit cards as a form of payment.
Vulnerability audits. Have professionals perform regular vulnerability audits. We recommend monthly or quarterly (at minimum). Vulnerability audits can identify weak logins, data leakage from forms, SQL injection vulnerabilities, DDoS activity, spam relaying, order manipulation, admin control panel tampering and more.
Hackers pose a real threat to entrepreneurs - and they find value in stealing customer records, even from the “one-man shops” out there. Give these preventative measures the same priority as the way your site looks and works. After all, an ounce of prevention…well, you know the saying.
Photo by gutter via Flicker