How to secure your digital transactions

How to secure your digital transactions by Abhijit Ahaskar.  Available from <http://www.livemint.com/Leisure/eAqnDAFMqB4Vfxe7yyOfgO/How-to-secure-your-digital-transactions.html> [Last Modified: Mon, Dec 19 2016. 06 16 PM IST]

Demonetisation and the subsequent cash crunch has compelled people to use their debit or credit cards. Many are using payment wallets such as FreeCharge and Paytm to avoid using their cards all the time. Many of these first-time users are not fully aware of what is secure and what is not. This makes them an easy prey for hackers and people with malicious intent. According to Norton’s Cyber Security Insights Report (published in November 2016), 55% of users born between 1980 and 2000 have been victims of cyber crime.

Here are some tips that you can keep in mind if you are using one of the digital platforms for making your next cash transaction.

Be more cautious with public WiFi networks

Easy and fast access to internet through public WiFi networks such as at railway stations, airports and coffee shops attracts many users. Users need to keep a few things in mind before connecting to any public WiFi network. One of them is to make sure you know the right SSID (service set identifier) name of the WiFi network you are connecting to. Hackers often set up WiFi network with almost similar SSID names making users believe that there are two such networks and they can connect to any of them. Any communication made using such dubious networks will be at risk of malicious activity. It is safer to avoid WiFi networks that are not protected by a password.

Use VPN

Using a Virtual Private Network (VPN) not just sidesteps geographical restrictions on online content but can also add a layer of security to your online communications. It is widely used as a tool to secure web browsing sessions by enterprise as well as individual users. You can add a VPN on your smartphone or your WiFi network at home. For a smartphone, you will have to downloaded and install a VPN app. Most VPN apps charge a monthly subscription, while some like Opera VPN are completely free to use. Deploying a VPN in wireless router will transmit all online communication through an encrypted tunnel created by the VPN.

Use OTP during transactions

During online transactions made using a credit or debit card, banks ask users to enter their 3D secure PIN (personal identification number) or request for an OTP (one-time password). Using the latter will prompt the bank to send a six-digit number through a text message on the user’s registered mobile number. This is a unique number and is generated only for one transaction. Using a 3D secure PIN on a public WiFi can be risky. Paying through an OTP is still a safer option.

Identify secure webpages

Most websites rely on certain security protocols such as HTTPS (Hyper Text Transfer Protocol Secure) to protect users and keep their transactions secure. These websites can be identified with a green sticker and through the browser url, where the link address will start with https instead of http or www.

Alternative to online transactions—Use NUPP for transaction

Another way of bypassing the risk of online fraud during transactions is using National Unified USSD Platform (NUPP) for sending money directly to the other person’s bank account. NUPP is based on USSD (Unstructured Supplementary Service Data) technology which uses GSM networks for communication with the user and the bank and this makes it free from the risk of online hacking. To use it, dial *99# in your phone and enter and type the three letters used to identify your bank or the IFSC (Indian Financial System Code) of your bank in the next pop-up page. This will open another page with options to pay using MMID (Mobile Money Identification Number) or IFSC.

If you are paying through MMID, enter the seven-digit MMID code and the beneficiary’s mobile number. In case you are using the IFSC, enter the IFSC code and the bank account number of the beneficiary and the amount that you are paying. To complete the transaction, you will be asked to enter your four-digit mobile banking PIN number issued by your bank. For every transaction, users will be charged a nominal fee of 50 paise.

How to secure your digital transactions by Abhijit Ahaskar.  Available from <http://www.livemint.com/Leisure/eAqnDAFMqB4Vfxe7yyOfgO/How-to-secure-your-digital-transactions.html> [Last Modified: Mon, Dec 19 2016. 06 16 PM IST]

Top 12 Tips for staying safe online

Top 12 Tips for staying safe online by Kuwait Times.  Available from <https://www.zawya.com/mena/en/story/Top_twelve_tips_for_staying_safe_online-ZAWYA20161215052009/> [14 December 2016]

As the popularity of online shopping increases in Kuwait, so does the likelihood of falling foul of cyber crooks, not necessarily because they are putting in extra effort during the festive season, but simply because more of us are doing more online shopping at this time of the year, and we’re on the lookout for the hottest deals.

