Most Important Security Risks to Keep in Mind When Choosing a Web Host

Posted on April 22, 2020 at 11:43 AM

Most Important Security Risks to Keep in Mind When Choosing a Web Host

There are hundreds of online articles about what to look for in a hosting service. Most of them focus on what features you need or why free hosting is a bad idea. Some do mention security, but they don’t go into a whole lot of detail.

We happen to feel that internet security is one of the most important elements of your online experience no matter if you’re a website owner or a visitor. So, we’re going to take a deeper dive into security risks and solutions when it comes to hosting services.

Hosting and Security Stats You Should Know

If you don’t want your own or your visitor’s data to end up on the Dark Web, security matters. According to a survey conducted by Symantec, cyber attacks increased by more than 600 percent over the previous year. The FBI in the US reports that there are more than 4,000 ransomware attacks unleashed each day. Although that method of attack is down slightly over last year, 40 percent of the companies held hostage by hackers pay up.

Although 92 percent of malware is still delivered via email, 77 percent of cyber attacks are fileless.

That means cyber criminals are becoming more sophisticated in their methods and less willing to rely on someone falling for traditional phishing exploits. It also means that they’re coming up with more innovative ways to stay one step ahead of computer users and law enforcement.

As more people rely on the internet for business and entertainment, the attack surface widens and more of us become vulnerable to data breaches and malicious actors.

Running a small business involves a lot of moving parts. Creating a viable online presence is no longer a nicety but another cost of doing business. More than half of all attacks occur against small businesses because they have fewer resources for prevention and mitigation. The last thing you want to worry about is whether your hosting provider is up to the task of protecting your data and visitors.

Keeping your financial matters safe is another thing that small business owners need to be aware of. When choosing an accounting software make sure that it provides maximum security and protection. This includes encrypted messaging and 2FA login. 

Security Risks and Hosting

You might think that you don’t have to worry so much about security. After all, you’re an SMB with fewer customers and resources than those big corporations. Here’s a fun fact: more than half of all attacks occur against small businesses because they have fewer resources for prevention and mitigation.

That means, regardless of your level of risk, you need to rely on your hosting service to provide at least part of the security you need.

The main risks to you from hosting are:

* Admin panel access issues

* Spam

* Weaknesses due to excessive downtime

* Outdated or unsecured plugins and themes

* Outdated apps and platforms

* Distributed Denial of Service (DDoS) attacks

Here’s what hosting services can do to protect you against these threats. Not all offer these protections as standard with shared hosting, but many are. Others are only available as a premium add-on or with more expensive plans.

In a web hosting report by UK’s Hosting Data tracking tracked uptime data for over 12 months indicated that the most common causes of website downtime was automated brute force attacks and server level DDoS attacks. Hosts with badly secured networks had 2-4X more attacks.

SMBs should opt to use secured dedicated servers to avoid malicious automated attacks that may negatively affect uptime. 

Operating System and Platform Vulnerabilities

Usually, you’re given the option of choosing a Windows-based or Linux-based OS when you select a hosting platform. Each has benefits and drawbacks when it comes to security.

Windows offers access control by default, and you’ll reconfigure it at your own risk. You’ll also get one security specialist to assist you in the event that a breach needs investigation. However, such strong protections are necessary due to the high number of attacks against sites powered by Windows OS.

Linux offers fewer default security protocols, but it also carries lower risk of attack due to lower numbers of users. On the plus side, you have more flexibility and a world of support in the Linux/Open Source community.

In addition to choosing the right OS for your hardware and other requirements, your hosting provider should include 24/7 site/network monitoring as part of their service. Good hosting companies offer this for free even with shared plans. My professional website is on a managed WordPress hosting plan, and all of the features I mention are included with my service.

Passwords and User Access

Not only should there be strict access controls to access your account and dashboard, but it should be easy for you to set permissions based on administrative and other roles. Remove the word “admin” from your login panel and follow password management best-practices.

Plugins and Apps

Plugins and extensions make it easy to develop websites from scratch without a lot of tech knowledge. They’re also easy for hackers to exploit if you don’t choose and manage them wisely. WordPress doesn’t have dedicated support, per se, but it does maintain a library of vetted plugins and themes from reputable developers.

Avoid public, third-party app libraries whenever possible and make sure to delete any unused plugins, themes, and apps rather than simply disabling them. If your host doesn’t provide automatic updates, check for and manually install updates and patches as soon as possible. You should also remove your version number from your website and URL, and only choose plugins and apps from highly rated developers that offer additional support. Most provide the number of active installs and user reviews right on the download page.

System Backup and Restore

Not only is it important to find a hosting provider that offers network backup and restore, it should be accessible to you, the site owner/administrator. Some only offer backups as a premium add-on, and others offer free backups that aren’t accessible to you. Read the fine print on your SLA and ask if you’re unsure of how your hosting provider handles backup and restore.

Malware Protection and Removal

Find out what your hosting service does to protect you against DNS leaks malware, and outside brute force attacks. These exploits are difficult to stop once they’re in-process, so prevention is key.

Such protections are usually highlighted under the features for each plan. If your potential host doesn’t list specific security tools and protocols for monitoring, threat detection, and prevention somewhere on their website, and you can get nothing specific from customer service, take a pass.

SSL and Firewalls

The recent Capital One attack was made possible by an improperly configured firewall that was exploited by an employee who was managing their hosting platform. There isn’t much you can do to vet service provider staff. but your host should at the very least protect you with firewalls and SSL to let your visitors know that your site is validated and secure from hackers looking to hijack user sessions. The best hosts will give you free basic SSL from a company like Let’s Encrypt and the option for premium upgrades.

TLDR? Here’s a Quick Security Checklist

Between a secure, reliable hosting provider and you, you’re not without protection. Here’s a checklist of things to look for in a hosting provider from a security standpoint.

  1. Backup and restore features that are accessible to site owners/administrators
  2. 24/7 network monitoring
  3. Properly configured firewalls and DDoS protection
  4. Antivirus protection
  5. Secure FTP (SFTP)
  6. Internal security, such as KernelCare or other server hardening
  7. Spam filtering
  8. SSH/SSL
  9. Access restrictions
  10. cPanel with cPHulk
  11. SQLi protection
  12. DNS leak protection

Final Thoughts

Choosing a web host may be the single most important decision you’ll make before launching your website. Not only for reliability and speedy content delivery, but for providing additional security in an age of expanding threats and access.

Our goal is to provide you with the most current information possible about the threats facing us all and what service providers are doing to protect your and your business. We hope the information we provided gives you some additional points to ponder when searching for the right hosting provider and plan for your website.


Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading