Tag: web security

5 Website Security Tips.  Available from <http://www.forbes.com/sites/thesba/2016/11/29/5-website-security-tips/#17469c582ca7> [NOV 29, 2016 @ 08:00 AM]

Imagine leaving your car parked in a crime-ridden neighborhood. Would you leave your windows down and doors unlocked? Unfortunately, the internet is very much a crime-ridden neighborhood and too many of us are not even taking basic security steps to keep our websites protected.

The goal of this article is to give you some general best practices that can help you keep your website secure from many common cyber threats. Think of this as advice on “How to roll up your windows” and “How to lock your doors” – very straightforward but important steps. While a determined hacker may still be able to break into your vehicle, following these steps will substantially decrease your chances of becoming a victim of a cyber-based attack.

Keep all software updated, always

This applies not only to your website, but to every piece of software you have installed on your workstations. Hackers regularly find vulnerabilities and security flaws in software. Software vendors, on the other hand, are regularly providing software fixes to patch up vulnerabilities that are found or exploited. If you don’t update your software when updates become available, you could be leaving a wide-open door for hackers to exploit.

You need to keep all software updated on your workstations because an infected workstation could give access to other systems, including your website. If your website is powered by a content management system, such as WordPress, you will need to keep the content management software updated at all times, including any plugins you may have installed. Because content management systems, like WordPress, are so widely used, any security holes that are found can also be exploited widely.

Keep backups of your website, local and offsite

When your website has been hacked and injected with malware, the most secure way to fix the issue is to restore your website from the most recent backup prior to the hack. Make sure the sever your site is hosted on is being backed up daily, and make sure your webmaster is retaining copies of your site locally (securely, of course) as an extra precaution.

Use a reputable hosting provider

Not all hosting providers are alike. Many discount web hosting companies do not make adequate investments into security. Ask your provider how they keep your websites protected. Be sure they make regular software updates to the server operating system and other installed software. Ask if they proactively scan and address security issues. Business-focused providers, like Newtek, have invested millions into system and network security, and have adequate staff to manage and monitor systems around the clock.

Manage User Access

It is import to limit who has access to your important systems and website. This is not because you shouldn’t trust your employees – it’s because the more staff you have with access to systems, the higher the probability of someone from your business becoming victim to a cyber scam or hack, which could then lead to unauthorized access.

If you have multiple people from your business that needs access to your website, be sure they only have permission to the areas they need. For example, the content management system WordPress allows you to assign different access levels to different people.

Use an SSL Certificate

An SSL Certificate is used to establish a secure, encrypted connection between your website and a visitor’s web browser. If your website utilizes logins, processes payments, or stores personal information, an SSL certificate is not only required from most compliance standpoints, it will also give assurances to your visitors that you take their privacy and security serioiusly.

5 Website Security Tips.  Available from <http://www.forbes.com/sites/thesba/2016/11/29/5-website-security-tips/#17469c582ca7> [NOV 29, 2016 @ 08:00 AM]

7 Cyber Security Tips for 2017 by Andrew Deen.  Available from <http://www.business2community.com/cybersecurity/7-cyber-security-tips-2017-01711398> [November 22, 2016]

You don’t have to look far to find examples of cyber security breaches – they happen every day, in nearly every industry and country. While many smaller breaches don’t make headlines, others affect millions and have lasting effects on businesses. On November 14^th, 2016, millions of Americans were reminded that Internet privacy is fragile, when a breach was discovered on the adult websites of FriendFinder Networks LLC. The company estimates that 412 million records were compromised, making the security breach the biggest of 2016, just as the year draws to a close.

With so many records exposed, FriendFinder will have to do extensive damage control, and likely respond to lawsuits and investigation by the Federal Trade Commission, as Ashley Madison did last year during its much smaller breach. For businesses, the cost of a breach can be devastating. While it’s not always possible to prevent a breach, having proper cyber security protocols in place can help reduce the likelihood of a breach and make recovering from a security event much easier, should one occur. Here are 7 tips to help get your business’s cyber security ready for the threats of 2017.

Ensure employees know safe protocols for social networking sites

It’s easy to forget that the Internet is a public resource, and privacy is not guaranteed, even on social networking sites. If your employees use social networks on company devices (and many do), educating them on safety protocols for social networks is crucial to preserving cyber security. Here are just a few reminders to give your team:

• Always assume that everything you post is public, even if your settings are set to “friends only”. You never know who will share what you post.
• You can’t take anything back once it’s been posted. Even deleting a post won’t necessarily remove all the copies of the information available.
• Don’t post any identifiable information, like your address or daily routines. This goes for business secrets as well.
• Be considerate of the information you post about others.
• Be wary of strangers. You never know the intent of someone you meet online

Establish cyber security training for all employees

You can’t blame your employees for unsafe cyber security habits if they haven’t been taught how to protect the sensitive information your company retains. Develop protocols for protecting your business’s data so that everyone can be on the same page for cyber security. Establish cyber security training for all new and existing employees. Because knowledge can fade over time, and protocols can change, offering periodic review trainings should also be a priority.

Add encryption protocols

Encryption has been used since ancient times to code messages that could only be read by authorized parties. Today, encryption technology uses advanced algorithms to make data unreadable except by those with the correct key. Encryption is a must for businesses protecting sensitive information, such as patient records or customer credit card information.

