opinion

Bits and Bytes: Update Your Site to Avoid Massive Data Breaches

Bits and Bytes: Update Your Site to Avoid Massive Data Breaches

When it comes to web hosting, one of the great cautionary tales centers on Equifax, a goliath of the data industry. Anyone who lives in the United States (even the shut-ins, given the social media storm that ensued) surely remembers the Equifax data breach fiasco. The only positive was that everyone affected was going to be paid $125. Even though you never actually saw a penny of that money, their corporate coffers could have been half a billion dollars richer had they kept their software up to date.

As one of the top three credit rating agencies in the US, Equifax provides the data used by most consumers to get loans, credit, perform background check services and various other intrusive personal data-derived services.

When operating a site, it is crucial to set up an ongoing process to ensure that it remains updated and secured.

In 2013, a staggering data breach of some of the most personal financial data on 143 million people (mostly Americans) was one of the worst that had ever occurred. The breach was especially heinous, given that the information was a veritable ready-to-go kit for identity thieves. The data therein contained more than enough financial information to open credit lines, conduct financial transactions and more.

In response, Equifax did what many irresponsible companies would do. They stonewalled, lied to the public (and Congress) and set up a giant settlement fund for the victims affected. Then, they managed to pay all that money to lawyers and other big companies so that anyone directly affected got nothing but a heartfelt promise that Equifax would definitely, certainly, sincerely, never (ever) do it again.

Despite the massive numbers and scandal which the Equifax data breach created, the actual cause … the “smoking code,” so to speak … was not some “Mission Impossible”-style heist. It was so basic, so simple, so unnecessary and infuriatingly stupid, that I’ve spent several paragraphs building up the breach to underscore how dumb the problem was that cost them the better part of two billion dollars when all was said and done.

They didn’t update their software. Let it sink in for a moment.

There was a security update to their software available in March, and the breach occurred in May. It was a free update, and all they had to do was apply it. Yet several months later, they had not applied the security update and the rest is history.

At first glance, you might think this is a story about software updates. It’s not. I’m writing about everyone’s aversion and impatience for downtime. At MojoHost, we are a 99.999% uptime guaranteed host, which means we take managing client’s upgrades very seriously. Maybe you think the data stored on a porn site is less sensitive or valuable than that held by a credit reporting agency, and that a porn site might be lower on the totem pole than a Fortune 500 company. But, that’s not really how data breaches happen.

The fact of the matter is that most hacks are automated. While the final stages of hacks are often a human hand deciding what is interesting to exfiltrate from a company, vulnerable software is usually identified by automated bots running around the internet.

Automated vulnerability bots mean that even your modest-sized sites are still very much a target. Porn sites contain not just lots of fun usernames and passwords, but may also be targeted for credit card theft and content theft. Indeed, the content itself is quite valuable; we regularly see hacks which attempt to scrape the entire library of a site.

The essential step to keeping your website from suffering a similarly embarrassing and expensive Equifax-like hack is to keep your software patched. That means superficial software like WordPress and the entire software stack, including the underlying operating system and database. When a hack occurs, most often, there was an update available beforehand, even for less critical website components that often go overlooked.

Many site operators are reluctant to perform operating system upgrades because of the perception that these will result in downtime for the site. Although this is true in some cases, a well-planned and short downtime is still much cheaper than the costs of a breach. We ourselves have invested in new technologies that allow us to upgrade servers with absolutely zero downtime in almost all cases, to ensure folks can have the best of both worlds … regular operating system upgrades and no lost sales due to downtime.

When operating a site, it is crucial to set up an ongoing process to ensure that it remains updated and secured. For some site operators, that may mean hiring a dedicated resource to keep things up to date. For others, it may mean using a fully managed hosting company that keeps customer servers and software up to date automatically and has a team dedicated to keeping abreast of the latest security threats. Because after all is said and done, it’s just good mojo to save a few billion dollars.

Brad Mitchell is the famed founder of MojoHost, which has won numerous XBIZ Awards for Web Host of the Year and earned many loyal clients for nearly two decades. Known for his dapper style and charismatic wit, Mitchell is a regular fixture at trade shows, where he frequently shares hard-won wisdom while striking profitable deals. Contact him at brad@mojohost.com.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Why Cyber Insurance Is Crucial for Adult Businesses

From streaming services and interactive platforms to ecommerce and virtual reality experiences, the adult industry has long stood at the forefront of online innovation. However, the same technology-forward approach that has enabled adult businesses to deliver unique and personalized content to consumers worldwide also exposes them to myriad risks.

Corey D. Silverstein ·
opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
Show More