Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe
Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe
Not too long ago, the New York Times’ website experienced a well-publicized attack, which raises the question – how can this happen to such a world-renowned corporation? If this can happen to the New York Times, what does this bode for the security of a small company’s website? What’s to stop someone from sending visitors of your site to an adult site or something equally offensive?
The short answer to that question is nothing. In the New York Times’ attack, the attackers changed the newspapers’ Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let’s get into the specifics of the attack and explain what DNS is.
The perpetrators of the New York Times’ attack targeted the site’s Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.
Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Times’ site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted. Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.
For now… There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road.
Here are a few ways to stay safe
Select a Registrar with a Solid Reputation for Security
Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site’s files. Nonetheless, recent DNS attacks are concerning because they’re far more than the average password hack.
It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar’s directory. What’s particularly frightening is the registrars attacked had solid reputations. The New York Times, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.
So what else can be done?
Set Up a Registry Lock & Inquire About Other Optional Security
A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.
Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.
While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.
You’ve been there…we all have. You are surfing the web when you come upon an amazing site that you just have to be part of. You decide to sign up! The site asks you to create a username and password. Hmmm, how often will you visit this site? You know you won’t remember some arbitrary password so you quickly type in your usual information, keeping it easy to remember for the next time you visit the site. The average person uses greater than twenty log ins on different websites and tend to use and reuse weak passwords website to website. Who can remember all the passwords for all of your accounts anyway? Right? But what you just did, by reusing a weak password, is make it easier for a hacker to access your information and the ability for them to enter a website as you. In 2016, Yahoo was a victim of a cyber attack which allowed hackers to access valuable information from one billion accounts. So now, if your Yahoo account was hacked, and you reuse the same weak passwords, your …
Business Disaster: What Threatens Small Businesses the Most? There are many threats to the integrity of a small business, and not all of them are as dramatic as a cyberattack or a hurricane. Every small business needs to do a risk assessment to determine all the threats that exist that could bring harm. External threats are the ones that get the the most attention. These can be big snowstorms or hurricanes that bring down power lines and network connections. They can also be man-made. A power outage due to a grid failure, or an act of terror. Also in this category are phishing scams, cyber attacks and data theft from external sources.All of these are the ones that make the evening network news, and every business needs to plan how to handle them. However, there are some internal threats that can be just as serious, but are far less attention getting.For example, human error. Stolen data can occur because someone forgot about changing their passcode, or they left a smartphone containing…
Why Small Businesses Shouldn't Avoid Making Disaster Recovery Plans. Entrepreneurs and small businesses, especially ones that are fairly new, often don't think about making plans to recover in case of a disaster. However, it is the smallest business that most likely has the fewest resources to fall back on in case of disaster. Why does this happen? It isn't on an entrepreneur's radar - The challenge and hurdles of starting out are what drive small business owners. The excitement that comes with getting a new client or releasing a new product are what motivates them. To be honest, things like disaster recovery plans are a little dull and aren't part of the exciting day-to-day hustle of running a company. As a result, these issues get put on the back burner.Planning tools can seem too complex - Ideas like "risk assessment" and "business impact analysis" can be intimidating. Many SMBs may just feel the whole area is overwhelming and leave it to anothe…