Imagine waking up tomorrow and having your water cut off. It would be annoying to deal with, but not devastating. Life goes on. But what if you didn’t have electricity? Definitely inconvenient. You can’t turn on a lamp or watch TV, but at least your iPhone works. You could still access the information superhighway, so all is well.
Now envision how you would feel if you woke up one morning and your website wasn’t working at all. It doesn’t load or the homepage has been replaced with an offensive message — or even a warning from Google that this site is no longer secure. That’s right, you’ve been hacked and your website has been kicked off Google.
Think this can’t happen to you? It’s actually not uncommon. It happens to small businesses every day when their website gets attacked one too many times for Google’s liking. Mberry, a small business based in Tempe, Arizona, is one of those businesses. This innovative company that sells the very cool, very fun “mberry” tablets that make everything you eat taste oh so sweet for 30 minutes. Mberry had a rather sour experience when their site was banned from Google.
Mberry’s saga started about a year ago when their site was hacked – not once, not twice, but three times in two months. They rely on their site as a main portal for their revenues. Having their site down multiple times going through the process of getting it cleaned up and back online was costly, annoying and damaging to their brand. But it wasn’t until they got the boot from big daddy Google, that things really got much worse.
“For a startup like ours, getting hacked and then kicked off of Google almost put us out of business,” said Charles Lee, founder and CEO of mberry. “The time and effort we had to spend working through the process to get back in Google’s good graces was arduous. Not to mention, we lost thousands of dollars by being offline for so long. There is no telling how much we lost in terms of brand reputation and vendor relationships. Small businesses simply cannot afford to get hacked.”
Can this happen to any website? Yes. But here’s the reassuring news — everything you need to help protect your online business from hackers is in your power.
Google to the rescue
When you’re the entrepreneur living through this nightmare, Google definitely seems like the bad guy. Google does do a good job of upholding their responsibility to keep your website and it’s visitors safe. After all, you, your development team, and your hosting provider are responsible for protecting your website, not Google.
Google can be your friend in this situation. Their Webmaster Tools provide some useful services and articles aimed at helping prevent a problem with hackers from ever getting as far as it did with mberry. Google provides a quick checklist on their website that spells out the high-priority (and completely achievable) protective measures in a simple way. For example,
- Scrutinize third-party content plug-ins and use them only when required. Go with well-respected providers.
- Use Google site search to see which of your website pages Google has indexed. Type “site:__<yourwebsiteaddress.com>__” into the Google search bar, and if unfamiliar content shows up, you have problems.
- Sign up for a Google Webmaster account and get access to:
- Notifications about potential vulnerabilities
- Notifications about new software versions
- Notifications when signs of suspect, hacker content like spammy links or comment spam infiltrate your code
- Google also recommends you rely on your hosting company for support and advice. Ahem.
The White Knight – website hosting
A capable, security focused hosting provider can be a big part of prevention and identification when problems arise. Here are some of Google’s quick checklist recommendations that should be addressed by your hosting provider.
- Lock down your server’s configuration settings for directory permissions, server side includes, authentication, and encryption
- Stay up to date with the latest software patches for all the operating system and applications on your web server.
- Monitor logs and store them per a conservative retention schedule
- Regularly check and monitor your website with anti-virus and vulnerability scanning
- Use secure protocols for data transfer (SSH and SFTP only) and a high level of encryption when data is at rest
Don’t overlook importance of extra security measures like redundant firewall protection and web application firewalls. These protective layers could have kept Mberry from the one-two punch they got from hackers.
Since Mberry put the right protective measures in place, they have not been hacked once. Their customers’ data is totally safe, and life is once again sweet on Google.
This entry was posted on Tuesday, April 6th, 2010 at 8:00 am and is filed under Cloud Hosting, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
