Denial of service (DoS) and distributed denial of service (DDoS) attacks have become an unfortunate and unavoidable reality of the web today. The tactics have been implemented by both governments and activists looking to both suppress stories they disagree with. While attacks are increasingly commonplace, understanding of how to defend against them still lags behind.

Recognizing this, the Electronic Frontier Foundation has relaunched its guide on how organizations can defend themselves against the attacks. The guide offers guides on how news organizations (and others) can build threat models, how they can back up and mirror their sites, and which companies offer the services they might need. The EFF guide is particularly targeted at small organizations, which often lack the human and financial resources needed to protect their sites from external hacks.

Here are a few of the guide’s findings and suggestions:

— There’s no single solution to protecting against DoS attacks. The EFF guide suggests that all sites worried about security create their own threat-evaluation models, which will help give them a better idea of where attacks might come from, what they could look like, and how these questions can lead to the most cost-effective defense.

— Different web hosting options come with their own advantages and disadvantages. Hosted services like WordPress.com, for example, take on the responsibilities of securing the sites they host, but also limit the kinds of themes and plugins users can install, as well as in some cases the type of content they can publish. Hosted servers, in contrast, offer more tech and publishing, but require professional technologists to maintain security.

— Cloudflare’s Project Galileo, Deflect, Qurium/VirtualRoad.org all offer DDoS protection services for free to eligible organizations and individuals. Sites like Electionland, The Veterans Brotherhood, and the Internet Archive, among hundreds of others, have taken advantage of Project Galileo, for example.

— Organizations should also consider backing up and mirroring their sites. No anti-DDoS service will be completely effective, making backups essential. The EFF guide also suggests that sites create static mirrors of their sites that users can access in the event that the main sites get taken down.

You can find the full guide here.