Cyberattack: a threat to self-hosted and cloud?

[TracyIsland]

In this morning's Wall Street Journal there is an article about the damage incurred by the cyberattack to United Health Group.  Certainly, this is a US issue but cyberattacks can happen to everyone.  

What can we do, as both self-hosted licensees and what can Invision Community do for cloud customers to protect our databases?  I realize Invision Community cannot be responsible for the safety and security of self-hosted licensees but perhaps the staff might offer a list of 'you should be doing' settings' or best practices.

Has anyone been the receiver of a cyberattack?  What hapapened?  How did you recover?  Were you forced to pay up?

Edited March 19 by TracyIsland

[Jim M]

We really can't advise on self-hosted as our support really is limited to only our software, not the underlying infrastructure. The best idea would be to review security best practices with your hosting provider if this is a concern for you.

Of course, there are obvious best practice items that go agnostic, whether you're using software or hosted services:

• Use unique and secure passwords for accounts, even from your hosting panel to your ACP, these should never repeat 🙂 .
• Always use Two Factor Authentication where it is offered.
• Only allow access to sensitive areas (your hosting panel, server, ACP, etc...) to those who require access and are trusted to do so.
  • Limit areas of access to only accomplish items which that user needs to.
• Etc...

Regarding our Cloud, we have numerous layers of security in place to thwart attacks, from our Web Application Firewall to underlying infrastructure controls and setup, there is a lot going to keep our clients' data secure and their communities online. We have some series in our Invision Community Insider forum which @Charles discusses a lot more of these features in depth. If this interests you, I would suggest reading through it.