Monday morning first thing and phone rings. It’s a typical call, since previous Thursday a small business has noticed that some of images on it’s’ website are starting to appear on other sites. They know enough to understand that once these images are out, they will be unable to prevent their spread. What they’re after now is advice on how to stop them from being stolen in first place.
Everyone is always wiser after event and there is a certain complacency in all of us that says it’s not going to happen to me but when it does we need to know what we can do about it. In this case damage has been done. Someone had hacked into their site and downloaded approximately 20,000 images. Some of these were licensed from image suppliers and some were taken by themselves at great expense. The cost to company is easy to work out in terms of what they paid for images in first place, but what is more difficult to ascertain is ongoing revenue loss that will occur.
Ongoing loss because nature of these images means that more exposure they get, smaller their value becomes. In this case law of supply and demand applies to intellectual property just as much as anything else. By time web server logs were checked and perpetrators identified, six days had elapsed. In that time these images were identified on twenty eight different websites and that number was growing by day. By then it was a practical impossibility to have them removed.
Even worse was that images appeared on an image brokers site and were actively being sold with a license for use by other people. The fact that this site was in Russia meant that there was nothing company could do to prevent it. In short they simply had to swallow loss and try to prevent it happening again.
What we all need to understand is that it is very difficult, if not entirely impossible, to prevent your data being stolen. If they want it badly enough, they will get it. Your job is to make sure that you make it so difficult, they give up and try elsewhere. For most of us, basic security of our website is handled by site’s hosts. Being certain of your hosts capabilities is a good start to securing your data. Have you ever asked them how they secure your web server? Perhaps now is a good time to do it.
Web hosting is like any other business. They concentrate generally on “bits” you can see in order to get your business. What they can cut costs on, they will and, although any good host will have security firmly at top of their list, some of cheaper ones may look at ways of reducing their spending. One very security conscious host is www.serverwise.com. I’ve used them for a number of years and always found them to be good when it comes to protecting your web site.