Archive for the ‘Security’ Category

« Older Entries
Newer Entries »

Privacy Reform Starts with You, or Rather Your Pocketbook

by FireHost Evangelist on June 29th, 2010

Blippy, Facebook, and Lifelock, oh my! Each of these companies have come under scrutiny lately for mishandling, misusing, divulging, or otherwise playing a smoke and mirrors game with confidential information. This vignette is dedicated to conveying a different perspective on each situation, one that will hopefully convince you:

  • that security controls will only be as tight as consumers demand, and
  • that things can be different (better) with your help.

We just want to get this “disclaimer” out of the way, here and now in the first paragraph before you have a chance to form an opinion about our suggestions. We’re not condoning the actions or otherwise diminishing the liability of these companies (or any company for that matter) who has caused consumers or businesses time, harm, and any other loss because of a breach and subsequent leak of personally identifiable information (PII). The spirit of this article is to create awareness of the risks and to help everyone reading (consumers and business owners) understand that taking steps toward prevention is a collaborative effort in which consumers and companies alike must embark to see results. And so with that…

Blippy’s Security Blip

Synopsis: Credit card numbers for a limited number of beta users leaked into Google search results.

Blippy’s responsibility: Breaking this down to the most simple terms, Blippy’s dev team should have secluded all test data into a non-production environment. Furthermore, per PCI guidelines for SDLC dictate that all sample data must be purged from all accounts prior to launching the production environment. If you’ve visited the Blippy website or signed up for an account however, you’ll notice that there is no mention of PCI compliance or a PCI compliance badge… anywhere.

That’s because (arguably) Blippy isn’t governed by the payment card industry data security standard since they don’t directly collect or store credit card data. When the data leaked, all fingers pointed at Blippy (and rightfully so, I mean anyone who can read saw the cc numbers available in the statements associated with each user’s account.) The bigger problem however seems to be the fact that the issuing bank or credit card company allowed full, unencrypted, unmasked credit card numbers to be printed and/or stored on public statements.

Personal responsibility: Consider this. Participants in a clinical drug trial assume a large amount of risk by ingesting the pharmaceuticals under investigation. Wouldn’t a similar principle of risk apply when technology users participate in a beta, alpha, or electronic test of any kind?

Perhaps language in the warnings about unregulated pharmaceuticals is more ominous (or the risks more personal) prompting consumers take caution. Should commercial business ventures be more blatant about their warranties and have stronger indemnification policies so early adopters will think twice before signing on?

Consumers must realize that they are “swimming at their own risk” when participating in pre-releases of new, untested technologies. Blippy adopters who confidently linked bank accounts, retail payment card accounts, and credit card accounts to the service can’t be completely shocked when something goes awry with the system. Can they?

Bottom line: It is every business’ responsibility to take all measures possible to prevent problems like this from arising. It’s the consumer’s responsibility to perform due diligence and maintain our confidential information in higher regard and think twice before divulging information that could cause them harm.

(more…)

Tags: , , ,
Posted in: Security | No Comments »

Are YOU Your Biggest Security Threat? 5 Ways to Close Holes that Hackers Can Easily Breach.

by FireHost Evangelist on June 22nd, 2010

If I wanted to hack your eCommerce business, I’d have your help. It’s a fact that no one runs a business from one location (or one computer) anymore. In today’s world work gets done everywhere – in offices, at home, in a hotel, at the airport, while sipping mocha and siphoning Internet connectivity from a coffee shop.

Security risks increase when your business moves outside of the safety net of your main workplace. Mobile executives carry sensitive data around with them, and often times open it up to vulnerabilities just for the sake of convenience.

It all seems perfectly innocent. Connecting to wireless Internet in your hotel room, or syncing up to free wi-fi in a restaurant just to get a little work done. Convenient? Yes. Necessary? Sometimes. Is working remotely a down trending habit? Absolutely not. And so, we must learn (and educate our workforce) about how to work remotely more safely.

Protecting your mobile workforce is essential to protecting your business. And it can be accomplished (or at least done more successfully) by following a few simple tips to help keep your business safe from hackers, no matter where you go:

Stay Off the Free, Open Wireless

More and more public places are providing free, or shared wireless Internet. These open networks are dangerous. They’re risky for personal communications, but they are absolutely not suitable for conducting business without protection.

When jumping on public shared wireless connections, it’s essential to do so using a secure VPN connection with the latest encryption methods. This will funnel all your online activities (email, surfing, chat, etc) through this secure connection so prying eyes can’t see what you’re doing. Several companies offer this service but we’ve heard good things about Anonymizer.

