Apr 212015
 

I offer a ton of tips and advice on how to protect your small business from a data security issue. But let’s face it, no matter how well we protect our data, the hackers are always going to be ahead of us. So there is always the potential of having a data security issue, and one of the most common problems small businesses face is website hacking.

If you are running a content management system like WordPress or if you have an e-commerce shopping cart, it is crucial that you keep it updated with the latest security updates, back it up regularly, and take steps to protect it such as utilizing a firewall, malware/virus detector, etc. Most hosting companies will offer these products for a small monthly fee, you can buy them yourself, and/or WordPress has many security plugin offerings for free.

Of course we all get busy, especially in a small business, and sometimes we just let things slip. So what do you do in the event your website is hacked?

I recently ran a test with WordPress, and based on my experience, it should take you 24 – 48 hours to get your website clean and up and running again – if you have a cooperative hosting company. Here are the steps you should take.

Step 1 – How do you know you’ve been hacked?
You need a way to be notified your website has been hacked. Many hosting companies will notify you, but you are on their timeline. So to ensure you are covered, you should also make sure your website is setup with a Webmaster Tools program like Google. Google will notify you when your website is hacked, and they do it fairly quickly. In fact they will even mark in the search engine results that your website may have been hacked so you want to fix the issue asap.

Step 2 – Contact your hosting company
Don’t panic! If your hosting company didn’t notify you, then you need to notify them as quickly as possible. If you are setup with a Webmaster Tools program, you should have some information on the type of hack, a list of the website pages affected, and when it occurred. Most hacks are going to be one or a combination of all the following types: install of virus/malware on your website, redirect links to spam websites, and/or an attempt to access/steal information.

Step 3 – Remove it
In most cases if you didn’t already have some type of protective service installed on your website, your hosting company can either install one and clean it for you or they can provide you with a list of the affected files for you to manually delete via FTP. Once you think everything has been removed, either run the scan or have your hosting company run another scan to verify.

One thing to consider – Ideally you would have had a backup, and you might just be tempted to delete everything from the beginning and start all over. This can be a lot of work so I wouldn’t necessarily just jump to taking this step. Let’s say you had 100 files affected on your website. In reality with an FTP program, it will only take you about an hour to delete those files, and hopefully the damage will be minimal. In my test with WordPress, I had 78 infected files. Once I deleted those files, I only needed to reload my WordPress theme, and I was back the way I started. Either way though make sure you have a backup in the first place, and back it up on a regular basis.

Step 4 – Fix it
Once you remove all of the hack instances, you’ll then need to go about fixing the issues that allowed the hack in the first place. The first thing you want to do is upgrade since this was the most likely issue allowing the hacker to access your website. Using WordPress again as example, you’ll need to update the WordPress version, all plugins, and the theme. Once you’ve upgraded everything, if you didn’t have any type of website firewall/virus/malware scanner, then get one. It’ll go a long way towards preventing you from ever having to endure this headache again.

And that’s it. Remember don’t panic. It may look daunting at first, but in reality if you have a good hosting company and you are backed up, you can actually fix a website hacking issue fairly quickly.

Mar 062014
 

One of the most common ways hackers will exploit and attack a business network is through open and unsecure network ports.  By using a default or “easy to guess” user/password combination, hackers can gain access through network services and software such as mail servers, email servers, DNS servers, VOIP servers, and other network servers.  Here are a few tips to help you close and monitor your network ports to prevent these type of attacks.

  1. Install a firewall(s) and a network port filtering tool and set rules to only allow business verified network traffic and to monitor  all network traffic.
  2. Routinely check and install security patch updates.
  3. Maintain and audit these applications on a regular basis to ensure all rule, patches, and services are up to date.
  4. Routinely audit all ports and protocols, perform automated port scans, and compare results and settings to your asset management system.
  5. Ensure systems are in place to routinely and quickly alert when unauthorized ports are installed and opened.
  6. It may be necessary to maintain critical servers in isolated environments with no internet access.

Follow these simple steps to manage your network ports and prevent potential hacking exploits of your network.

About the author

Dec 052013
 

The majority of data security attacks and vulnerabilities can be found in software applications and more specifically web software applications.  Major hacker attacks of online systems are becoming more and more commonplace with hackers exploiting vulnerabilities through SQL DB injection attacks, buffer overflows, cross-site scripting, and many more areas.   So it is important for you to protect your business by testing application software for vulnerabilities, and here are some examples of how you can strengthen your business against these attacks.

  1. Install and test all new software publications on devices outside of your network such as a single desktop.
  2. Use automated remote web application scanners to test for security vulnerabilities prior to software deployment within your network.
  3. If the software requires a database, test the database to ensure it has been hardened.
  4. Once testing is complete and the software is deployed in your network environment, ensure it is properly setup and configured within your network firewall to protect against potential outside threats.
  5. Turn off all automated updates except for security updates.  And depending on your network type, you may either want to test or use a third party to whitelist software security updates before introducing them into your network environment.
  6. All system error messages should be displayed internally only.
  7. If you develop and code your own in-house software, keep the development area separate from your production network environment.  Test for common vulnerabilities such as software backdoors, malware insertion, coding errors, etc., before deployment of this software.