Sophos has put together the following cyber security tips to help you focus on family, food and fun over during this season, rather than dealing with the headache of stolen credit card details or important documents lost to ransom ware.

1) Clean up your passwords before you start shopping
Don’t use the same password on more than one website. If the crooks get one password, they’ll immediately try it on all your other accounts. Make your passwords as long and complex as you can; in fact, consider using a password manager, which will come up with a unique password for each website automatically.

2) Update your devices
When patches come out, most of them fix security holes that the crooks either already know about or will find out about soon. Don’t put off security updates because “later will be fine”. Follow our advice: patch early, patch often.

3) Back up your files
Whether you’re taking your laptop on holiday, or staying at home with your faithful desktop this festive season, don’t forget to back up your precious documents on all of your devices. That way if your files are lost, stolen, “reconfigured” by a teenaged “expert”, or, worst of all, held for extortion by ransom ware, you can still get your data back.

4) Watch out for booby-trapped ATMs when shopping on the High Street
Watch out for modified ATMs when you withdraw money. Crooks often glue fake parts onto or around ATMs in the hope of covertly reading both your card data and your PIN. If you see an ATM with any components that look as though they don’t belong, report it to the bank and the police. That way you protect yourself and everyone else too.

5) Beware of login links in emails
With so many emails flying around over the festive shopping period, it’s a popular time for cyber crooks to use fake ‘phishing’ emails to trick you into handing over personal data. When an email urges you to click on a link to login to your account and change your password, or some similar sort of subterfuge, it’s probably crooks trying to trick you onto a fake site that will look exactly like the real thing, except that the crooks get your password, not the real website. If you want to check a transaction on one of your accounts, open your browser and browse to the website yourself.

6) Look for the padlock in the URL bar when shopping online
A padlock in the address bar and a URL that starts with “HTTPS” means the website uses an encrypted or secure connection. All major websites, not just financial institutions, use HTTPS these days, so if you see a site that’s asking for personal information but doesn’t have the padlock, you can be sure it’s a fake.

7) Watch out for bogus courier emails
During this time, you may very well get products delivered to your home, so you’ll be expecting a visit from a courier company. Crooks know this and send fake emails about bogus delivery problems, hoping to draw you into their web. If you want to contact a courier company to check on a delivery, look up their phone number or email address yourself – don’t use any links or information from an email.

8) Don’t email your credit card details
Sometimes you’ll try to buy that special gift , but your credit card won’t go through. In perfectly good faith, the seller may ask you to email through your card details to try again later. But that email could end up in the hands of cyber crooks, even if the seller handles it with care once they’ve received it. Remember: if in doubt, don’t give it out!

9) Turn off Flash on your devices
Want to do one single, simple thing to improve your security, now and forever? Turn off Flash, or uninstall it altogether if you can. Booby-trapped Flash files are still a popular way of spreading malware, and with fewer and fewer sites actually requiring Flash, it’s safer to do without it altogether.

10) Change default passwords before using any new home video devices
Whether it’s a new baby monitor, home surveillance system, or any other internet-enabled camera, it probably has a default password. If you don’t change the password then you are making it easy for a cybercriminal to hack in and watch whatever you’re filming. That could be you, your house, your baby, or something else that you’d prefer to keep away from prying eyes.

11) Think before you share on social media
Maybe it sounds obvious, but over sharing on social media is a bad idea, and there is no better time to remind you of this than the party season. Whether it’s photos of other people, your credit card details, the fact that you’re holding a really amazing party on Friday night or anything else, stop and think before you share. Once you post it, you’ll never be able to take it back.