As an alternative, Verizon, Sprint, AT&T, and others have mobile broadband services available for a reasonable monthly subscription. Spring for the mobile Internet access card. It’s a small expense for what you get in exchange – the ability to conduct business more securely outside the office.

Bonus Tip – turn off your wireless connection at all times when not in use so you are 100 percent sure about when you are connected to the Internet. If you’ve previously connected to default network names (like Linksys) then anytime that network name reappears at another location, you will be automatically connected to the network opening you up for risks.

(more…)

Tags: , , , ,
Posted in: Security | No Comments »

Empower Your Employees and Protect Your Online Business in Five Easy Steps

by FireHost Evangelist on May 25th, 2010

True story – visiting a client one time, our CEO Chris Drake came across a sales guy who had his computer access credentials taped to the palm rest of his laptop. It turns out the company’s entire customer information database was synced to the sales person’s laptop. If he lost it (or if it was stolen) you can only imagine the consequences.

This vision has haunted us ever since. The responsibility of keeping your company’s data safe is one that’s shared by the whole team, and should make them feel empowered. Hacker prevention for companies that store data and/or transact business online isn’t as simple as hiring a secure web host, it’s a 24/7 job that requires good physical and virtual housekeeping from everyone. Luckily, it’s not as tedious, time consuming, or boring as cleaning your actual home, and it doesn’t require you to pat down your employees each time they walk out the door.

Here are five best practices that every one on your team should put into action to keep the company safe from cyber criminals.

#1 Mobile Security
Whether you’re a swanky, MacBook Pro toting executive or a lowly intern who has company email syncing to your phone, you’re responsible for data security when working remotely. Password protecting your mobile devices, and your software, is a ridiculously easy and yet commonly overlooked step that can prevent a world of loss. Password protect everything that your employees work on and access remotely. And we mean everything – mobile phones and laptops, email accounts, VPN connections, and SaaS programs used for business. In addition, don’t store or “remember” passwords for critical services. Require that every employee manually type his or her credentials every time. It’s really not as daunting as it sounds. It takes just a moment to enter a password.

(more…)

Tags: , , ,
Posted in: Compliance, Security | No Comments »

FireHost Selected as THE Best Security Solution for 2010 by SIIA’s CODiE Judges

by FireHost Evangelist on May 12th, 2010

You may recall, back in March we were nominated as one of the Best Security Solutions for 2010 by the Software and Information Industry Association (SIIA). The news came down today at a special CODiE Awards luncheon in San Francisco that we won – FireHost is officially THE Best Security Solution for 2010!

The entire FireHost team is excited and honored by this recognition. We want to thank the other finalists for providing stiff competition, and we want to appreciate the CODiE Judges for picking us out of the crowd.

We will wear our CODiE badge proudly as we uphold our mission of making a secure web hosting environment available to companies of all sizes.

A list of all 34 CODiE Award Winners from various categories is now listed on the SIIA website.

Tags: , , , , ,
Posted in: FireHost News, Security | No Comments »

Hackers Steal Time & Revenue from SMBs Everyday – Keep it From Happening to Yours

by FireHost Evangelist on April 6th, 2010

Imagine waking up tomorrow and having your water cut off. It would be annoying to deal with, but not devastating. Life goes on. But what if you didn’t have electricity? Definitely inconvenient. You can’t turn on a lamp or watch TV, but at least your iPhone works. You could still access the information superhighway, so all is well.

Now envision how you would feel if you woke up one morning and your website wasn’t working at all.  It doesn’t load or the homepage has been replaced with an offensive message — or even a warning from Google that this site is no longer secure. That’s right, you’ve been hacked and your website has been kicked off Google.

Think this can’t happen to you? It’s actually not uncommon.  It happens to small businesses every day when their website gets attacked one too many times for Google’s liking. Mberry, a small business based in Tempe, Arizona, is one of those businesses. This innovative company that sells the very cool, very fun “mberry” tablets that make everything you eat taste oh so sweet for 30 minutes.  Mberry had a rather sour experience when their site was banned from Google.

Mberry’s saga started about a year ago when their site was hacked – not once, not twice, but three times in two months. They rely on their site as a main portal for their revenues.  Having their site down multiple times going through the process of getting it cleaned up and back online was costly, annoying and damaging to their brand. But it wasn’t until they got the boot from big daddy Google, that things really got much worse.

(more…)

Tags: , , , ,
Posted in: Cloud Hosting, Security | No Comments »

« Older Entries
Newer Entries »