What Every Business Owner Ought to Know About Website Security
Hackings have increased in recent years – by one count, 161% last year.
In that kind of environment, website hosting can be a sore topic for small business people. If a website gets hacked, your hosting company typically says ‘we’ll help you fix it.’ But if it happens again, the hosting company may think your account has become too much work for too little money. You could be asked to pack up your website and find another hosting company. So on top of the inconvenience and shock of getting hacked, you’re suddenly “out on the street.”
As a business owner you may not even have thought much about security, assuming your hosting company takes care of it. Ah, but you’re probably wrong.
You must pay extra for proactive security monitoring and protection. At most hosting companies that’s expensive.
But it doesn’t have to be that way, says Chris Drake, the CEO of Firehost. Firehost is a Plano, Texas hosting company whose difference is that they provide security monitoring and protection to ALL their managed accounts – standard. Not just to the big corporate accounts that pay many thousands of dollars a month, but also to their small business accounts.
October is National Cyber Security Awareness Month here in the United States. In honor of that, I would thought it would be fitting to profile a company this month that is proactively looking out for its customers’ website security. So I had a long interview with Chris Drake on why his company is different – and what that means for small businesses.
The key takeaway from my interview is that Firehost actively blocks hackers to prevent intrusions on the websites that Firehost hosts.
Drake explained that there are two ports that a website gets visited on: port 80 and 443. Firewalls have to leave those ports open for a website to be viewable. Firehost provides a web application firewall that monitors all traffic over port 80 and 443. Firehost actually blocks traffic that meets certain activity signatures. This cartoon illustrates it: 
“In our opinion, proactive security should be part of the managed hosting mix,” he says.
The company does continual research to stay ahead of hackers. One of the ways they do that is by luring in hackers, so that FireHost can watch and learn how to prevent attacks. Per Drake, “We put out a honey pot — a computer that is outside our network — and we let hackers go after it. We see what they are doing. That way we sharpen our knives. That honey pot allows us to catch bees. We’re on the bleeding edge on knowing what the attack scenarios are.”
Drake says secure hosting was a stumbled-upon business for them, “arising out of our roots as a Web application development company. Sixty percent (60%) of attacks are at the application level [i.e., they break in through your software]. Our first website we hosted was Qualcomm – we’ve been providing enterprise hosting as a development firm for a while. That’s how we learned about hosting security. Then we looked at how we could take security and provide it to small businesses.”
I asked how Firehost could afford to provide this security for small businesses, and what their business model was. According to Drake, providing secure hosting reduces customer turnover. “We’ve been pleasantly surprised to learn that security is very sticky.”
Still, as he says, “Security engineers and equipment do not come cheap. But the model of most high-end secure hosts is that the equipment is yours. We share the equipment and security level among customers,” gaining economies of scale. “We also save time and costs on support by not having to deal with customers who have been hacked.”
Firehost is so confident of their ability to keep out hackers, that they actually welcome high profile websites that are targets for hackers. One such website is that of Kevin Mitnick – once the most wanted computer hacker in the U.S.
Mitnick — now a public speaker, author and security consultant who tests the security of business information to find vulnerabilities – originally hosted his website with a friend’s company. But after multiple hackings, his friend could not afford to keep dealing with the aftermath. It was costing his company too much money. So Mitnick was asked to leave. That’s when he went to Firehost.
Mitnick’s site is a target for hackers – but it’s a misplaced target, he says. “I don’t host my own servers. I want an air gap between public servers and my internal network. That is why I decided to use a third party Web server. I don’t have anything confidential on the Web server. A lot of people want to prove they can hack my site, but they are not breaking into my computer … it is really a hosting company’s computer.”
Hosting with a third party, he goes on, “is a cheaper alternative for my business than managing it in-house. Still, I want to ensure that the hosting company managing my Web server is secure — for myself, and because that is the business I am now in.”
That’s a very interesting article. Especially the part about Mitnik. I think this company has the right idea and it makes you wonder why hosting companies aren’t more aware of the needs for security combined with hosting. I have to admit, I was surprised to learn that the two don’t come hand-in-hand. I learned something, so thanks for writing such an informative piece.