12) Upgrade the software on any new devices before using them
Even “new” computers and hardware devices usually need updates right away. After all, between when they were made and when you first use them, the crooks have had time to find new security holes to attack. If you want to protect your new devices, always patch before using them, even if it’s Christmas Day and you’re dying to try out your brand new present.

Finally, make sure your computers at home are secure. Sophos Home is free and allows you to protect up to 10 Windows and Mac computers from malware, ransom ware, phishing and more. You can have different settings for adults and kids, and the web filter lets you block ads. It’s an easy-to-use solution that takes minutes to download and get started. And remember, when 2017 comes around, all of these tips will still be valid. In other words, as much as we’re urging you not to let your computer security guard down over the festive season, we’re also encouraging you to keep your security guard up every day. Cyber security is for life, not just for this season.

Top 12 Tips for staying safe online by Kuwait Times.  Available from <https://www.zawya.com/mena/en/story/Top_twelve_tips_for_staying_safe_online-ZAWYA20161215052009/> [14 December 2016]

3 Core Elements To Stay On Top Of When Launching A Website

3 Core Elements To Stay On Top Of When Launching A Website by Michael Lyons.  Available from <http://www.business2community.com/web-design/3-core-elements-stay-top-launching-website-01734513> [December 19, 2016]

If you’ve ever launched a website, you know that Murphy’s Law does in fact exist: anything that can go wrong, will go wrong. From small grammar mistakes to plugins that make the site inaccessible, you must be prepared to troubleshoot both the expected and unexpected. Below are three core elements to account for when launching a new website, and tips on how to make each go more smoothly.

Content

The more content that you have on your site, the more organized you must be. Here’s a list of some of the things to watch out for when you’re juggling content for your new site:

  1. Content version control (or lack-thereof)
  2. Losing assets
  3. Wrong content/media in the wrong location on the site

To avoid these pitfalls, here’s a couple recommendations to help your content launch goes more smoothly:

  1. Assign a “Content Manager:” Similar to a project manager, this person’s role isn’t to create the content, but to make sure everything is in-line, organized, and the right assets progress accordingly.
  2. Don’t use email as storage: Any assets that are transferred via email should always be saved into a centralized storage location (CMS, shared folders, etc.). You should never have to “look back” into your email to find an asset that someone sent you. As soon as you receive it, save it in a shared location.
  3. Digital storage/organization tips:
    1. Organize assets by website structure: consider setting up your folders according to your site structure. This way, there’s a 1:1 match between the content and where it should reside on the site, minimizing the chance that the wrong content ends up in the wrong locations.
    2. Plan for multiple versions: have separate folders for each round of content revisions – ie version 1, version 2, etc. That way, when you get to the final version, every asset is included and everyone will know where to pull the latest update from.
    3. Files of a feather flock together: folders should sit next to folders and files next to files. Whenever a file sits next to a folder, that means it’s time for a new folder. I realize many people have their own naming conventions that they remember, but it’s better to build an organizational structure that doesn’t require you to be there to find something. While creating nested folders within your storage system may take a few more clicks to access, it will pay off in the time you won’t have to spend sending files to people who could instead find them themselves.

Design

The two big design factors you need to account for when launching your site are:

  1. Browser compatability
  2. Device compatibility

If you have a responsive website (you should), it can and will appear differently depending on which browser and device your visitors are on. While doing your testing, it’s important to download different internet browsers and do a spot-check to make sure everything looks how you want it to. It’s also a good idea to check your web analytics to see which browser the majority of your traffic uses; then, you can prioritize your testing with that browser.

Similarly, your site elements will appear differently on different size screens. Pull out your phone, tablet, and a couple computer sizes if possible to see if everything looks right. It is also important to note that there could be SEO implications, as sites that are not responsive or mobile-friendly could be penalized in search results. A great tool you can use instead of manually looking at different screens is called Screenfly. You simply enter your URL, it’ll pull up your site, and you can pick virtually any device brand, model, size etc to see how it appears.

