Guest post by David Hamlen of ChoiceChecks
With so much on their plates, online merchants can overlook one crucial aspect of their online business – protecting their website from a DDoS attack. Are you prepared and protected? Below you’ll find 8 tips and tricks to reduce the risk of a DDoS attack.
1. Assess Your Company’s Risk. If your company processes a lot of transactions online or runs web-dependent operations, it’s important to take DDoS security seriously. Every business should sit down with its IT team and discuss what would happen to the company’s operations if plagued by a denial-of-service attack.
2. Create a DDoS Mitigation Policy. Make sure your network admin has taken some basic steps to limit the company’s risk exposure to denial-of-service attacks. There are several steps your admin can take, including caching, CDNs, static home pages and scaling. Don’t forget to place burstable network connections, standby servers and infrastructure to handle traffic spikes and the like.
3. Performance Monitoring. Performance monitoring is crucial, but it can be quite difficult to detect that a site is under attack. Many types of cyber attacks slow down the site or make it unusable without actually bringing it down. Properly configured/tuned performance monitoring can be a major help in detecting an attack. Spikes in unusual traffic is usually a good sign that you’re in trouble.
4. Have a Response Team in Place. When a denial-of-service attack happens, your company should have immediate knowledge of who to turn to and what to do. Whether the mitigation is performed by in-house IT staff or externals, you should have a clear hierarchy of responsibility. Know who to call at the hosting provider, vendors and Internet Service Providers to coordinate DDoS response. Responding quickly to an attack is critical to effective resolution.
5. Buy Anti-DDoS Solutions. Anti-DDoS software is specifically designed to identify and stop denial-of-service attacks. It can be a helpful addition to other mitigation plans you have in place. Such products include Arbor Peakflow SP, Cisco/Arbor Clean Pipes 2.0, etc.
6. Outsource to a Large Hosting Provider. The best defense against DDoS is having a lot of bandwidth. When Amazon was attacked, they overcame it by having extra bandwidth and a great backup system in place.
A large hosting provider can supply increased bandwidth. The great thing about third-party hosting providers is that they have a significantly larger amount of capacity as well as in-house DDoS mitigation plans already in place. By outsourcing your website hosting to a large third-party provider, you also reduce the risk of a direct attack.
7. Have a Back-Up Ready. It may not be possible to prevent every DDoS attack, which is why companies are advised to establish a backup “mirror” website that can replace the original one if it comes under a sustained attack. The backup website should be hosted at a different location than the primary website. Best strategies: load balancing across machines, server farms and global server load balancing (GSLB) across data centers and continents. Having a backup for the backup is another suggested best practice.
8. Get Insurance. Cyber insurance is a relatively new field of insurance but one that is catching on quickly among large businesses that have a lot to lose in cyber attacks and data thefts. There are many different types of cyber insurance coverage, including privacy and security liability in case critical data or earnings are lost or stolen. However, for the purposes of DDoS protection, the best coverage to have here would be for “crisis management.” This can help cover the costs of getting the network back up and running, as well as restoring lost or damaged data. Call your insurance company and see if you qualify.
DDOS are becoming more common. By using a multi-strategy approach that combines prevention, remediation and recovery provisions, your business can reduce its level of exposure to this growing threat.
If you’re using a networked computer at your office, you may have a hard time trying to download your business bank statement through QuickBooks, Quicken or any other accounting program. Trying to balance your books or to order QuickBooks business checks during a DDOS attack might be impossible. Get smart about DDoS and you’ll avoid a lot of collateral damage.
David Hamlen is a 3DCart customer and CEO of ChoiceChecks. Choice Checks offers cheap business checks starting at $38.00 for 250 qty. We offer over 40 colors/styles for Quickbooks business checks and Peachtree business checks. Don’t forget your envelopes.