I’ve also learned a great deal from this article. I wasn’t aware that most hosting services don’t provide adequate security. I was pleased to see that Firehost offers Wordpress hosting. Something to consider.
Interesting post on how a former hacker becomes a security expert. Is Firehost’s firewall web application for port 80 and 443 unique? It is a jungle out there with a huge amount of different hosting services. I think it is hard to get a good overview and compare and contrast the different hosting companies.
Actually, Martin, that’s not unusual about former hackers turning into security experts. After all, who better to know what to look for, right?
– Anita
Unfortunately the problem is only going to continue to worsen as more and more valuable data is being gathered/stored online. Thanks for your sage advice Anita.
Great information.
It’s something that should be better understood by all small business owners because often we take things for granted and then find ourselves in trouble.
this nice topic for what people talking today, it is good news for us , thanks
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://bit.ly/erkkh
This comment was originally posted on Twitter
http://bit.ly/16KLmy What Every Business Owner Ought to Know About Website Security: Hackin.. http://bit.ly/zW3o2
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security http://bit.ly/1UBtIU
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://bit.ly/erkkh
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://bit.ly/erkkh
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://bit.ly/erkkh
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security http://ff.im/-9HIgd
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent .. http://bit.ly/erkkh
#smb #trends
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://bit.ly/erkkh
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://bit.ly/erkkh
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://bit.ly/erkkh
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://tinyurl.com/ylnothl
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://tinyurl.com/ylnothl
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://bit.ly/yKXJP
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://bit.ly/erkkh
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://tinyurl.com/ylnothl
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security http://su.pr/4zsVU2
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security http://bit.ly/1UBtIU
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security http://bit.ly/erkkh
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security … http://cli.gs/pmA2a
This comment was originally posted on Twitter
Business Software: What Every Business Owner Ought to Know About Website Security: H.. http://bit.ly/erkkh
APPCRAFT
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://tinyurl.com/ylnothl
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security http://short.to/tjyh
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security http://tinyurl.com/ygc4vx8
This comment was originally posted on Twitter
Great article from @smallbiztrends about “What every business owner ought to know about website security” – http://bit.ly/KRFgS
This comment was originally posted on Twitter
Great write-up by @smallbiztrends on website security featuring @firehost – Awesome Stuff! http://bit.ly/KRFgS
This comment was originally posted on Twitter
Great write-up by @smallbiztrends on website security featuring @firehost – Awesome Stuff! http://bit.ly/KRFgS (via @chrisdrake)
This comment was originally posted on Twitter
Great write-up by @smallbiztrends on website security featuring @firehost – Awesome Stuff! http://bit.ly/KRFgS (via @chrisdrake)
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security … http://bit.ly/h08vE
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://bit.ly/erkkh
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security http://ow.ly/15Ux10
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security http://ff.im/-9Ig3P
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security http://bit.ly/4narg9
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security: Hackings have increased in recent years – by on.. http://bit.ly/erkkh
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security http://ow.ly/15UynW
This comment was originally posted on Twitter
Just read: What Every Business Owner Ought to Know About Website Security http://ow.ly/15UAOA
This comment was originally posted on Twitter
Just read: What Every Business Owner Ought to Know About Website Security http://ow.ly/15UAOz
This comment was originally posted on Twitter
What every business owner ought to know about website security- interview of @ChrisDrake of @Firehost http://ad.vu/mb33
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security – http://ow.ly/u8xZ
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security …: Hackings have increased in recent years – b.. http://bit.ly/nlpAA
This comment was originally posted on Twitter
Small Biz Trends: What every business owner should know about Website security. http://bit.ly/C6GG5 #smallbiz
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security http://bit.ly/Kgf5p from @iNewsApp
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security | Small Business Trends http://bit.ly/Ku8MI
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security @smallbiztrends http://is.gd/4hvFW
This comment was originally posted on Twitter
What every business owner ought to know about website security- interview of @ChrisDrake of @Firehost http://ad.vu/mb33 RT @smallbiztrends
