Human errors and DNS

When your favorite social media site goes down, you’re inclined to think something horrible has happened: an earthquake or other catastrophes of biblical proportions. However, these outages are more commonly the result of simple, human error. You’ve probably heard the joke about the janitor who unplugged a server so he could vacuum and shut down half the Internet. Well, it’s not a joke, and silly mistakes like this happen often and to companies of all sizes.

You may remember last year when a few fortune 500 companies were knocked offline because their DNS provider accidentally deleted a record for one of their own name servers. These mistakes trouble the best of us, so it’s important to take the time to learn from them.

Small businesses lie in the most vulnerable position, because many think they don’t have to worry. They think they aren’t big enough targets, or maybe don’t realize how much they depend on the Internet to thrive. However, these organizations tend to be the targets that suffer the most, and sometimes shut down completely due to outages.

20% of small businesses have a major IT incident, resulting in downtime every 5 years. 25% of these businesses will be forced to close for good.

These kinds of outages are continuing to become more prevalent as businesses weigh more heavily on their online presence. Within each organization there are dozens of employees who have access to online infrastructure and information; that means for each user, you have exponentially more vulnerabilities to account for.

According to IDC, outages can cost businesses between $82,200 to $256,000 for a single event. This average out to be more than $200 every minute your server is down.

The best defense against downtime is learning what causes outages and being proactive. While you may think some of these mistakes are elementary, they can all cause domino effects. That means not remembering one of these suggestions could systematically take down your entire online organization in a matter of minutes.

#1 Keep it to Yourself

Don’t share your passwords with anyone! No really, we mean anyone. Each time you share a password, you are increasing the risk of your accounts becoming compromised. If you work with a team, create separate logins for each staff member. Most services require you to shell out a little more for each additional user, but an extra $10 a year is a whole lot cheaper than an incident. This practice also makes it easier to remove permissions for employees who have gone rogue, terminated, etc.

#2 Moving Target

You should also get into the habit of changing your passwords regularly. This creates a moving target for attackers. The more frequently you change your passwords, the harder it will be for your information to get stolen. Set a reminder on your calendar, so you never forget.

#3 Change it Up

If one of your accounts does get compromised, the rest of your accounts could be at risk. The second biggest mistake sys admins make is using the same password for multiple accounts. Some admins will argue that it’s hard to remember a bunch of different passwords. And on top it, if you’re changing these passwords every few months, then there’s no way you can remember them all.

Worry no more! You can use apps like LastPass, which remember all of your passwords for you and store it in a “vault”. Be careful with these kinds of apps, though, because if your master password gets compromised, all of your accounts are compromised.

#4 Double Up

Passwords can easily be sniffed out by hackers, and are really just a challenge rather than a roadblock. The best way to quickly bulk up security is to implement Two-Factor Authentication (2FA). This method adds an additional verification process to logging into your account. Verifications can be anything from a fingerprint to a code that is sent to your mobile phone.

#5 Boost your Password Strength

Whenever you are creating a password, check to see what the requirements are. Take advantage of character length: instead of using a word, use a password phrase. Always use a combination of letters, uppercase and lowercase, numbers, and symbols. You can also use password generators to create codes. If you use a vault like LastPass, you won’t have to memorize any of these passwords.

#6 Don’t Store it Under your Keyboard

This one is pretty straightforward… don’t store your passwords in easy to find places. Just like you wouldn’t stick your spare key (even if hidden) right next to your door. Seriously, we hear of people doing this all the time. Worst of all don’t store your passwords in a plain text document. That means note-taking applications, too, like sticky notes.

#7 It’s all about the “S”

Only use HTTPS sites when entering credentials. Get in the habit of looking for “https” in your browser every time you login to an account.And most importantly, always make sure you follow all of these rules when creating and managing your accounts for your DNS provider. If the wrong person attains access to your account, they could easily delete a record, rendering your site essentially invisible.

‍