Safeguard Your Business from Cancel Culture
Recently I read a series of articles from an individual with strong left-leaning beliefs. Many in the tech industry are of the liberal branch of politics and so this can be a security issue and concern for businesses and owners who are more conservative. This article is to go over some of the ways to make sure that the key services and servers that most businesses use today can be protected from having service disruption either via getting accounts cancelled/banned / or Ddosed by those who wish to just make you go away any way they can.
Abandon the cloud
One of the first steps to securing your online business is to ditch all of your cloud-based services. Many of these organizations are filled with those with strong ideological beliefs and are willing to bend or break rules in order to help others in ideological crusades. I have a short list of SaaS services I used and the tools i switched to below.
- Quickbooks Online - For this I ditched Quickbooks online for a tool called Akaunting, it has many of the features available in Quickbooks in an a la carte method.
- Stripe/Paypal - Invest in payment processors who work with adult industries, gambling, or other industries commonly affected by moral attacks and bannings of Paypal/Stripe/visa/etc, they have things figured out in a way that will allow you to continue receiving payments. Another option that is less effective is setting up payments via crypto currency.
- Teamwork/Jira/other cloud-based task management tools - I dropped all of these in favor of Phabricator, you could also leverage another self-hosted tool called Redmine.
- MailChimp/Clickfunnels or other marketing automation software - Abandon all of these as they will quickly cancel your service without notice if you anger the wrong group of people. I recommend a tool like Mautic which is the same feature set that you can host on your own servers.
- Salesforce/InfusionSoft or other CRM software - Again dump any of these that you may have, look at SuiteCRM which is a OpenSource mature solution for contact management.
- Github - Instead of using Github/Bitbucket or other cloud code repositories it would be worth looking into switching to a self-hosted version of Gitlab or a tool like Phabricator that allows you to manage your code on a server you own/operate.
- Amazon Hosting - Ditch any US-owned hosting company in favor of companies owned by organizations based in Europe/Australia or anywhere else that is neutral to the political issues currently being fought over in the US. Additionally, have several servers with different providers, this allows you to have a backup and failsafe incase one provider terminates your service. Optionally, consider having a dedicated smaller server on-site that backs up all of your data locally on a regular basis and would be powerful enough for limited traffic in case both providers go dark.
- CloudFlare - Cloudflare has mostly been neutral in fights but has taken action when pressed hard enough. As an alternative look into CDNs that allow content not normally allowed by Cloudflare as this would be a good hedge against things. Below is a list of CDNs to consider. While chaining CDNs is not normally done because it does not improve performance, you can do it in the case where you would like an added level of security
Another best practice is to keep yourself as anonymous as possible. Ensuring that things like Name, Phone Number, Email, Domain names cannot be traced back to your physical location in order to keep your information from being Doxxed. Doxing is a tactic that many politically charged and radicalized individuals will use in order to put pressure and fear onto a political target in order to silence them or threaten them. This can lead to a dangerous situation for family and friends.
- How to do this, first invest in the extra service that hides personal information in your Domain registration record. This is important as one of the first things people look at for businesses online is the WhoIs record.
- Setup a CDN for your server. Ensure that your server has a CDN configured to hide its real IP address. If attackers can get this, they can quickly find out who your host is and possibly put pressure on them to cancel your hosting account. In addition to a CDN, you need to ensure that your site has security practices in place that will prevent an attacker from Deanonymizing your site. See this article on how to deanonymize sites. In short have a secondary server that is not at the same provider as your main server that will handle outbound email. Disable things like Pingback, or other things that send messages directly from the server back to the client all of these will expose your host's IP address
- Register for a phone number through Skype or another VOIP provider, and ensure that you use a PO box for your address.
- Use a PO box that is not located near your home or place of business. Doing this will limit the likelihood of folks following you and learning about your physical location.
Find an IT partner you can trust
One of the final steps to all of this is to make a partnership with an IT professional who you can trust and who is not effected by your political beliefs. This will help you have peace of mind knowing that there is not a potential backdoor programmed into your site, or your details may get leaked. In addition to this look to tools that provide greater security for your site. Wordpress is popular because it is easy, but it is also easier to attack than other software tools.