Functionality

Elements on your site can look pretty, but if the plumbing doesn’t work, then your Demand Generation efforts will be for naught. Be sure to double check that:

  • Links are working properly.
  • Form submissions are leading to the right ‘Thank You’ pages as well as sending the correct data to your database.
  • Any automated follow-up emails are triggering.
  • 3rd party site integrations such as marketing automation, sales CRM, SEO plugins, social plugins, etc. are working properly and not interfering with other site functionality.
  • Any old content is redirecting to the respective new page(s). If you have high-traffic pages, you don’t want to lose that SEO “juice.” Using redirects to the new site locations, will make sure you don’t lose out on that valuable traffic.

Pre-launch quality assurance testing is not optional. It’ll save countless hours of fixing later. However, not everything will be caught pre-launch. Here’s a few tips to minimize the bumps in post-launch damage control:

  1. Launch when traffic is low: Sites have different traffic patterns depending on audience, so check your analytics to see when would be best.
  2. QA is a team effort: You should have multiple eyes testing the site, then reporting bugs to a single person who will prioritize them. Read more on When Mistakes Happen here.
  3. Prioritize bugs: Bugs should be prioritized based on urgency and impact. Urgency refers to how quickly the bug must be fixed (based on site priorities, site-usability, etc) and impact refers to how big the bug is – what are the downstream ramifications of the bug? High urgency and impact bugs should be addressed first.

Summary:

  1. When launching your site, you must account for content, design and functionality elements to make sure everything’s running smoothly.
  2. Accountability and organization are critical to ensure bugs and their fixes don’t fall through the cracks.
  3. Post-launch bugs are inevitable, but they should not all be treated equally. Those with high urgency and impact should be prioritized.

Launching a new website is a strenuous endeavor, often including many parties. With so many balls being juggled simultaneously, it’s easy to let something drop. However, an organized process and clear lines of accountability will greatly reduce the firefighting needed.

3 Core Elements To Stay On Top Of When Launching A Website by Michael Lyons.  Available from <http://www.business2community.com/web-design/3-core-elements-stay-top-launching-website-01734513> [December 19, 2016]

How To Get Powerful Website Protection – SSL Certificate

How To Get Powerful Website Protection – SSL Certificate by Natasha Miranda.  Available from <http://www.valuewalk.com/2016/12/ssl-certificate-tips/> []

As a website owner or manager, knowing the advantages of using an SSL/TLS certificate will be essential. It will also be important to understand that this is just one part of a full range of cyber security technology options that will keep your website safe from hackers and from a breach of data security to your system.

Before going any further, it will be important to address a simple factor that is often overlooked. The purpose of an SSL certificate is to have an approved third-party, a recognized Certificate Authority (CA) to verify the website is authentic and trustworthy. This means choosing a recognized and trusted Certificate Authority. A good example of this is the Comodo SSL products that are recognized worldwide and can be found on websites of large multinational and global companies as well as smaller local ecommerce businesses.

There are two other options in SSL certificates that can be found on the market through any quick online search. While these will both be available at no-cost, there are risks associated with these certificates that should be carefully considered if website protection and protection of transmitted data is ultimately your major consideration and concern.

Free Certificates

You may have heard the term “you get what you pay for” and this is certainly the case with many of the free SSL certificates out there. The recognized CAs offer very cheap SSL certificates at the domain and organization validation levels that are far superior in customer service, support and security.

Remember, with a certificate, as with any information technology security tool; it needs to be recognized by the different systems it interacts with. The recognized CAs have their root certificates embedded with all major browsers and devices, ensuring that the certificates they issue will be accepted as trusted sources.

Unfortunately, the free SSL certificates are often not recognized by the different browsers and devices. From a 99.9% recognition rate with an SSL/TLS certificate from a trusted Certificate Authority, you may find that the majority of your customers either have to manually add your certificate to the device or browser trusted list or they will see the security warning displayed every time they try to access the site using a free SSL product. This is because there is no root certificate embedded in the device or browser, meaning the certificates they issue are also not trusted.

