tirsdag 6. april 2010

Kicked off Google: How to keep it from happening to your startup

(Editor’s note: Chris Drake is CEO and founder of FireHost, Inc., a secure Web hosting company. He submitted this story to VentureBeat.)
It’s annoying to be hacked. It’s devastating to see your company’s homepage replaced with an offensive message. But it’s another thing entirely to find a warning slapped on the page that Google no longer considers your site secure.
While hackers compromising your site to the extent that it’s kicked off Google sounds like the stuff of nightmares, it actually happens to small businesses every day. A single hacking might not do it, but if your site gets attacked one too many times for the search engine’s liking, your troubles will multiply exponentially.
mberry, a Tempe, Arizona-based startup that  sells tablets that make everything you eat taste sweet, recently learned this firsthand.
The saga started about a year ago, when mberry’s site was hacked three times in two months. The company relies on the site as its main source of revenue, so having it down that many times (and the expenses that go with getting back online) was costly – and damaging to their brand. But it wasn’t until they got booted from Google that things really got bad. It took two weeks of hard work (and no small amount of pleading) before the search engine agreed to list them again.
“For a startup like ours, getting hacked and then kicked off of Google can put you out of business,” said Charles Lee, founder and CEO of mberry. “The time and effort we had to spend working through the process to get back in Google’s good graces was arduous. … There is no telling how much we lost in terms of brand reputation and vendor relationships.”
Though Google may seem like the bad guy when you’re in this situation, it can actually be a valuable ally who can help protect you. The company’s Webmaster Tools provide some useful services and articles aimed at helping prevent a problem with hackers from ever getting as far as it did with mberry. Google also provides a quick checklist that spells out high-priority (and completely achievable) protective measures in a simple way. For example:

Scrutinize third-party content plug-ins and use them only when required. Go with well-respected providers.
Use Google site search to see which of your website pages Google has indexed. Type “site:<yourwebsiteaddress.com>” into the Google search bar, and if unfamiliar content shows up, you have problems.
Sign up for a Google Webmaster account and get access to:
* Notifications about potential vulnerabilities
* Notifications about new software versions
* Notifications when signs of suspect, hacker content like spammy links or comment spam infiltrate your code

A capable, security-focused hosting provider can also be a big part of prevention and identification when problems arise. Among the things Google recommends your hosting provider should address are.

Locking down your server’s configuration settings for directory permissions, server side includes, authentication, and encryption
Staying up to date with the latest software patches for all the operating system and applications on your web server.
Monitoring logs and storing them per a conservative retention schedule
Regularly checking and monitoring your website with anti-virus and vulnerability scanning
Using secure protocols for data transfer (SSH and SFTP only) and a high level of encryption when data is at rest

Don’t overlook the importance of extra security measures like redundant firewall protection and web application firewalls, either. mberry ultimately did added these (along with other protective measures) and hasn’t been hacked since. Their customers’ data is safe and the company is once again searchable on Google.
Despite the hacker threat to data and a startup’s reputation with customers, too many entrepreneurs are still willing to roll the dice, hoping they escape a hacker’s notice. But are you really willing to double down when traffic from the Internet’s leading traffic generator is also on the line?
Photo by Don Hankins via Flickr.
Tags: hackers, security
Companies: Google, mberry

Ingen kommentarer:

Legg inn en kommentar