Keep software and browsers up to date

Vulnerabilities often occur when software and browsers are not updated on a regular basis. Software manufacturers periodically release updates for their programs, which often include security updates. Cyber criminals are always changing their methods for breaching security systems, and software companies are forced to keep up with them, constantly improving on their security measures. Take advantage of these updates, and don’t leave your operating systems, browsers, and anti-virus software vulnerable.

Use multi-factor authentication technology

Passwords can be compromised, and once they are, it’s easy for criminals to gain access. Multi-factor authentication requires an extra step to log in, whether that means email authentication, or a text message sent to users’ phones. While these protocols often spark protest from employees, they are a great way to ensure an additional layer of security.

Ensure the security of Wi-Fi networks

Access to your business’s Wi-Fi network is a huge benefit to cyber criminals. Keeping your network safe requires a few extra steps than setting up a home router. Use a firewall, and hide your network name from broadcasting to help protect it. Require a strong password for Wi-Fi access.

Implement protocols from the Department of Homeland Security’s Cybersecurity Framework

The U.S. government is taking cyber security seriously, and they’ve put together a framework of protocols for safe security systems. Take some time to go over the information, and see how you can implement these protocols to protect your business.

Don’t Get Complacent in 2017

Even if you’ve never fallen victim to a data breach personally or professionally (and 1 in 5 Americans have), 2017 is not the time to become complacent. As we continue to move online more and more, breaches will continue to increase. Implement these tips for your business, and move a few steps closer to optimized cyber security!

7 Cyber Security Tips for 2017 by Andrew Deen.  Available from <http://www.business2community.com/cybersecurity/7-cyber-security-tips-2017-01711398> [November 22, 2016]

Don't let yourself be targeted by cybercriminals: Here are 6 tips for safe holiday shopping by By Brandon Vigliarolo.  Available from <http://www.techrepublic.com/article/dont-let-yourself-be-targeted-by-cybercriminals-here-are-6-tips-for-safe-holiday-shopping/.> [ November 22, 2016, 11:30 AM PST] Photo Credit: flickr.com/Don Hankins

Online shopping is easy and convenient, and more people are doing it than ever before. The rise in e-commerce also gives cybercriminals more opportunities to rob you blind. Here’s how to stay safe.

Online shopping is predicted to increase by 8% in 2016, meaning 56% of holiday shopping will be done online. Odds are good that you or someone you know is going to buy at least one gift through a desktop, laptop, smartphone, or tablet. But how do you ensure sensitive information stays secure?

Data breaches tend to make headlines in the news but they’re hardly the only means of identity theft. Countless people have had information stolen by unscrupulous websites, fraud, and hacking. Here are six tips to share with your end users, friends, and family members to help them become smarter online consumers.

1. Pay attention to your browser’s URL

Whenever you’re online there’s a web address in the top bar of your browser. It tells you where you are on the internet, and it can be a good indicator of the legitimacy of the website you’re on.

For shopping purposes, and anything else that involves personal information, you need to be sure the website’s address starts with HTTPS. The S indicates a secure connection and any site trying to earn your business should have it.

2. Watch out for email deals

Regular online shoppers have inboxes filled with digital ads from the places they frequent, and those ads are legitimate. What you need to watch out for are ads from places you aren’t familiar with or that seem too good to be true.

Detecting phishing emails can be tough. If you’re not sure what to watch out for check out CNET’s guide for some good tips.

3. Don’t shop on public WiFi

Public WiFi is great, but it’s not necessarily safe. You don’t know who’s on the network, what they might be doing, or what they’re capable of—they may just be hanging out waiting to steal credit card info.

Shop from home, or from any secure connection. Make sure your home WiFi is secured as well—an openly accessible WiFi network is a serious security risk.

4. Use a password manager

Complex passwords are a must, but even those can be stolen if you type them into a spyware-infected computer. You can beef up security even more by using a password management app.

Not only will these apps allow you to sign in to websites with a single click, they can also generate random passwords that are incredibly secure. All you’ll have to do is use a master password to unlock the app and it will do all the hard work for you. And since you aren’t typing your passwords manually there’s much less risk of theft.

5. Keep your computer and antivirus software up to date

No one likes to be reminded of software updates: They interrupt us, take a long time to install and configure, and sometimes come with bugs that make life harder. That doesn’t mean they aren’t essential, though.

Operating system updates often patch security holes, and antivirus software is completely useless without updated virus definitions. If you’re the kind of person who avoids updating their machine take some time before you start shopping to run all your updates and doing a full scan of your computer.

If you don’t have any antivirus software on your computer now is the time to install some. Free applications like Avast and AVG are both great options.

6. Use Paypal or stick with a single credit card

Paypal and websites like it act as intermediaries to online vendors. Anyone who has ever forgotten their Paypal password knows how many security hurdles you have to jump through—it’s serious about security.

If you don’t want to use Paypal or are buying from a vendor that doesn’t accept it stick to using a single credit card. This isolates your risk to one account and if you pick one with good security features you’ll be alerted as soon as something bad happens.

Don't let yourself be targeted by cybercriminals: Here are 6 tips for safe holiday shopping by By Brandon Vigliarolo.  Available from <http://www.techrepublic.com/article/dont-let-yourself-be-targeted-by-cybercriminals-here-are-6-tips-for-safe-holiday-shopping/.> [ November 22, 2016, 11:30 AM PST] Photo Credit: flickr.com/Don Hankins