Why You Need a Security Guard at Your Website

Let’s face it: security guards are not often taken seriously – and are more often the butt of jokes.

You might picture a guy sitting in his car outside a subdivision or the strip mall – the so-called “rent-a-cop.” And how are you going to fight crime when all you’ve got is a flashlight?

When we talk about a security guard for your website, we are way beyond the world of pepper spray and doughnuts. A good security system on your site doesn’t sit around waiting for something to happen; it’s proactive in seeking out anything that could go amiss, using the IT equivalent of Jedi powers to “see things” before they happen, thus wiping out threats before they ever start tampering with your company’s most valuable online assets.

Before we discuss what services a good online security guard can provide for your website, let’s take a closer look at the pain and cost of cyber attacks.

The High Price of Downtime

In this section, most blogs would start by telling you that according to some thinktank you’ve never heard of, the average company loses $X/hour when its website is down. But we’re not worried about the average site; we’re worried about your site, and the chances of it lining up with what’s “average” are infinitesimally small. Instead, we’re going to use a simple formula that you can plug your own company’s figures into. Then you’ll be able to gauge your own costs. This is a great way make an argument for a  bigger, better IT budget if your CEO or board needs convincing.

Here’s the formula:

Cost of downtime (per hour) = Hourly Lost Revenue + Hourly Lost Productivity + Cost to Recover + Cost of Intangibles

So, let’s say Company X makes customized gift baskets. Its business is 100% online and its revenue per hour on a normal day is $200.

The lost productivity stems from the number of your employees who are unable to do their work during the downtime, but are still getting paid. The three-person team making the baskets can’t see what orders they’re supposed to be working on and your marketing duo can’t update your social media pages. If all five of these people make $20/hour, that’s another $100/hour you’re losing.

The cost of recovery refers to the amount of money it takes to get the system back to full strength. If this means calling an IT service, how much does it charge? If you lose data, how much does it cost to reinstate it? Say your external IT guy charges $150 for a visit and then $50/hour on top of that. If it takes him one hour to fix everything, you’re out $200. Intangible costs are tougher to gauge. Will your customers jump to a competitor after 5 minutes or even 5 seconds when your site is unavailable? You might find that 50% of customers who find your website down will go to a competitor and not return.  So, if 4 customers visit your site an hour, 2 of them won’t be coming back. Suddenly, you’re not just losing revenue for this hour, you’re losing that same revenue over and over again. If the average customer buys from you 5 times a year and spends $75/visit, you just lost $750 for the year.

Let’s mash some numbers now for Company X being down for exactly one hour.

Cost of Downtime = Lost Revenue ($200) + Lost Productivity ($100) + Cost of Recovery($200) + Cost of Intangibles ($750).

For one hour of downtime, Company X has lost $1,250.

What a Good Online Security Guard Does

So how do we keep all that revenue and capital in our pockets rather than headed toward the competition and the IT guy’s bank account? By investing in a top-flight security system to guard our company’s critical points and keep the most debilitating forms of cyber attacks from ever happening. Here are 4 services you need to keep your website safe.

Distributed Denial of Service (DDOS) protection: A DDOS attack attempts to overwhelm the available resources to your network by consuming bandwidth or eating up connections to prevent legitimate visitors to the site to gain access.  Imagine having a brick-and-mortar store instead of a website. Your front door allows for a steady stream of customers to flow in and out. But a competitor wants to disrupt your business by sending every single person he has ever met through your front door all at once to guarantee your real customers can’t enter. DDOS protection keeps this from happening through several ingenious methods, including cloud protection and multi-layer prevention.

Intrusion detection: During a network intrusion, someone who doesn’t belong attempts to get on your network. Hackers do this for fun, for financial gain and for destructive purposes as well. An intrusion detection system (IDS) will compile a list of patterns of how your network traffic operates and how it does not. A smart intrusion detection system will have a database of known attacks gathered from other sources and use that as a baseline. When something unusual is detected, the system alerts security teams, giving them the chance to deduce whether the activity is expected or unwelcomed and respond in kind. Types of intrusions include malware, ransomware and targeted attacks.

Firewall protection: Firewalls are perhaps the most important part of your online security detail because they act as the great filter between your company and the rest of the Internet. Not only are they tasked with keeping out unwanted emails and computers off your network, they also serve to restrict use inside your network to the rest of the Internet – meaning your employees can’t visit certain websites or send certain types of emails, i.e. the kind that transmit sensitive information outside of your network. With the many complex forms of attack that can impact a modern website, simply clicking the ‘on’ switch of your firewall isn’t enough anymore. A firewall managed by a security team adds the monitoring of logs, frequent checks on the health of your hardware devices, complete control to your network’s entry and exit points, and a well-practiced, logical security procedure if suspicious activity is detected.

Multi-factor authentication: Sometimes we’re so intent on covering every tiny crack and fissure in our network that we forget how many times criminals are strolling right through the front door. In 2016, Verizon’s Data Breach Investigations Report revealed that 63% of data breaches were the result of either stolen or easily-guessed passwords.

Take a queue from your childhood clubhouse keep outsiders away with not only a password, but also a secret handshake. Locking down your network from unwelcome strangers isn’t all that different, it just has a fancier name: multi-factor authentication. There are three phases to multi-factor authentication, of which at least two must be used in order to ensure only people who should be on a network can be on a network.

The first factor is the traditional password or PIN number. It’s the easiest to remember but also easiest to steal or lose. An overwhelming number of companies still use this dated system as their only means to validate network access..

The second factor is something physical, like a key fob or an ATM card. Fobs with ever-changing digital alphanumeric code are quite popular for use as the second form of authentication. The code change every few minutes or so, meaning it becomes obsolete if not used immediately in conjunction with the password or PIN.

The third factor, which is gaining considerable popularity in the business world, is a factor completely unique to you such as your voice or your fingerprint. There’s not a person alive on this planet that has the same voiceprint or fingerprint as you, which is an enormous comfort to your company’s security.

Conclusion

The downside of explosive use of technology in business is the same rapid development of technology to hinder business criminally. As intelligent as some of our deployed means of security are, they remain limited without human supervision. To ensure the most secure version of your network, invest in a managed security system, such as that provided as part of our HIPAA managed hosting.