DID you know that more than 200 Jamaican websites have been hacked over the past 10 years? That’s not a lot, you say. Certainly nothing when compared to 10 terabytes of personal information stolen from Sony Pictures servers last November. Or the breach of the USA State Department’s website which resulted in the White House e-mail security system being compromised during the same week as President Barack Obama’s recent visit to Jamaica.

What’s common to all of these incidents is that adequate protection was not in place for all of these sites. Thankfully, all of these entities have now taken steps to prevent any further intrusion.

But what about your business? It could just as easily have been your online business that was compromised. Have you taken measures to secure your online business?

Here are some ways in which you can secure your online business.

Hosting service — you get what you pay for

Have you ever wondered why one hosting provider is several times more expensive than another? As the saying goes… “you get what you pay for”. The cheaper service is comparable to you parking your brand new Mercedes Benz C Class Coupe in the middle of a huge open lot, along with several thousand other cars, with the keys left in the door and only one security patrol.

As an entrepreneur, you wouldn’t take that kind of risk with your business — cheaper is not always better. Your online business is a global extension of your brand and an important communication (and transaction) channel to your customers and prospects, so it must be protected to preserve the integrity and legitimacy of your business. It is money well spent to acquire the services of a hosting provider that has the requisite security infrastructure and policies in place to prevent known and emerging cyber attacks on your business.

At a minimum, your hosting provider should offer some level of:

* Malware detection & filtering;

* Application Security Services;

* Backup and Recovery Services;

* Vulnerability assessment; and

* 24/7 monitoring.

Malware detection for immediate notification

Malware detection technology scans your website for thousands of threats. Each scan checks all pages of the website for known viruses and web malware threats to see if hackers have injected malicious code.

With this feature, there is an extra layer of security of knowing that you will be notified the minute something goes wrong.

Blacklisted — this is one list you don’t want to be on

Thousands of websites are blacklisted daily by Google, Microsoft, Yahoo and others, because hackers have injected malware on their websites. Apart from being hacked, the last thing you want happening to your website is for it to be blacklisted.

When your website is blacklisted, not only is the site blocked, but it suffers the public embarrassment of having a ‘Reported Attack Site’ message plastered across the page. The immeasurable cost being the reputational damage to your brand.

Application security services

While Intrusion Detection Systems (IDS) and general-purpose network firewalls are important services in securing the web hosting infrastructure, they are poorly suited to protecting the application (software) layer which supports and delivers your online business. This will include but is not limited to the web server, content management system and custom software written by your development team.

In order to detect application misuse and fraud, a service must understand the dialogue between the application and the end user. Web Application Firewalls (WAFs) were designed for this need, and they ‘understand’ application protocols so they can identify when your online business application is under attack.

In addition, the Payment Card Industry’s Data Security Standard (PCI-DSS) prescribes WAF as an appropriate protection for applications that process credit card data. In relation to secure code development, WAF has simply been the fastest and most cost-effective way to satisfy the PCI-DSS standard.

So ask your current hosting provider today about its layers of security and how it is currently protecting your online business.

Backup and recovery services

Backups are a necessary part of any security and continuity plan. There are two main situations in which backups could play a key role: firstly in the case of equipment failure at the hosting provider, and secondly in the case of a malicious or accidental compromise of your online business.

Knowing whether your data is backed up, how your data is backed up and how long it will take to restore allows you to understand the impact of an incident.

As your online business can be compromised in several ways, it is important that backups should cover restoring your online business to a non-compromised state which may include database recovery as well as restoring the files in your web folders.

Vulnerability assessment

Prevention is always better than a cure. Vulnerability assessment will inform you of the level of vulnerability of your website. For example, it will identify old software components that need to be updated or patched. A hosting provider who offers an annual security scan or none at all isn’t living in a world where thousands of sites are compromised every day.

Proactive 24/7 monitoring is the only way

The truth is, the only way to maintain security is to be proactive.

Technology is released today, and in six months it may be old and vulnerable. Plus, with today’s level of cybercrime activity, it is simply not possible for you to effectively handle your web security on your own. Companies in the know opt to minimise business risk and outsource this vital and non-core service.

Undel Williams is CIO of Info Exchange Ltd