Skip to main content

Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe


Just Because You're Not a Big Target, Doesn't Mean You're Safe

Not too long ago, the New York Times' website experienced a well-publicized attack, which raises the question – how can this happen to such a world-renowned corporation? If this can happen to the New York Times, what does this bode for the security of a small company's website? What's to stop someone from sending visitors of your site to an adult site or something equally offensive?

The short answer to that question is nothing. In the New York Times’ attack, the attackers changed the newspaper's Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let's get into the specifics of the attack and explain what DNS is.

The perpetrators of the New York Times’ attack targeted the site's Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.

Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Times’ site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted. Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.

For now...

There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road.

Here are a few ways to stay safe

Select a Registrar with a Solid Reputation for Security

Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site's files. Nonetheless, recent DNS attacks are concerning because they're far more than the average password hack.

It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar's directory. What's particularly frightening is the registrars attacked had solid reputations. The New York Times, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.

So what else can be done?

Set Up a Registry Lock & Inquire About Other Optional Security
A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.

Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.

While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.

Contact us at Knox Technology

Comments

Post a Comment

Popular posts from this blog

The Good, The Bad, and the Ugly of Mobility and BYOD

The Good, The Bad, and the Ugly of Mobility and BYOD There are a lot of advantages to mobility in today’s workforce, but the Bring-Your-Own-Device (BYOD) movement has also brought its share of headaches as well. We live in a society where everyone must have the newest technology. We are inundated with ads reminding us that the smartphone or tablet we just bought a year ago is laughably outdated and inferior to the upgrade that just hit the market. People who have just bought the latest technology don’t want to have to set it aside to use a separate company-issued device. As a result, businesses are beginning to grant these employee-owned devices access to their file and email servers, databases, and applications. While this brings certain competitive advantages to employers, it naturally carries many risks, too. Let’s begin with the pros of BYOD... The Advantages of BYOD Greater Flexibility and Productivity - Personal devices allow workers more flexibility, which in turn can increase
2 comments
Read more

Why SMBs Must Proactively Address the Threat of Mobile Hacks

Why SMBs Must Proactively Address the Threat of Mobile Hacks More cyber criminals are targeting small-to-medium sized businesses. One reason for this is too many workplaces have insufficient bring-your-own-device (BYOD) policies in place. Some have none at all. Although firms are generally more knowledgeable about network security risks than in years past, they still woefully underestimate the security vulnerabilities linked to mobile devices like smartphones and tablets. This is a real cause for concern since data breaches have the ability to put many already financially challenged SMBs out of business. If customer/client data has been breached, there could be potential litigation costs, and naturally, lost goodwill and an irreparable hit to brand or company reputation. Don’t Just Say You’re Worried About the Bad Guys... Deal With Them SMBs say they view network security as a major priority but their inaction when it comes to mobile devices paints a different picture. A recent study f
Post a Comment
Read more

Four Key Components of a Robust Security Plan Every SMB Must Know

Four Key Components of a Robust Security Plan Every SMB Must Know Most businesses are now technology dependent. This means security concerns aren’t just worrisome to large corporate enterprises anymore, but also the neighborhood sandwich shop, the main street tax advisor, and the local non-profit. Regardless of size or type, practically any organization has valuable digital assets and data that should not be breached under any circumstances. This makes it the responsibility of every business, especially those collecting and storing customer/client information, to implement a multipronged approach to safeguard such information. Yes, we’re looking at you, Mr. Pizza Shop Owner who has our names, addresses, phone numbers, and credit card information stored to make future ordering easier and hassle free. Today’s SMB Needs a Robust Security Plan Protecting your business and its reputation comes down to developing, implementing, and monitoring a robust security plan that adequately addresses
4 comments
Read more