The CourseVector Difference
According to a Global Knowledge White Paper, 43% of companies experienced a data breach in 2014. And in 2016, Identify Force reported that data breaches increased by 40%. While some of these breaches are caused by human error, there are plenty of breaches that occur because of malicious behavior.
CourseVector understands this threat. Because your security is important to us, we work hard to provide our hosting customers with the best protection for your business.
Protection begins with our perimeter and web application firewalls. The perimeter firewall monitors all access attempts to any part of your website. This includes all logins including WordPress, FTP, Email, etc. If malicious activity is detected, the IP address of the attacker is locked out and one of our technicians is notified in case additional corrective action is needed. The Web Application Firewall monitors all traffic to and from your website. The firewall uses a form of artificial intelligence and can detect and block security issues, even those that have not been patched. This provides peace of mind during the time when a vulnerability is discovered within your website and when the software vendor provides a patch.
We also employ dual authentication login for most of our hosting clients. Dual authentication requires a user to log in twice, using a different username and password each time. While this method can be cumbersome, it offers a second layer of protection to websites on which it is used.
The first authentication screen is activated on a server/system level and happens before access to your actual website is permitted. This offers two benefits: First, a system level authentication can handle thousands of requests per second with little to no system draw. Therefore, attackers who attempt to “overload” a website with login attempts, never actually get to the website to create site degradation issues. Second, attackers as locked out after several attempts and one of our technicians is notified allowing us to take appropriate action. The end result is that most attacks go unnoticed by our clients.
If, per chance, an attacker gets by the first authentication, a second firewall, added to your WordPress by our technicians, will slow the attack and eventually block their IP address. Again, a technician is notified and the first authentication password is changed, effectively setting the attacker back to square one. Most attackers look for “low lying fruit.” Our security measures are extremely effective in that it simply takes too long to breach one of our managed websites and getting reset to square one in the middle of an attack will usually cause attackers to give up.
No Automated Maintenance
CourseVector employs a team of experts who perform WordPress maintenance on each of our Managed Hosting client sites. Because real people perform updates, it minimizes the risk of fake updates and other malicious activity.
Finally, the last line of defense is our backup policies. Your entire server is backed up, off site, every few days and archives are kept for up to 1 month. In addition, WordPress Managed Hosting comes with an automatic, one touch restore, backup that secures all WordPress files, offsite, using the Amazon S3 redundant storage system. Although no backup system is 100% guaranteed, CourseVector takes great pains to use several backup systems with offsite storage, providing what we believe to be one of the most secure hosting environments available today.
Updraft is a simple and reliable website backup program that can be administered by almost any user. Installation is a breeze, but proper configuration can be a bit tricky and should be monitored to make sure the software is performing as expected.
More information about the Updraft plugin can be found on their website.
Secure Webforms and Contact Forms
Whether collecting sensitive or Non-sensitive PII, it is wise to use a secure form, as encryption at rest for this type of information may be required by law. Do not fall victim to a data breach. Use CourseVector’s Secure Online Form Service to safely collect and store PII from your clients.
What is PII?
PII, or Personal Identifiable Information, comes in two forms: sensitive and non-sensitive. Sensitive PII includes things like a social security number (whole or trunkated), driver’s license number, or account information. Non-senstive PII can include a name, address, or phone number. Non-sensitive PII can become sensitive when used in combination with other information.
Whether collecting sensitive or non-sensitive PII, it is wise to use a secure form.
How does it work?
In order use a secure online form, your website must be accessed through SSL/HTTPS. Then, we create the form and send you information about how to retrieve the data collected. It’s that simple. Each form is $24 per year to host. Form creation and maintenance are extra.
*Although many of the above security measures are applied to all of our hosting packages, only the Managed Hosting & Dedicated Cloud Based Hosting has all features and monitors enabled.
Ready to Switch Hosts?
We highly recommend switching to our servers. This is the only way we can offer our multi-tiered protection plan. However, if you truly wish to stay with your current host but still want to take advantage of increased security, we can provide you with some degree of protection, to include:
Updates every 6 months.
Comprehensive site review.
Our security WordPress plugins.
Periodic backups stored on our Amazon S3 servers.
Since we cannot run perimeter firewalls from another host, we will not be notified prior to an attack. On our servers with perimeter firewalls, we are notified PRIOR to an attack. In most cases, we are able to stop the attack at this point. In addition, there are often critical, unpatched vulnerabilities. For instance, someone posts a hack that allows anyone to access your website with admin privileges through a plugin or WordPress itself. CourseVector can modify the firewall, allowing us to effectively stop the vulnerability for all of our clients. Then, we can wait worry-free for the developer to publish a patch.