Months in the making, our new corporate office embodies FireHost’s stance on security and takes our commitment to secure, contiguous support a step further. The following precautions contribute to the facility’s mission critical infrastructure and hospital-grade redundancy, designed to help us serve our customers to the very fullest under a variety of circumstances.

• Fully operational internal data center
• Backup generators
• Multiple Internet providers
• Secure keycard access with role based control
• Video surveillance

The new headquarters provides a solid foundation for us to provide unwavering, managed support 24x7x365. “This space is locked down tight and impervious to power outages. It’s comfortable, functional, and it will help us serve our customers more reliably,” explains Chris Drake, FireHost CEO.

Demand for a larger, more industrial corporate office is driven by our recent growth. The new facility has capacity to accommodate our current team and the new, FireHost employees we anticipate hiring over the next several years.

Here’s a few pictures of the new FireHost HQ.

Now envision how you would feel if you woke up one morning and your website wasn’t working at all.  It doesn’t load or the homepage has been replaced with an offensive message — or even a warning from Google that this site is no longer secure. That’s right, you’ve been hacked and your website has been kicked off Google.

Think this can’t happen to you? It’s actually not uncommon.  It happens to small businesses every day when their website gets attacked one too many times for Google’s liking. Mberry, a small business based in Tempe, Arizona, is one of those businesses. This innovative company that sells the very cool, very fun “mberry” tablets that make everything you eat taste oh so sweet for 30 minutes.  Mberry had a rather sour experience when their site was banned from Google.

Mberry’s saga started about a year ago when their site was hacked – not once, not twice, but three times in two months. They rely on their site as a main portal for their revenues.  Having their site down multiple times going through the process of getting it cleaned up and back online was costly, annoying and damaging to their brand. But it wasn’t until they got the boot from big daddy Google, that things really got much worse.

“For a startup like ours, getting hacked and then kicked off of Google almost put us out of business,” said Charles Lee, founder and CEO of mberry. “The time and effort we had to spend working through the process to get back in Google’s good graces was arduous. Not to mention, we lost thousands of dollars by being offline for so long. There is no telling how much we lost in terms of brand reputation and vendor relationships. Small businesses simply cannot afford to get hacked.”

Can this happen to any website?  Yes. But here’s the reassuring news — everything you need to help protect your online business from hackers is in your power.

Google to the rescue

When you’re the entrepreneur living through this nightmare, Google definitely seems like the bad guy. Google does do a good job of upholding their responsibility to keep your website and it’s visitors safe. After all, you, your development team, and your hosting provider are responsible for protecting your website, not Google.

Google can be your friend in this situation. Their Webmaster Tools provide some useful services and articles aimed at helping prevent a problem with hackers from ever getting as far as it did with mberry. Google provides a quick checklist on their website that spells out the high-priority (and completely achievable) protective measures in a simple way. For example,

• Scrutinize third-party content plug-ins and use them only when required. Go with well-respected providers.
• Use Google site search to see which of your website pages Google has indexed. Type “site:__<yourwebsiteaddress.com>__” into the Google search bar, and if unfamiliar content shows up, you have problems.
• Sign up for a Google Webmaster account and get access to:
  • Notifications about potential vulnerabilities
  • Notifications about new software versions
  • Notifications when signs of suspect, hacker content like spammy links or comment spam infiltrate your code
  • Google also recommends you rely on your hosting company for support and advice. Ahem.

The White Knight – website hosting

A capable, security focused hosting provider can be a big part of prevention and identification when problems arise. Here are some of Google’s quick checklist recommendations that should be addressed by your hosting provider.

• Lock down your server’s configuration settings for directory permissions, server side includes, authentication, and encryption
• Stay up to date with the latest software patches for all the operating system and applications on your web server.
• Monitor logs and store them per a conservative retention schedule
• Regularly check and monitor your website with anti-virus and vulnerability scanning
• Use secure protocols for data transfer (SSH and SFTP only) and a high level of encryption when data is at rest

Don’t overlook importance of extra security measures like redundant firewall protection and web application firewalls. These protective layers could have kept Mberry from the one-two punch they got from hackers.

Since Mberry put the right protective measures in place, they have not been hacked once. Their customers’ data is totally safe, and life is once again sweet on Google.

In reality, the latest sum TJX has to pay is small potatoes compared to the capital outlay the retailer has made since 2007 to mitigate the security breach that exposed 45 million credit and debit card numbers. When the leak was discovered, TJX set aside $107MM to deal with the fallout and the expenditures to date are in that range. In two of the largest settlements, they’ve paid $24MM to MasterCard and $41MM to Visa banks. In addition, TJX has been ordered to undergo costly external audits every other year for 20 years by the FTC.

Is it 100% possible for companies to avoid costly and negative public facing situations such as this?

Maybe not, but there is quite a lot you can learn from past system compromises to help prevent making the same mistakes. In fact, PCWorld Canada has compiled a “top ten” list of vulnerabilities companies maintaining a serious presence online should know about.

1. Operating System Flaws
2. SQL Injections
3. Drive-by Downloads
4. Compromised Password(s)
5. Social Engineering
6. Malicious Email
7. Physical Access
8. Compromised Network
9. Wireless Hacking
10. Weak Access Points

These vulnerabilities require more than software patches and basic anti-virus software to keep your network and data safe from hackers, and most companies don’t have all the resources available necessary to provide complete protection.

“Instead of relying on costly, in-house expertise, many firms are looking outward to goal-focused security consultants to help identify openings hackers could easily exploit,” said Chris Drake, FireHost CEO. “We recommend that every client undergo a security audit just to ensure everything within your power is being done to help prevent confidential internal and consumer data from leaking into the wrong hands.”

Each of the twenty hacker activity hubs named in the report was evaluated based on the following criteria:

• Quantity of malicious code
• Presence of spam zombies
• Number of websites that host phishing operations
• Quantity of bot-infected computers
• Attack origin

Symantec compiled and classified the data used to categorize the top cybercrime origins. Their research revealed that countries with a dense concentration of high-speed internet connections are most susceptible because of the constant system connectivity. This was a key factor contributing to the United States’ high rank as a cyber criminal target.

The prevalence of malware and malicious code on our domestic soil should prompt every individual and business that maintains a website (especially a commercial website) to become familiar with basic online security.

You can expand your cyber security knowledge base by visiting  FireHost’s Security Center. We have an extensive list of website security resources, a thorough glossary of common terminology, and up-to-the minute industry news.

Now that FireHost has physical operations in two, strategically located data centers, we’re able to protect your website with an even more secure hosting environment than before.

• R1Soft Barebones Backup service subscribers’ files are encrypted and transported over 1,000 miles away to our secondary DC in Scottsdale every day.
• Every secure web hosting client has peace of mind that website and database files have redundancy built in as a standard feature of the secure web hosting package.
• FireHost offers secure hosted exchange customers unprecedented email redundancy and security because the contents of your inbox are completely synced in both data center locations. We maintain copies of your communications in two, safe locations more than a thousand miles apart.

Website disaster prevention and protection starts with investing in a professional, secure web hosting and online backup plan. FireHost fits that description working every day to ensure that if an asteroid hits Dallas or aliens invade Scottsdale, your website data will be just fine.