0

How secure is your data? Preventing the theft of your internet property.

Written By: John Miles

Monday morning first thing and the phone rings. Its a typical call, since the previous Thursday a small business has noticed that some of the images on its website are starting to appear on other sites. They know enough to understand that once these images are out, they will be unable to prevent their spread. What theyre after now is advice on how to stop them from being stolen in the first place.

Everyone is always wiser after the event and there is a certain complacency in all of us that says its not going to happen to me but when it does we need to know what we can do about it. In this case the damage has been done. Someone had hacked into their site and downloaded approximately 20,000 images. Some of these were licensed from image suppliers and some were taken by themselves at great expense. The cost to the company is easy to work out in terms of what they paid for the images in the first place, but what is more difficult to ascertain is the ongoing revenue loss that will occur.

Ongoing loss because the nature of these images means that the more exposure they get, the smaller their value becomes. In this case the law of supply and demand applies to intellectual property just as much as anything else. By the time the web server logs were checked and the perpetrators identified, six days had elapsed. In that time these images were identified on twenty eight different websites and that number was growing by the day. By then it was a practical impossibility to have them removed.

Even worse was that the images appeared on an image brokers site and were actively being sold with a license for use by other people. The fact that this site was in Russia meant that there was nothing the company could do to prevent it. In short they simply had to swallow the loss and try to prevent it happening again.

What we all need to understand is that it is very difficult, if not entirely impossible, to prevent your data being stolen. If they want it badly enough, they will get it. Your job is to make sure that you make it so difficult, they give up and try elsewhere. For most of us, the basic security of our website is handled by the sites hosts. Being certain of your hosts capabilities is a good start to securing your data. Have you ever asked them how they secure your web server? Perhaps now is a good time to do it.

Web hosting is like any other business. They concentrate generally on the bits you can see in order to get your business. What they can cut costs on, they will and, although any good host will have security firmly at the top of their list, some of the cheaper ones may look at ways of reducing their spending. One very security conscious host is www.serverwise.com. Ive used them for a number of years and always found them to be good when it comes to protecting your web site.

After securing your server the next thing to look at has to be ways of protecting the data. Most theft occurs directly from the web site itself and if youre trying to protect images, there are plenty of watermarking programs that can apply a watermark to your images. Take a look at www.hotscripts.com for example and search for watermarking. You can also find hints and tips on preventing people from saving your files to their local pc on many sites, http://javascript.internet.com is a good source for free scripts and searching on Google for javascripts will reveal more sources.

The company in the example I used earlier had watermarking protection for all their images but, unfortunately for them, the watermarking was dynamic meaning that the images themselves were unwatermarked and the watermarking was applied when the browser displayed the images. What this meant was that by stealing the images from the server, the thieves were able to take unwatermarked images.

There is a way around this and something like Strong Arm from www.liquidfrog.com can help by taking invisible watermarks or copyright information and embedding it directly into the image. Being able to positively identify a file on someone elses website as belonging to you can be a strong persuader in making them remove your content from their site even if they feel theyve bought it legitimately. By proving ownership of a file you can bring a large amount of pressure to bear and save yourself the legal costs of issuing a cease and desist notice.

So far weve looked mainly at ways of preventing image theft. What if your site contains document files or exe files that you make available for download perhaps? How do you prevent them from being stolen? Including a copyright in a text document is something that everyone should be doing but its very easy to remove that and claim the work as your own. Given the fact that you are allowing people to take these files from your site, you should be including a way of identifying them so that, if you see them on another site, you can prove ownership. Again something like Strong Arm can help.

Finally, having done what you can to prevent the theft of your data, you need to check regularly that your web site is still secure and that your file protection systems are working. You also need to check what the current trends are for data security by making sure you understand where the latest threats are coming from. At the moment China and Russia are the two major culprits but this will probably change over time as less advanced countries come up to speed. New ways of stealing data are always just around the corner and you need to be one step ahead the whole time. Its only by keeping on top of it that you can effectively prevent the data youve bought and paid for being stolen!

About the Author

John Miles is a security consultant and programmer. He deals on a daily basis with threats to web site security. With ten years in the computer industry he has seen the damage that can be done to a business by the theft of its intellectual property from a website.

Previous post:

Next post: