For most businesses, their web site is the public face of the company. If your web site is an e-commerce site, then not only is it your public face, but also the way you earn money. If your site is down, it says something to your customers. If your site is defaced, it says even more.
Hackers, or more accurately, extortionists, have used this fact to separate business owners from their money. If your site is hacked – compromised – defaced – pick one, do you have a plan to respond? What if the attack is a ransomware attack where the hackers encrypt all the code and data – even backups if those are accessible. Remember, even if you pay the ransom, you may or may not get your site and data back.
What if they take over your site and you lose control of it so that you can’t even log on to it to fix it? If they put an offensive message on the site (for example, what happened to Sony) and you have lost control of the site, what do you do.
Having a plan is a good idea. Pros call this disaster recovery and business continuity – keep the business running while you get things back to normal.
Here are a few basic suggestions.
- Keep your web site software up to date. As soon as patches are available, test and install them. This includes the operating system, the content management system, shopping cart and any other pieces. Once patches are released, the attackers have a roadmap for attacking you.
- Make sure that the source code is stored some place that is not directly accessible from the web site so that if an attacker does get in, he can’t wipe out your source code too. I replicate my backups in three places – on the web site, in the cloud and offline. Nothing is perfect, but when it comes to backups, more is better.
- Replicate files and databases frequently so that even if you get compromised, you can recover. How often you replicate is dependent on how quickly things change. If it is an e-commerce site, you may want to replicate changes every few minutes or hourly at the most. And, you need to do this in a way that hackers won’t be able to destroy the backups. Sometimes, that is easier than said.
- Minimize the software that lives your web server. You should NEVER use it for anything other than running the web server. Other than the people managing the web server, no one else should be able to log on to the server. This is for both security of the data and to reduce the chance of human error. The more software on the server, the more attack points for the hacker. And, NO web surfing from that server. If you need to update a program, download the updates elsewhere and bring them over. No browsing reduces the attack surface.
- If possible, have the web server run inside a virtual machine – either in your data center or in the cloud. Snapshot the VM often and do not store any data inside the VM. Keep enough generations of the backups so that even if you don’t discover the problem for a while, you still have an uncorrupted backup.
- Finally, TEST, TEST and then TEST again. Whether your site is taken offline, compromised or defaced, you want to be able to get back to “normal” as quickly as possible. You don’t want to be trying to restore it for the first time.
Information for this post came from TMCNet.