While running tests last week, I came across a website which provides international legal research and recommendations. As usual, I ran Shodan - and gracious, the host server needs Apache updates! Over twenty vulnerabilities were documented, some dating back several years. Fascinating.
Please. Whatever the size of your business, keep your server and other software up to date. Europe's GDPR is being enforced more often as time passes, and fines are increasing in number and cost.
A while later, I found another law firm whose ISP needs to update their servers. This time Shodan surfaced twenty one vulnerabilities related to old Apache HTTP server software.
After looking up Firm #2, I searched for current data on recent law firm breaches - there haven't been many in the US, to date (large scale or well documented) - but I did find a third legal website with twenty three of those same Apache vulns. Each of these three sites is hosted by a different, well known ISP. Curious, hm?
Your credibility suffers when your public website is open to remote thieves. Even if it's your ISPs fault. If the bad guys get in, your SMB is probably done for.
Don't be that company. You do not want to end up on this website. Or this one. Or this. Granted, these are primarily large corporations - but can a small or medium business afford the publicity fallout from even a teensy breach? Not today.
Go here and run Shodan on your website URL - this security tool surfaces public information broadcast by the site server. Problems showing up? Talk with your ISP, or the corporate department responsible for web security.
Next, visit Wizer for free security awareness training videos (advanced modules are available for a fee - we get a small referral percentage). Send your employees and family members there too. The videos are excellent: short, sweet, and educational. Knowledge is power.
FIO, peeps - figure it out. Cybersecurity is a critical need, not a want. Right?