A data breach happens when an unauthorized party gains access to sensitive or private data. Some examples of sensitive data include passwords, financial records, database information or HIPAA protected documents.
These breaches can cost companies (and users) time and money, and can affect public relations. While it is important to mitigate the effects of a data breach after it occurs, this article will provide you with information to help prevent these breaches from ever occurring in the first place.
Businesses are often targeted for these attacks because they have swaths of private information and credentials located on one network or a handful of servers. Because of this, it is important that your servers are up to date with the latest OS and security patches, as well as having strong antivirus and security precautions in place.
Today, we are going to cover the following areas on data breaches:
- The top five reasons data breaches occur
- Eight ways you can secure your server and prevent a data breach
- The three things you need to immediately perform if a data breach occurs
- Ways that Liquid Web can help prevent data breaches in the first place
Let’s get started!
What is a Data Breach?
A data breach is an incident in which sensitive or private data is accessed and/or obtained by an unauthorized party. Breaches can include several types of sensitive data, such as ePHI (electronic personal health information), corporate trade secrets, or even customer information.
How Do Data Breaches Occur?
Data breaches can happen via a wide range of attack vectors. From weak passwords to out of date software, there are many ways that attacks can occur. Each of these vectors needs to be secured properly.
Here are the five most common causes:
Weak passwords are one of the primary ways that servers and data get compromised. If your server is connected to the internet, it is very likely under attack. Hackers use automated programs to search the internet for unprotected servers; these programs brute force passwords by trying thousands of password combinations to attempt to gain access to your server.
These attacks can occur against RDP (Remote Desktop Protocol), Web Applications, Mail Servers, SQL services, and more. Having common or weak passwords is an easy way for attackers to breach your systems.
Out-of-Date Operating Systems and Software
Out-of-date operating systems and software are one of the most abused vectors for hackers to breach your servers. Anytime a major operating system or software vendor becomes aware of an exploit in their systems, they create and distribute updates and patches to correct the issue and prevent it from being further abused by attackers.
By not having updated systems and software, your servers become prime targets for targeted and automated attacks from hackers. It is important to keep your systems up-to-date to fix major security holes that hackers can, and will, exploit.
An Exploitable Website
An exploitable website can also be targeted by attackers to breach your data security. An improperly coded web application or a website using out-of-date software packages can be compromised by automated attacks carried out by hackers. A common method for infiltrating secured data is SQL injection. If your website interacts with an SQL database, there are potential security vulnerabilities which could allow attackers to send specific requests to a public facing form, which may reveal sensitive information normally secured in your database.
Tactics like this make it imperative that you secure and audit your existing and future code for your web applications.
Phishing and Malware
Phishing and malware are often causes of internal security breaches and data loss. Users at your network may be targeted by hackers to divulge personal information or passwords by spear phishing. Spear phishing is an attack targeted at select individuals or departments, where hackers send personalized emails or messages to users pretending to be a legitimate notification or login page, with the intention of tricking users to type in their password or account details.
An alternative form of phishing is to convince a user to open an executable file or an infected Word document that gives hackers a direct backdoor into the system it was run on and lateral networks. It is important to train your employees and clients to be aware of such targeted attacks and to be wary of messages that may even appear legitimate.
Breaches of Physical Security
Breaches of physical security are one of the least expected sources of data breaches but can have the most devastating consequences. Data breaches can occur through physical security breaches such as a user finding and inserting a rogue USB device into their computer, a determined attacker falsifying their identity at your offices, or unsecured workstations left unattended. Even if your servers are completely secured, if a bad actor gains access to an employees workstation or network, they may still be able to traverse your network and gain access to servers through this normally authenticated user.
While breaches of physical security may seem very rare or movie-like, they do happen and can cause considerable damage. Make sure your physical locations are secured and your employees or users are trained in identifying suspicious persons or hardware. For example, employees should not be holding locked doors open for anyone and every employee or visitor needs identifiable information for logins and doors.
Securing Your Server and Preventing a Data Breach
Here are a few ways to secure your server from a data breach.
Setup a Firewall with Proper Rules
The first step to securing your server is to implement a strong firewall, whether it be hardware, software, or both. If you are with Liquid Web, we can help set up a hardware and software firewall for your servers to protect your connections with strong default settings. Your firewall settings should be strong enough to prevent most unwanted access.
Block All Unnecessary Traffic and Ports
Your firewall should have strict rules that only allow the services you need and the appropriate IP access. For example, if you are not using FTP over port 21, then this port should get blocked for everyone. It is important to know how your server interacts with your applications and public/private clients. By using this information you can secure your data with solid traffic rules and close down unused services from being accessed.
Limit Access to Data
There is no sense in giving access to services to those who do not need access. If only one computer needs to use RDP, then only that IP address should be allowed access. If only your local IP range needs to access a sensitive area of your web application, limit this access to only those that need it. By implementing these changes, you start allowing only needed users and instantly block all other connections. This secures your systems to specific access points and workstations, which immensely increases your data security.