Follow these steps to ensure you are testing for and removing any potential software application vulnerabilities prior to deployment in your network environment.  And as always if you have any questions or comments, please feel free to list them below in the comments section.

About the author

Oct 172013
 

I covered the need to perform routine vulnerability scans in my 5 Step Data Security Plan for Small Businesses, and in this blog post I would like to add a little more detail to how you should be performing vulnerability scans.  Not only are you using vulnerability scans to detect potential issues within your network, software, devices, etc., but you also need to ensure hackers do not use your vulnerability scan to exploit your network.  Also as a quick reminder, I covered some vulnerability scan software options in this blog post.

  1. The first step is to determine your vulnerability scan schedule.  If you are a large company with frequent turnover, then it may make sense to perform a vulnerability scan on a more frequent basis such as weekly.  Smaller companies will have the option to perform the scans on a less frequent basis such as quarterly.
  2. Setup your vulnerability scan software on a dedicated vulnerability admin computer that is tightly controlled via password and minimal admin access.
  3. Scan for network configuration as well as software code vulnerabilities.
  4. Monitor your scan logs on a routine basis to ensure your vulnerability scan software is not compromised by hackers.
  5. Coincide your network security patches with your vulnerability scan schedule so you are running scans immediately after network security patches have been installed.
  6. Prioritize and fix the vulnerability scans issues based on the severity of the vulnerability.
  7. After you have addressed the vulnerability  issues, run the scan again to make sure the issues are fixed.
  8. And finally keep your vulnerability scan software up to date, and monitor security news services regularly for new potential threats which may require you to change your scan schedule.

Follow these steps to ensure you are running vulnerability scans on a routine basis to find and fix potential vulnerabilities.  And as always if you have any questions or comments, please feel free to list them below.

About the author

Oct 092013
 

I have written in the past about the importance of a Business Continuity Plan as part of your overall data security plan, and in this article I am going to dig a little deeper into two areas – email and phones.  Obviously these are your two main contact points to your customers, suppliers, employees, etc., so it is important that these two areas are always up and running – even whenever everything else is down.

Business Continuity Plan

Email

Many businesses today still host their own email server in-house, but even if you have cloud hosted email setup, email continuity is still a consideration.  There are many ways to go about ensuring your email will always be up and running .  From deploying redundant servers in offsite locations to running expensive battery backups (although this still limits your uptime), but the cheapest way to go about it is to tie it in with a third party spam service.

Many third party spam services also offer an email continuity product for a small additional monthly cost per employee.  Since you would already be running your email through their servers for spam/virus protection, it makes sense from a cost standpoint to include email continuity.  The product can be as simple as allowing you to login to send and receive email to duplicating your complete email folder structure allowing you to access all your emails in the event your email server goes down.  You need to evaluate the level of email access you need in the event of an email outage, but generally a send/receive ability is all that is needed.  And remember security is also a major consideration so as long as you do not have security limitations preventing you from using a third party service, make sure you audit the vendor on their security measures as well.

Phone

Many businesses are now using VoIP phone servers hosted in-house or remotely, and these setups offer you a very simple way to ensure phone continuity in the event of an outage.  Every employee should have access to an admin management console for their account so it should be as simple as logging in and forwarding your phone to an alternate number like a cell phone.  Where companies usually fall down in this case is the failure to provide employees with the instructions on how to do it.  Generally your VoIP provider should provide you with an instruction manual, but either way make sure the forwarding setup instructions are distributed to all your employees.

Many businesses have suffered through 0 or limited contact when they have experienced an outage.  With these simple and cost-effective methods, you can easily prevent this from happening to your business.  As always if you have questions or comments, please feel free to list them below it the comments section.

About the author

 Posted by at 9:06 am
Sep 062013
 

Occasionally I like to recommend WordPress plugins since it is the most widely used blogging platform.  In this post I am going to recommend a few plugins to help you better secure your WordPress platform.

Backup

UpdraftPlus Backup/Restore – If you have read any of my previous blog posts, you will know I have used a lot of different WordPress backup plugins in search of the perfect backup plugin.  Lately I have been using UpdraftPlus in conjunction with a free Dropbox account.  I am not ready to call it perfect, but so far it has proven to be very easy to use.  You can use it in combination with many different backup programs like Dropbox, Amazon S3, etc., or just simply backup to your FTP account.  Here are some more details from the UpdraftPlus plugin description.

UpdraftPlus simplifies backups (and restoration). Backup into the cloud (Amazon S3 (or compatible), Dropbox, Google Drive, Rackspace Cloud, DreamObjects, FTP, SFTP, WebDAV and email) and restore with a single click. Backups of files and database can have separate schedules.