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security – http://shar.es/1ZAxK
This comment was originally posted on Twitter
News Update: What Every Business Owner Ought to Know About Website Security http://ow.ly/15UCVz
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security – http://shar.es/1ZyqG
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security … http://bit.ly/15Uyi
This comment was originally posted on Twitter
website design news> What Every Business Owner Ought to Know About Website Security … http://bit.ly/FCJJ4
This comment was originally posted on Twitter
Facebook Draws a Growing Crop of Farmers http://bit.ly/12HUXP http://bit.ly/18ZavV
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security …: Hackings have increased in recent years – b.. http://bit.ly/1UBtIU
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security http://bit.ly/19symT
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security … http://bit.ly/gRNTj
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security | Small Business Trends http://ow.ly/u7HC
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security | Small Business Trends http://ow.ly/u7Hu
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security – http://shar.es/1×5Zf
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security-Hackings up recent years-161% last year. http://ow.ly/uHQr
This comment was originally posted on Twitter
Hosting and Website Security http://bit.ly/Rd0Ig
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security By Anita Campbell http://bit.ly/Dumuj
This comment was originally posted on Twitter
What Every Business Owner Ought to Know About Website Security. http://bit.ly/12HUXP
This comment was originally posted on Twitter
FSecure: What Every Business Owner Ought to Know About Website Security http://bit.ly/1vGSbj
This comment was originally posted on Twitter
Great information Anita. Any readers out there have recommendations of companies they are currently using?
This comment was originally posted on Small Business Trends
Robert,
I have the same question. I got recommended by Kalle Blomqvist a.k.a CharlieBloom.com to use InMotion Hosting. He had checked different listings and reviews. He is using it for his NetZpider.net(work). I thought it was convenient to pick the same hosting company when I registered my EgoSoleTrader.com domain. This is my new site [under construction... ], so I can’t say so much about the service yet, for my part.
It would be great to find a review site of secure and reliable hosting services.
This comment was originally posted on Small Business Trends
Anita,
Your second point is one that I think a lot of people overlook. Why not find out how responsive the customer service team is before you actually need them? Great advice.
I’ve seen several discussions where it is recommended to not use the same hosting company where you registered your domain name. Do you have any thoughts on it?
Brad
This comment was originally posted on Small Business Trends
Great advice Anita. This is one of those sticky situations you can find yourself stuck in if you’re not careful. It’s hard for a beginner to know where to start with hosting. This helps a good bit. I was clueless when I first picked mine.
This comment was originally posted on Small Business Trends
Well what i use is dreamhost.com. I feel convenient with them
Thanks for this information
This comment was originally posted on Small Business Trends
Great article, it is very important to have reliable and secure provider, listen to advice of people based on their experiences with such companies.
http://www.craigspr.org
This comment was originally posted on Small Business Trends
Re “2. Pick up the phone and call the support line”
Now this you HAVE to do:
Dial the free line to Hostgator.com (1-866-96-42867) during peak business hours and get put on hold!
(http://www.chrisgreaves.com/ExpertGroup/Business%20Development/TheWorldsBestSupportLine.htm)
This comment was originally posted on Small Business Trends
Great post and so important for small business to consider in selecting a hosting company. Too often business owners go with the lowest cost provider, then find out the service or technology support is severely lacking.
Recently one of my blog sites got hacked. The admin login returned an error page which my hosting company (In Motion Hosting) said was due to an intrusion hack. Restoring the site from a recent backup didn’t work. They (hosting tech support) then went into the affected file, found the hacked code and corrected it for me! This was done in less than an hour.
Technical support of your hosting company to resolve issues can’t be underestimated in your decision of where to host. Do they have phone support with reasonable wait times? Do they have a ticketing system that works effectively? Do they value your business and will they go the extra mile to resolve issues?
The other thing I would say in choosing a hosting company is to make sure they expertly and technologically support the type of Web application (software) you will be building your site or blog or eCommerce site with. What is their specialty? Some hosting companies try to be all things to all people and are price driven – meaning they offer comparatively lower prices. You get what you pay for!
This comment was originally posted on Small Business Trends
Couldn’t agree more small companies do not always consider who to host with, but as you grow you want a flexible solution that is right for your company. Testimonials are a great way to see what a companies service is actually like.
This comment was originally posted on Small Business Trends