Over the past few months, there have been a few Travelogic clients who have been victim to cyberattacks of their servers – this has varied from ransomware to malware and has had various impacts on their business operations with some being offline for a few days.
At Travelogic, we believe that prevention is key to avoiding such breaches from happening when you host your own physical server. We have put together some important tips on how to ensure your server is as safe as possible! Although these may seem basic, often the simplest things are overlooked.
TIP 1: ANTI-VIRUS
The absolute first thing to have in place is a decent anti-virus. It is important to do your homework and select a product that works for your company. Most anti-virus tools work on a subscription and offer varied services related to speed, efficacy, and security. Different products come into the market or updates happen to existing products on a yearly basis, so it’s good to stop and review now and then.
When selecting an anti-virus, there is always the option for a free or paid version. It’s generally said that if it’s free, you are the product and most many free anti-virus tools exclude certain valuable scans or are supported by advertising. We would always recommend going for a paid solution and although it is a yearly cost, it is worth the expense.
Your anti-virus will need to have exception set up for certain services that run on your server. For Travelogic specifically, this should be configured to exclude SQL Server data, backup folders and Travelogic Server folder.
TIP 2: UPDATES
Although they are frequent, it is important to ensure that your Windows updates are enabled. Almost every update that is released now includes security fixes and patches to further secure your computer. Sometimes a vulnerability will be discovered in an operating system and hackers will take advantage of it immediately (called a zero-day attack), without updates you stay vulnerable after the fact. As much as they can be irritating, they are a necessary protection.
TIP 3: ENCRYPTION
For clients who have set up a VPN, this will encrypt the data sent to and from your computer but not the data on the computer. For this you would need to encrypt the hard drive itself. This will have a small impact on the performance of the hard drive, and therefore the speed of Travelogic, but this should not be a noticeable impact. Having this encryption also adds protection should someone remove the hard drive from the computer. You could have the best password in the world, but if your hard drive is not encrypted, anyone can remove it from your computer and copy off whatever they like.
TiIP 4: FIREWALL
In line with the 3 tips above, it is important to have your firewall enabled. From a network perspective, the firewall blocks any incoming network traffic to your computer and local network. Windows comes with a firewall that is usually enabled by default, but it can be backed up by your anti-virus. If is just important to make sure that your anti-virus and Windows firewall are not conflicting, or they may be disabled altogether. In addition to your computer firewall, you want to ensure that on your router – the device that connects you to the web – the firewall is enabled and working as this will protect your entire network.
TIP 5: BACK UPS
This is particularly important if you are hosting Travelogic on your own server, but also for everything else that may be on your server. Most people tend to think that backups are there for when someone accidentally deletes things. While this is true and will help, a more modern reason is to have some form of recovery when absolute disaster strikes in the form of malware or ransomware. In the event of a virus or ransomware infection where your data is encrypted by a hacker, backups can save you from expensive extortion tactics. Being able to restore within a day or two is a much cheaper option than hoping your data is returned after paying hundreds of thousands in ransom!
For security reasons and best practice, we recommend that you mirror your backups onto a server on a different network. The reason for this, is that if your entire network is taken down, you are still able to recover and restore from backups in a different location.
For Travelogic, we recommend backups as follows:
Daily – transaction log
Weekly – full back up and a differential backup mid-week
TIP 6: SECURITY EDUCATION
This one is not related to the Server itself but is just as important (if not more) as all the above efforts will be in vain if the team is not aware. Teams need to know what protection is currently in place and why they need to adhere to it. You very likely have processes and procedures in place already and it is important that teams follow them and that they take security into account with everything that they do. If your teams do not know precisely what process they should be following, or what kind of system is in place, they may actively try to get around it without realising they are doing something counter to your requirements.
With new laws such as GDPR and POPIA beating on everyone’s doors, it will be up to each team member to ensure that they are following the important processes and procedures and this should routinely be communicated to everyone – this can be by means of email campaigns, posters in the office, online training and workshops. Having these training programmes in place and documented, along with attendance where needed, goes a long way in supporting your efforts of abiding principles. If the regulator does come knocking, you can at least prove that you have these measures in place and that your team are well aware of their responsibilities.
The above, while related to server security, is really just good business practice. If you have standard operating procedures and protection in place, you are doing good business and should be applauded. It can also be a daunting task, particularly if you have been running for a while.
If you need any assistance on the above, we work with a few talented and extraordinary consultants who would be happy to assist you or you can chat to us about hosting your Travelogic for you. For all clients that are hosted with us already, all of the above is in place and we regularly make changes to enhance our security. In addition, Travelogic will be running a series of workshops in the coming months for all members of the industry – more details will be available soon.