- SmarterASP, a major hosting provider, was the victim of a ransomware attack recently.
- The attack resulted not just in customer data being encrypted, but also the hosting provider’s website suffering downtime.
Choosing a hosting provider is a crucial step in setting up a website. In the light of a ransomware attack impacting SmarterASP, here are some points from the cybersecurity perspective to consider before inking the deal with a hosting provider.
SSL security certificate
The SSL (Secure Sockets Layer) encrypts communication between a website and its users. It helps prevent customer information from being stolen. This also ensures website visitors that their connection is secured, as most browsers provide visual cues for websites with SSL certificates.
Web application firewall (WAF)
The web application firewall monitors and filters the incoming traffic by blocking potentially malicious requests. It offers protection from a number of attacks including SQL injection, XSS attacks, DDoS attacks, and cross-site forgery.
The WAF works on a set of policies that can be customized according to the security requirements. Because this is among the first line of defense against cyber threats, this firewall must always be kept updated. Certain security standards require the implementation of the web application firewall for compliance.
The more data-intense your website is, the more is the necessity to backup data, preferably at an offsite location.
Human backup brings in the possibility of manual error. Hosting providers who offer frequent, automated backups give you the advantage of data recovery in case of a cybersecurity incident. Providers who offer encrypt the data backed up automatically deserve brownie points.
Protection against malware
Malicious actors are constantly looking for opportunities to inject malware. To make sure that your site doesn’t get infected, it is essential that a few security measures are implemented. The web hosting provider can help by regularly scanning files for malicious code. Identifying and removing malware services from the hosting provider is an added advantage.
Although this is not an exhaustive checklist, it can help you get your basics in place to further explore cybersecurity for your website.