Thursday, April 19, 2018

Do web hosts provide enough security against phishing: FTC says no.

The Federal Trade Commission (FTC) of the US has stated that after checking 11 web hosting services for small businesses, its staff has discovered that they lack in providing default email authentication and anti-phishing technologies.

Many of these web hosts failed to provide the authentication and anti-phishing technologies.
 
The report, Do Web Hosts Protect Their Small Business Customers with Secure Hosting and Anti-Phishing Technologies?, coming from a highly trustworthy source gives a valuable hint to small clients towards a potentially damaging security slippage. The report has not received the publicity it deserves.

According to the report, only a few web hosts offer straightforward access to email authentication and anti-phishing technologies to small clients, through their domain-level authentication systems.

None of the web hosts tested offered a tech that would instruct receiving email service to reject messages that wrongly declare their source. Support for email authentication technologies is far less extensive: few of the host we examined notify users of these technologies, and several do not support some technologies.

Websites must have security layers, also anti-phishing features.

The takeaway for small businesses, individual website owners and bloggers is that they should pay close attention to the offers of their web hosts and choose the hosts that would protect their websites and email accounts with not only SSL/ TLS but also with email authentication technology. That would help them effectively avoid phishing attacks.