Forty-five percent of website owners believe their website
security is being handled by their host, and 25 percent of website owners are
unsure. Website owners don't know that site security is their responsibility,
and in the instance of a breach, hosting provider's hands are clean while the
site owner is left confused.
But
MSPs can help flip the script. I spoke with David Mason, Inside Channel Development Manager at
SiteLock, to learn how MSPs can show site owners the value in their own site and help educate site owners on the importance of website security and whose job it really is to protect those sites.
VMblog: In what ways do website owners accidentally increase
their own risk of attack?
David Mason: There are several ways a site owner is increasing their own
exposure to an attack. Two common risks include an outdated core content
management system (CMS) software and third-party plugins. Each contribute to a
website's increased risk for attack and are not top of mind for the average
website owner.
For example, we can compare a website to a house. An
outdated CMS is similar to a crack in the foundation. Relying on outdated
third-party plugins is like having windows that don't lock. Ultimately, a
website requires maintenance just as a house does. Website owners must
regularly inspect their website to ensure everything is up to date.
VMblog: Why isn't it the host provider's responsibility to warn
site owners of these vulnerabilities?
Mason: Most owners host their websites in a shared hosting
environment. The site owner is essentially renting space from the host. Similar
to an apartment complex, the host is responsible for keeping the overall
environment safe and clean, but the website owner is responsible for locking
their doors and windows. The hosting provider may warn a site owner if there is
a vulnerability, but it's often too late. It's best if website owners take a
proactive stance to ensure that any vulnerabilities are identified and handled
before they can cause damage.
VMblog: What do MSPs have to gain from pushing website security?
Mason: MSPs are trusted advisors. They provide guidance for their
clients on the tools needed to secure their infrastructure, such as antivirus
solutions for their laptops and desktops, and endpoint security. Website
security is a growing area of opportunity and a crucial piece of a client's
security infrastructure that is frequently overlooked. By including website
security in their offerings, MSPs cement their status as trusted advisor and
further strengthen their client relationships.
VMblog: What actions could MSPs take to increase consumer
awareness or curb unknown threats?
Mason: The products and services that MSPs offer must deliver real
impact for their customers, as their reputations are on the line. MSPs should
include website security as a part of their education efforts and product
offering so their clients can implement a comprehensive security
ecosystem.
VMblog: What are some of the best practices that individuals can
adapt to ensure proper site protection, regardless if they are warned or not?
Mason: The best course of action is to take a proactive
stance. Make sure that all core CMS systems and third-party plugins are up to
date and that any unused applications are removed. It's also recommended to
have a website scanner that can help identify any malware or vulnerabilities,
as well as a web application firewall (WAF) to help block any threats.
##