LONDON, UK – December 14, 2015 — / — Organisations invest a lot of time, resources and money into ensuring the security of their back office systems but this can often be in vein if they fail to account for the external threats impacting their business. The security of your DNS provider is arguably one of the biggest examples of this, according to Oscar Arean, technical operations manager at Databarracks.

Recently, it was revealed that webhosting company Easily had emailed its customers to inform them that it had fallen victim to a malware attack. While it was quick to reassure customers that there was no evidence that account details, passwords or any personal information which could identify the customer had been accessed, Arean suggests it is imperative that organisations should have practices in place to protect themselves should this happen to their DNS provider:

“Most organisations depend on their DNS provider in some capacity, whether it be for SPF records, their website, online portals or their Exchange, however what often isn’t considered is how secure these providers actually are themselves and what the consequences would be for you should these providers suffer a cyber-attack.

“It is actually relatively easy for a hacker to disrupt your services if you depend on an external provider and their security measures aren’t up to scratch. The impact on your business could be disastrous. A hacker could potentially change, wipe or redirect your DNS, impacting your mail-flow, website, marketing or your service portals. You could even get locked out of the control panel you use to manage your DNS records if a hacker changes your password. A lot of DNS providers just use shared passwords with no Two Factor Authentication (2FA) to verify the user is legitimate. All it would take is for someone with the password to log on, redirect your IP to a malicious site, and then change your password so that you are locked out of the account and unable to resolve the issue.

“Unfortunately, a lot of organisations don’t have plans in place for dealing with such events, and it is crucial that action is taken.

“As a starting point, consider your supplier carefully. It is recommended to look for security features like 2FA. This is a two-part process, which usually includes a password and a separate code sent to a pre-verified device such as a mobile phone that is only accessible by the user. For the hacker this is difficult to break unless they have access to the pre-verified device.

“It’s imperative that accurate DNS records are kept. It can take up to 24 hours for DNS records to update, so a hacker could make changes and you might not even notice until the following day if you weren’t sufficiently tracking them. Accurate auditing allows you to see what the DNS record was before and what it has been changed to, so you can easily revert to your original settings if an unauthorised change has been reported. Most DNS providers log their changes but this isn’t always visible to the customer. It’s possible to issue a support request for your logs but this can often take time. There are some good alerting tools available to help your IT team, alerting you as soon as an authorised change occurs, but these are optional and do come at a cost.

Arean concludes: “Ultimately, there isn’t a failsafe way to protect your DNS – this is the responsibility of your provider. Work with a provider who can prove that they take security seriously to limit your risks and give you the peace of mind that your IT is in safe hands.”

About Databarracks:
Databarracks provides ultra-secure, award winning Disaster Recovery, Backup and Infrastructure services from UK-based, ex-military data centres.

Databarracks is certified by the Cloud Industry Forum, ISO 27001 certified for Information Security and has been named as a “Niche Player” in Gartner’s 2015 Magic Quadrant for DRaaS. For more information, please see:

Nick Bird/Paul Moore
Tel: +44 (0) 207 388 9988

Source: Databarracks



General Tags: cloud computing, online backup companies, data security, CEO interviews, software as a service, backing up online, online data backup, online file backup, online backup news, top rated online backups, online backup services, online backup reviews, SaaS, data storage, online backup providers directory, online file storage, online backup, compare online backups

Like us on Facebook

Do you like this post? Subscribe to our RSS feed ===========================


Related posts:

  1. Databarracks Warns Organisations, “Do Not Call Time on Social Media”
  2. Security Concerns will Drive SMEs to the Cloud in 2016, says Databarracks
  3. Databarracks and NCC Launch Guidelines Paper for ‘Disaster Recovery in the Cloud’
  4. Slow Migration from Windows Server 2003 is Driven by Caution, Not Complacency, Suggests Databarracks
  5. Choosing a CSP is About More Than Just Security, Says Databarracks
  6. Databarracks Offers Data Security Analysis to UK Businesses
  7. Databarracks Leads by Example with New Cyber Essentials Scheme
  8. Organisations Struggling with Cyber Security Should Learn from NHS Guidance, Suggests Databarracks
  9. To Invoke or Not to Invoke? That is the Question When it Comes to DR, Says Databarracks
  10. Small Businesses are Failing to Keep up with Disaster Recovery Planning, Says Databarracks