  • Thousands of users: widely tested and reliable (over 215,000 downloads). Ranks in the top 0.5% on rankwp.com (70th out of 25,000 plugins).
  • Top-quality: ranks 52nd out of 25,000 WordPress plugins for quality on rankwp.com (top 0.25% – last checked 20th August 2013).
  • Supports WordPress backups to Amazon S3 (or compatible), Dropbox, Rackspace Cloud Files, Google Drive, Google Cloud Storage, DreamHost DreamObjects, FTP and email. Also (via an add-on) FTP over SSL, SFTP and WebDAV. (Note: Microsoft forbid SkyDrive to be used by backup software). Some examples of S3-compatible providers: Cloudian, Connectria, Constant, Eucalyptus, Nifty, Nimbula, Cloudn.
  • Quick restore (both file and database backups)
  • Backup automatically on a repeating schedule
  • Site duplicator/migrator: can copy sites, and (with add-on) move them to new locations
  • Files and databases can have separate schedules
  • Failed uploads are automatically resumed/retried
  • Large sites can be split into multiple archives

And there is much more.

Security

All In One WP Security & Firewall – I like this plugin because it provides you with a firewall for your blog, a grading system for your security setup, and additional security features like brute force attack prevention.  Here are some additional details from the plugin description.

All In One WP Security reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.

All In One WP Security also uses an unprecedented security points grading system to measure how well you are protecting your site based on the security features you have activated.

Our security and firewall rules are categorized into “basic”, “intermediate” and “advanced”. This way you can apply the firewall rules progressively without breaking your site’s functionality.

Below is a list of the security and firewall features offered in this plugin:
User Accounts Security

  • Detect if there is a user account which has the default “admin” username and easily change the username to a value of your choice.
  • The plugin will also detect if you have any WordPress user accounts which have identical login and display names. Having account’s where display name is identical to login name is bad security practice because  you are making it 50% easier for hackers because they already know the login name.
  • Password strength tool to allow you to create very strong passwords.

User Login Security

  • Protect against “Brute Force Login Attack” with the Login Lockdown feature. Users with a certain IP address or range will be locked out of the system for a predetermined amount of time based on the configuration settings and you can also choose to be notified  via email whenever somebody gets locked out due to too many login attempts.
  • As the administrator you can view a list of all locked out users which are displayed in an easily readable and navigable table which also allows you to unlock individual or bulk IP addresses at the click of a button.
  • Force logout of all users after a configurable time period
  • Monitor/View failed login attempts which show the user’s IP address, User ID/Username and Date/Time of the failed login attempt
  • Monitor/View the account activity of all user accounts on your system by keeping track of the username, IP address, login date/time, and logout date/time.
  • Ability to automatically lockout IP address ranges which attempt to login with an invalid username.

Database Security
And there is much more…

MVIS Security Center – I like this plugin because it provides a very simple check for your WordPress install.  Here are some additional details from the plugin description.

MVIS Security Center is a proactive WordPress security plugin that helps you lock down your installation in three simple and clear steps.

  • Update Check: Find out what components of WordPress are vulnerable or need updating.
  • User Check: Find out which of your user accounts have problems that pose risks to your website.
  • Core Check: Find out which files and settings put your website at risk.
  • You’ll receive an e-mail alert as soon as vulnerabilities are identified that affect any of your sites.
  • The vulnerability alerts will tell you exactly how to address the vulnerability and become safe again.
  • You’ll receive weekly status mails informing you about outdated versions and vulnerabilities in your sites.

I hope you find these WordPress plugins, and as always if you have any questions or comments, please feel free to use the comments section below.

About the author

Aug 092013
 

Setting up and securely configuring your network devices (firewalls, routers, and switches) is generally the easy part.  What gets companies in trouble, from a data security standpoint, are the periodic exceptions added to the configuration for ever changing business needs.  Some examples might include giving an auditor temporary access to part of your network or setting up/disabling VPN access for your remote employees.  The data security problem arises when the exception is left in place after it is no longer in use making it easier to exploit.  So let’s take a look at some ways of preventing this from happening, and please note I am going to minimally discuss setup configurations for network devices.

  1. The first thing you need is detailed network mapping of all your network device configurations.  Use this standard to audit your company network  on a periodic basis (eg. quarterly).   You will also use the standard configuration as your guide for deploying security updates, changes, and upgrades.
  2. Adding or changing an exception is considered a significant security event so make sure logs files are captured and stored for all network device exceptions.
  3. Ensure all ports are disabled when no longer in use or needed, and this would be part of your regular network configuration audit.
  4. You should already have inactive session limitations in place, and make sure these are also followed when deploying exceptions.
  5. Establish ingress and egress filtering to allow approved and documented ports and protocols as well as blocking traffic with a reserved/unroutable or untraceable source and/or destination address.
  6. Any time you are adding new or temporary network traffic beyond your normal security configuration, make sure it is documented, approved, and disabled when no longer in use.

Follow these steps to ensure you are properly documenting and managing all network configuration exceptions, and as always if you have questions or comments, please feel free to list them below.

About the author