Skip to main content

Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe


Just Because You're Not a Big Target, Doesn't Mean You're Safe

Not too long ago, the New York Times' website experienced a well-publicized attack, which raises the question – how can this happen to such a world-renowned corporation? If this can happen to the New York Times, what does this bode for the security of a small company's website? What's to stop someone from sending visitors of your site to an adult site or something equally offensive?

The short answer to that question is nothing. In the New York Times’ attack, the attackers changed the newspaper's Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let's get into the specifics of the attack and explain what DNS is.

The perpetrators of the New York Times’ attack targeted the site's Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.

Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Times’ site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted. Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.

For now...

There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road.

Here are a few ways to stay safe

Select a Registrar with a Solid Reputation for Security

Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site's files. Nonetheless, recent DNS attacks are concerning because they're far more than the average password hack.

It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar's directory. What's particularly frightening is the registrars attacked had solid reputations. The New York Times, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.

So what else can be done?

Set Up a Registry Lock & Inquire About Other Optional Security
A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.

Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.

While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.

Contact us at Beyond IT Support

Comments

Popular posts from this blog

Social media at work what could go wrong?

Social media at work...what could go wrong? As a business, there is no doubt today that you need to make your presence felt on major social media platforms such as Facebook, Twitter, Instagram and LinkedIn. But social media also exposes you to cybercriminals. In this post we talk about the steps you can take to ensure your social media account doesn’t become a gateway for cybercriminals to access your data. Make someone accountable The first step to a successful and safe social media experience as a company is to make someone in your organization accountable for it. Designate a social media manager who is responsible for maintaining your company’s social media accounts. This person should oversee everything--from the posts and pictures in your company account to approving/disapproving ‘Friend’/’Follow’ requests. Train your employees Of course you should train your employees who handle your official social media accounts about the security threats and how they need to steer clear of the

Understanding Managed Services and How They Benefit SMBs

Understanding Managed Services and How They Benefit SMBs Small to medium sized businesses (SMBs) receive a lot of calls each day from slick sales people peddling the next technology trend that's going to save them money and revolutionize how they do business. They're all too quick to caution that if you don't listen to them, you'll fall behind the times, and eventually be swimming in a sea of debt and out of business. No doubt you've heard, or you've at least read about, the benefits of managed services. Managed services refer to clearly defined outsourced IT services delivered to you at predictable costs. You know the exact IT services you'll be getting and what you'll pay for them. There is no surprise sky-high bill for services rendered. So are solicitation calls that pertain to managed services worth listening to? We think so. Then again, we're in the managed services industry. There may be a bit of a bias here. How Managed Service Providers Work

Do your homework: 3 things to do when looking for an MSP

Do your homework: 3 things to do when looking for an MSP Thinking of hiring a Managed Service Provider, but not sure how to go about it? Here are a few things to do before you zero in on one. Figure out what you have already The first step in a good plan is to figure out where you stand currently. Before you talk to an MSP, conduct an audit of your IT infrastructure to decide what you have currently. List all your hardware and software. When performing this IT audit, don’t forget other technologies that you are using, such as biometric access systems, CCTV systems and even telephone systems. You may think they are irrelevant as they are not directly related to your IT infrastructure, but, in the near future you may want them all to be connected to one another, and so, including them in the audit and inventory right now is a good idea. Figure out what you need This is the next step. After you determine what you already have, the next step is to figure out what you need. What do you wan