Setup Automatic OS Updates and Patch Out of Date Software
To ensure your operating system is always updated to the latest release, configure automatic updates at the OS level so any new patches are installed on your systems. An out-of-date operating system leaves servers vulnerable to public exploits that were corrected by your OS vendor.
Additionally, be sure to update any additional software you may have running on the server. Whether it is mail services, PHP, WordPress, or any other package, you will want to be sure these stay up-to-date as well. Attackers often exploit vulnerabilities in things like WordPress plugins or out-of-date code libraries to gain access to sensitive data.
Install Anti-Virus Software
Firewalls will help prevent unauthorized access to your servers from outside the network but it is important to install anti-virus software to protect your server within. If something does reach your server, your A/V software can block it internally and automatically. Anti-Virus software also helps protect your server from users accidentally (or purposely) downloading infected files. At Liquid Web we offer ESET File Security and Server Protection Packages for protecting your servers.
Train Employees on Proper Security Measures
Hardware and software protection mean nothing if your employees are not following the correct procedures for handling data and sensitive information. Train your employees to be aware of possible phishing attempts, proper login procedures, and install antivirus software on individual workstations. Employees should be able to detect fraudulent or suspicious emails, attachments, and phone calls. Be sure employees know the proper procedures to authenticate clients and for handling logins between co-workers.
Security starts with users!
Thoroughly Investigate Code
You will want to thoroughly investigate the code your web applications are using, to clear them of possible SQL injections and exploitable forms or URIs. This is not an easy task but it is one of the most important places to secure on your server, as these web applications are usually publicly accessible and crawl-able by visitors and attackers alike.
Unfortunately, there are no hard and fast rules for securing your web applications, as the code will differ site to site. Hire a security consultant to audit your code and find possible exploits so that you can patch them quickly and effectively.
Deploy Off-Site Server Backups
It is important to keep your servers and files backed up to an off-site location. In the event that your data is breached, you will want a clean and uninfected copy of the data to either restore or look for possible attack vectors to clean up on your current server.
If all else fails, you will have regular backups of your data and systems to get you up and running again as quickly as possible. You will want to be sure these backups are not being stored on the same server they are backing up, as it is no use to you if the original server itself gets compromised.
When backups are located off-site, you can be sure the data is safe and unaffected by any breaches.
What Should I Do Once a Data Breach Occurs?
If a data breach has just occurred, speed is of the essence. You need to immediately:
- Call a lawyer
- Call a security consultant
- Immediately deploy your business continuation plan or disaster mitigation strategy
How We Help Prevent Data Breaches
At Liquid Web, there are numerous ways we help protect your servers and data. We strive to implement security measures that protect as much information as possible from malicious attackers. Whether that is secure firewall rules, industry-standard antivirus, or continuous server monitoring, Liquid Web is prepared to help protect you.
For Windows Customers
Malicious Activity Detector (MAD) is an in-house tool developed by Liquid Web to monitor and protect requests to your server. It works by identifying malicious login requests and blocking the IPs that are making these requests. If an IP is attempting to log in many times to your server very quickly with bad credentials, MAD will act fast and block these requests from ever reaching your server.
ESET is Liquid Web’s preferred antivirus solution for your servers. ESET is fully licensed anti-virus software that can identify bad executables and files on your server in real-time.
At $10/month, ESET will actively monitor files on the server, automatically scan for new issues, and stay updated with the current release. We highly recommend ordering ESET for each of your servers to continuously scan and protect your files.
For Linux Customers
ClamAV is our recommended product for antivirus on Linux servers. ClamAV is a free and open-source solution for protecting your server against viruses.
By default, ClamAV only scans emails but this can be configured to scan any part of the server. ClamAV is installed by default on our cPanel managed servers.
Maldet is a popular and free malware scanning tool. It can search and detect malware across your entire server. Maldet can be used to detect, quarantine, and remove viruses and malware for infected servers.
For All Customers
Hardware Firewalls are available for Dedicated and Cloud servers with Liquid Web. Our hardware firewalls are designed to provide the most robust security for your servers by default. They can also be modified to suit your specific needs, allowing or blocking IP addresses and ranges to your server or specific ports.
Off-Site Server Backups are available with Liquid Web. For most customers, Guardian backups will be the preferred method for backing up your server and files. Guardian can backup databases, specific files and folders, or everything!
Basic Server Monitoring is included with Liquid Web hosting packages. Our monitoring service will alert our in-house technicians if a particular port or service goes down on your server. With this information, our technicians further investigate the cause of the downed service right away. This allows us to potentially identify greater threats at the first sign of trouble.
While monitoring itself does not protect the server against data breaches, it allows us to keep an eye on services such as HTTP, FTP, and mail to ensure your servers are working as intended.