Discover more from Founder's Journey
Ask your devs about security and automatic backups!
About software development.
Do you have a website? Do you have an online store? Do you have any software which your devs created? Ask your devs or system administrator if they do automatic backups!
Some time ago I was asked to help with a broken website. They got hacked. Looks like developers were not skillful. They set MongoDB on AWS EC2, without password, and opened MongoDB port to every IP! Guys, really?
So the attackers just removed the whole database and left one message - if you want to return your data, send money in Bitcoins to this wallet. Of course, they were not ready to pay hackers, and they started to set up all content from scratch.
The main problem was with the security. But the second problem was that they didn’t have any backups at all! Neither database nor the whole server.
I used to set up everyday backups for the server, and 6-12 hourly backups for the database. In this case, even if someone removes all your content, you will be able to restore it in 5-10 minutes.
So, check yourself or ask your webmaster to check, the key development steps to improve your server security:
close all not-needed ports on your servers.
open access to used ports only from specific IPs if possible.
secure your database with username/password, private key, or whatever else possible for you.
setup automatic backups of your servers and databases.
don’t push environment files with all passwords, API keys, and connection credentials to the source control tools (GitHub, Bitbucket, GitLab, etc).
Use strong passwords for databases and servers (letters, numbers, special characters).
I can continue this list with 10-20-30 more steps. But these are the main issues that I see every day when I work with startups, small and mid-size companies. Nobody cares about such simple steps to improve their security, and they start to think about security after they got hacked.