On Friday, October 21, 2016, many popular sites were unavailable due to what is believed to be the largest ever DDoS attack on the DNS system of the Internet. Many SalesNexus users were affected.
Of course, when you can’t reach your customer information, you start to ask some important questions.
We wanted to take this opportunity to clarify the security infrastructure that surrounds SalesNexus users’ valuable customer information and what to do in the event of disruptions like this in the future.
SalesNexus Security Infrastructure
SalesNexus hosting partner, LightCrest, maintains a state of the art security infrastructure that is SAS-70 Type II certified. Essentially, this is an industry standard that includes 3rd party audits performed regularly.
Regulation and standards related to health information have been increased significantly in recent years. HIPAA is the Health Insurance Portability and Accountability Act and includes many of these information security standards. Our hosting partner is HIPAA compliant.
Here’s a document on our HIPAA Compliance that also outlines many of the security systems in place.
Related to DDoS attacks and malicious hackers, probably the most crucial component of our security measures is what’s called Intrusion Detection.
Essentially, Intrusion Detection is smart software that monitors connections to the network and looks behavior that is common in malicious intrusions. When detected, these connections are blocked. This technology is very complex and nuanced but, a simple example of how it works is this:
If a hacker repeatedly attempted to connect to a SalesNexus server by trying various usernames and passwords, the intrusion detection system would block that hacker from connecting to the network at all.
So, we remain as confident as ever that your customer data is safe from unwanted access. The fact is that your data is far more secure and safe behind our security infrastructure than it would be on your own corporate network. Here’s a list of the top causes of data theft that may help in identifying risks for your company.
What to do in case of an interruption?
In a case like the recent attack, our sites and servers were up and working but, some browsers couldn’t find them. So, you can also check the SalesNexus Twitter feed at @salesnexus.
Techcrunch had this tip during the recent DDoS attack: “If you’re experiencing connection problems, you can try changing your DNS settings (instructions for how to do this on Mac and Windows are here). Anecdotally, our staff has used OpenDNS (22.214.171.124 and 126.96.36.199) and OpenNIC servers and seen connectivity improve.”
Of course, users are always welcome to call, email or chat with us as well. We had the opportunity to talk with a lot of customers Friday!
We’re contacted by customers having trouble reaching the system often and the cause most commonly is the user’s local hardware and network. So, in case of a problem accessing the site, start by checking to be sure you’re connecting to the Internet, etc. Here’s a simple checklist:
- Can you connect to other sites? Try your favorite news site and be sure to check that the news you’re seeing is recent – your computer may have “cached” a previous view of the site. If this fails, then check your computer and network settings.
- Can you connect to the SalesNexus logon screen? Again, be sure to hit refresh in your browser so you’re not looking at a logon page that was cached previously. If the answer is no, then you’re probably being affected by a disruption similar to the recent one.
- When you enter your credentials and hit logon, what happens? Report this to the SalesNexus support team and we can help you get back to work.
The nature of Internet security is that it is ever evolving. If you have suggestions on how SalesNexus could provide you with greater confidence in your information security or improve our communications during disruptions, please share your thoughts!