Welcome back! Last week’s article, There are no wallflowers at the security dance! Get to know your dance partners covered getting to know your security dance partners:
If you are the business steward or a part of the management team, you already know the burden of responsibility for having a secure web site where your reputation, customers, sales, and business can be won or lost due to a defacement or other forms of security breaches.
While it is easy to say, “my web person handles that for me” or “I outsource it to so and so,” that does not mitigate the risk or otherwise make your life any easier if what you believe was going on, was not taking place.
Below is a check list you can use to help you take charge, and be the boss in the area of site security:
Dance Partner | Area of Responsibility | Doing their job? |
---|---|---|
Data Center | Has and maintains SSAE 16 certification? | |
Has an abuse department with strict policies on resolving abuse complaints promptly? | ||
Hosting Provider | Is their own site PCI Complaint? | |
Is willing to walk you through the PCI Compliance process? | ||
Has an abuse department with strict policies on resolving abuse complaints promptly? | ||
Secures their servers, and maintains the security? | ||
Has and maintains an intrusion detection system? | ||
Does Review server logs daily and security reports throughout the day frequently? | ||
Performs daily, off site, backup? | ||
Can clearly describe how they would deal with a customer whose site has been hacked from start to finish? | ||
Payment gateway provider | Has and maintains PCI Compliance? | |
Has not had a data breach involving customer data in the past two years? | ||
Web designer / developer | Does review site error logs and statistics weekly passing on any abnormal activity to the hosting provider for investigation? | |
Performs regular backups of the site and database(s) used by the site? | ||
Only installs applications which are being maintained from vendors who take security seriously? | ||
Does regularly review the site and database for removal of unnecessary applications and items? | ||
Makes sure all applications, plugins, and themes are up to date? |
Verify that each dance partner is on the same page with you; and that they are doing their job.
You are the boss, and there will be times the partners need to be educated to pickup the pace, do their job, or be replaced.
In case you are wondering where we find in, here’s how the check list above looks for Dynamic Net, Inc.:
Dance Partner | Area of Responsibility | Doing their job? |
---|---|---|
SoftLayer | Has and maintains SSAE 16 certification? | Yes |
Has an abuse department with strict policies on resolving abuse complaints promptly? | Yes | |
Dynamic Net | Is their own site PCI Complaint? | Yes |
Is willing to walk you through the PCI Compliance process? | Yes | |
Has an abuse department with strict policies on resolving abuse complaints promptly? | Yes | |
Secures their servers, and maintains the security? | Yes | |
Has and maintains an intrusion detection system? | Yes | |
Does Review server logs daily and security reports throughout the day frequently? | Yes | |
Performs daily, off site, backup? | Yes | |
Can clearly describe how they would deal with a customer whose site has been hacked from start to finish? | Contact us to find out |
The overwhelming majority of our customers are small businesses who want peace of mind in knowing their hosting provider and the data centers used by their hosting provider are doing their job.
If you are not 100% happy that your hosting provider and their data center is doing their job in keeping your web site secure and safe, then contact us. We will be happy to talk with you or have an email conversation with you.