FTC Reprimands GoDaddy for Cybersecurity Lapses

FTC Scolds GoDaddy Over Cybersecurity Failures

The Federal Trade Commission (FTC) has taken GoDaddy, a leading website hosting provider, to task for years of inadequate cybersecurity practices. GoDaddy, which serves approximately five million customers, settled with the FTC to implement a comprehensive information security program but avoided monetary penalties.

GoDaddy’s Cybersecurity Shortcomings

GoDaddy previously marketed itself as “Ridiculously fast. Seriously secure.” However, the FTC’s complaint revealed glaring issues:

• Lack of asset inventory and patch management.
• Absence of multi-factor authentication (MFA).
• Inadequate monitoring for security threats.

Between 2019 and 2022, these lapses contributed to multiple security breaches, exposing customer websites and sensitive data to hackers.

FTC’s Settlement Terms

As part of the settlement, GoDaddy must:

1. Establish a robust security program to protect customer data.
2. Implement tools like a security incident and event manager (SIEM), encryption, and MFA.
3. Submit to independent audits every two years.

Failure to comply with these terms could result in fines of up to $51,744 per violation.

Lessons for Users: Security Is Non-Negotiable

The FTC urged website owners to prioritize security when selecting a hosting provider. Ask critical questions like:

• What technologies do you use to secure websites?
• Are MFA options available?
• How do you handle suspicious activity reports?

Your website is more than a digital storefront; it’s a repository of critical business and customer data. Ensuring robust security is vital for protecting your online presence.

GoDaddy’s Response

A spokesperson for GoDaddy claimed the company has already implemented many of the required changes and is committed to improving security. While the company did not admit wrongdoing, it expects minimal financial impact from the settlement.

The FTC’s actions underscore the importance of proactive cybersecurity measures. Businesses should scrutinize their web hosts to ensure robust security practices are in place, safeguarding their reputation and customer trust.