October 21, 2014

What Every Business Owner Ought to Know About Website Security

Hackings have increased in recent years – by one count, 161% last year.

In that kind of environment, website hosting can be a sore topic for small business people.  If a website gets hacked, your hosting company typically says ‘we’ll help you fix it.’  But if it happens again, the hosting company may think your account has become too much work for too little money. You could be asked to pack up your website and find another hosting company. So on top of the inconvenience and shock of getting hacked, you’re suddenly “out on the street.”

As a business owner you may not even have thought much about security, assuming your hosting company takes care of it.  Ah, but you’re probably wrong.

You must pay extra for proactive security monitoring and protection.  At most hosting companies that’s  expensive.

But it doesn’t have to be that way, says Chris Drake, the CEO of Firehost.  Firehost is a Plano, Texas hosting company whose difference is that they provide security monitoring and protection to ALL their managed accounts – standard.  Not just to the big corporate accounts that pay many thousands of dollars a month, but also to their small business accounts.

October is National Cyber Security Awareness Month here in the United States.  In honor of that, I would thought it would be fitting to profile a company this month that is proactively looking out for its customers’ website security.  So I had a long interview with Chris Drake on why his company is different – and what that means for small businesses.

The key takeaway from my interview is that Firehost actively blocks hackers to prevent intrusions on the websites that Firehost hosts.

Drake explained that there are two ports that a website gets visited on:  port 80 and 443.   Firewalls have to leave those ports open for a website to be viewable.  Firehost provides a web application firewall that monitors all traffic over port 80 and 443.  Firehost actually blocks traffic that meets certain activity signatures.  This cartoon illustrates it: website hosting security

“In our opinion, proactive security should be part of the managed hosting mix,” he says.

The company does continual research to stay ahead of hackers.  One of the ways they do that is by luring in hackers, so that FireHost can watch and learn how to prevent attacks. Per Drake, “We put out a honey pot — a computer that is outside our network — and we let hackers go after it.  We see what they are doing.  That way we sharpen our knives.  That honey pot allows us to catch bees. We’re on the bleeding edge on knowing what the attack scenarios are.”

Drake says secure hosting was a stumbled-upon business for them, “arising out of our roots as a Web application development company. Sixty percent (60%) of attacks are at the application level [i.e., they break in through your software].  Our first website we hosted was Qualcomm – we’ve been providing enterprise hosting as a development firm for a while. That’s how we learned about hosting security.  Then we looked at how we could take security and provide it to small businesses.”

I asked how Firehost could afford to provide this security for small businesses, and what their business model was.  According to Drake, providing secure hosting reduces customer turnover.  “We’ve been pleasantly surprised to learn that security is very sticky.”

Still, as he says, “Security engineers and equipment do not come cheap. But the model of most high-end secure hosts is that the equipment is yours.  We share the equipment and security level among customers,” gaining economies of scale.  “We also save time and costs on support by not having to deal with customers who have been hacked.”

Firehost is so confident of their ability to keep out hackers, that they actually welcome high profile websites that are targets for hackers.  One such website is that of Kevin Mitnick – once the most wanted computer hacker in the U.S.

Mitnick — now a public speaker, author and security consultant who tests the security of business information to find vulnerabilities —  originally hosted his website with a friend’s company.  But after multiple hackings, his friend could not afford to keep dealing with the aftermath.  It was costing his company too much money.  So Mitnick was asked to leave. That’s when he went to Firehost.

Mitnick’s site is a target for hackers – but it’s a misplaced target, he says. “I don’t host my own servers. I want an air gap between public servers and my internal network.  That is why I decided to use a third party Web server. I don’t have anything confidential on the Web server.  A lot of people want to prove they can hack my site, but they are not breaking into my computer   it is really a hosting company’s computer.”

Hosting with a third party, he goes on, “is a cheaper alternative for my business than managing it in-house. Still, I want to ensure that the hosting company managing my Web server is secure — for myself, and because that is the business I am now in.”

8 Comments ▼

Anita Campbell - CEO


Anita Campbell Anita Campbell is the Founder and Publisher of Small Business Trends and has been following trends in small businesses since 2003. She is the owner of BizSugar, a social media site for small businesses, and also serves as CEO of TweakYourBiz.com.

8 Reactions

  1. That’s a very interesting article. Especially the part about Mitnik. I think this company has the right idea and it makes you wonder why hosting companies aren’t more aware of the needs for security combined with hosting. I have to admit, I was surprised to learn that the two don’t come hand-in-hand. I learned something, so thanks for writing such an informative piece.

  2. I’ve also learned a great deal from this article. I wasn’t aware that most hosting services don’t provide adequate security. I was pleased to see that Firehost offers WordPress hosting. Something to consider.

  3. Interesting post on how a former hacker becomes a security expert. Is Firehost’s firewall web application for port 80 and 443 unique? It is a jungle out there with a huge amount of different hosting services. I think it is hard to get a good overview and compare and contrast the different hosting companies.

  4. Actually, Martin, that’s not unusual about former hackers turning into security experts. After all, who better to know what to look for, right?

    — Anita

  5. Unfortunately the problem is only going to continue to worsen as more and more valuable data is being gathered/stored online. Thanks for your sage advice Anita.

  6. Great information.
    It’s something that should be better understood by all small business owners because often we take things for granted and then find ourselves in trouble.

  7. this nice topic for what people talking today, it is good news for us , thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



Compare your business to the industry - Try our new tool