The Security Dance – Part 2

line dancing

Welcome back!  Last week’s article, There are no wallflowers at the security dance! Get to know your dance partners covered getting to know your security dance partners:

If you are the business steward or a part of the management team, you already know the burden of responsibility for having a secure web site where your reputation, customers, sales, and business can be won or lost due to a defacement or other forms of security breaches.

While it is easy to say, “my web person handles that for me” or “I outsource it to so and so,” that does not mitigate the risk or otherwise make your life any easier if what you believe was going on, was not taking place.

Below is a check list you can use to help you take charge, and be the boss in the area of site security:

 

Dance Partner 
Area of Responsibility
Doing their job?
Data CenterHas and maintains SSAE 16 certification? 
 Has an abuse department with strict policies on resolving abuse complaints promptly? 
Hosting ProviderIs their own site PCI Complaint? 
 Is willing to walk you through the PCI Compliance process? 
 Has an abuse department with strict policies on resolving abuse complaints promptly? 
 Secures their servers, and maintains the security? 
 Has and maintains an intrusion detection system? 
 Does Review server logs daily and security reports throughout the day frequently? 
 Performs daily, off site, backup? 
 Can clearly describe how they would deal with a customer whose site has been hacked from start to finish? 
Payment gateway providerHas and maintains PCI Compliance? 
 Has not had a data breach involving customer data in the past two years? 
Web designer / developerDoes review site error logs and statistics weekly passing on any abnormal activity to the hosting provider for investigation? 
 Performs regular backups of the site and database(s) used by the site? 
 Only installs applications which are being maintained from vendors who take security seriously? 
 Does regularly review the site and database for removal of unnecessary applications and items? 
 Makes sure all applications, plugins, and themes are up to date? 

Verify that each dance partner is on the same page with you; and that they are doing their job.

You are the boss, and there will be times the partners need to be educated to pickup the pace, do their job, or be replaced.

In case you are wondering where we find in, here’s how the check list above looks for Dynamic Net, Inc.:

 

Dance PartnerArea of ResponsibilityDoing their job?
SoftLayerHas and maintains SSAE 16 certification?Yes
 Has an abuse department with strict policies on resolving abuse complaints promptly?Yes
Dynamic NetIs their own site PCI Complaint?Yes
 Is willing to walk you through the PCI Compliance process?Yes
 Has an abuse department with strict policies on resolving abuse complaints promptly?Yes
 Secures their servers, and maintains the security?Yes
 Has and maintains an intrusion detection system?Yes
 Does Review server logs daily and security reports throughout the day frequently?Yes
 Performs daily, off site, backup?Yes
 Can clearly describe how they would deal with a customer whose site has been hacked from start to finish?Contact us to find out

The overwhelming majority of our customers are small businesses who want peace of mind in knowing their hosting provider and the data centers used by their hosting provider are doing their job.

If you are not 100% happy that your hosting provider and their data center is doing their job in keeping your web site secure and safe, then contact us.  We will be happy to talk with you or have an email conversation with you.

About the author: Peter Abraham