Self-Signed Certificates

These types of SSL products are even more problematic and less trusted by browsers and devices. As suggested by the name, the self-signed certificate is created by the website owner and basics is a case of vouching for yourself.

This creates trust issues for browsers and devices as there is simply no root certificate and no recognized Certificate Authority that is verifying the information. It would be possible for anyone to set up a website and create a self-signed certificate, even if the information on the certificate was invalid and the website was a spoof site.

The good news for legitimate website owners is that if you have an SSL certificate from a recognized Certificate Authority, there is no way that this type of situation can occur. The hacker cannot access the private key to your site or your certificate, which means your website is the only entity that the key and the certificate will work with. The private key is always kept secured on your server. Only through
authenticating the certificate and the public key with the private key can data be decrypted for use.

No Eavesdropping or Hacking Risks

If your website uses a login and password combination, which is true for social media sites and many types of paid subscriptions or memberships to blogs or forums, using an SSL certificate protects your site from hacking through eavesdropping.

Without the customer, client or user’s login and password data being encrypted, it could be easily intercepted and read. This could include if an employee or customer used a public Wi-Fi hotspot or even used a connection at home that lacked basic wireless network security features.

Once the hacker had that information, he or she could then go into your data through a legitimate login using that stolen information. It would be virtually impossible for you to detect the data breach as it would appear to come from an actual, valid customer.

Through the use of encryption to send the data, all the hacker will see is a random string of code that is illegible and unreadable. With full 256 bit encryption, which is considered the internet cyber security standard, it is virtually impossible for the hacker ever to be able to break the encryption.

It is important to carefully consider how much of your website needs to be secured through the use of SSL technology. Any web page collecting information or transmitting what is considered sensitive information needs to have this level of protection.

Logins, passwords and even email may also need to be protected depending on the type of use, the data transmitted and if the information is considered sensitive. Determining which level of SSL technology is required and which pages should be secured starts with assessing your cyber security risks and then providing the right types of protection.

How To Get Powerful Website Protection – SSL Certificate by Natasha Miranda.  Available from <http://www.valuewalk.com/2016/12/ssl-certificate-tips/> []

10 Small Business Tips for SEO, Content Marketing and More

10 Small Business Tips for SEO, Content Marketing and More by Annie Pilon.  Available from <https://smallbiztrends.com/2016/12/10-small-business-tips-seo-content-marketing.html> [Dec 03, 2016]

When it comes to marketing a small business, there are many different methods you can use. There’s SEO, content marketing, email lists and more. If you want to learn more about marketing your business using some of these methods in 2017, take a look at the tips from members of our small business community below.

Watch These Marketing Trends in 2017
If you want your marketing plan to work in 2017, you need to understand all the latest trends, tools and methods available. In this Midas Media post, Nat Rubyan-Ling shares some marketing trends you should know for 2017. And BizSugar members comment further on the post.

Get Better Insights About Your Audience
If you want to create content that resonates with your audience, then you first need to learn about them. There are some essential tools and methods you can use to get useful insights, as this post by Jenny Knizer on the Content Marketing Institute blog points out.

Find an Interesting and Profitable Niche for Your Online Venture
Whether you’re creating a blog, an ecommerce store, or any other type of online business, you need a niche. Since there are already so many different types of businesses online, you may need to get creative in order to find a niche that is both interesting and profitable. This MyBlogU post by Ann Smarty includes some tips.

Use These Customer Retention Strategies That Work for Small Businesses
Once you’ve executed your marketing plan and gained new customers, you still need to work hard to keep those customers coming back. Luckily, there are some tried and true customer retention strategies that can work for small businesses. You can see some of them in this Plousio post by Evan Tarver.

Learn What to Do After Creating Your Buyer Persona
If you want to market to specific customers, you first need to create a buyer persona so you understant who you’re marketing to. But even that isn’t enough. For more on what to do after you’ve created your buyer persona, check out this Magnificent post by David Reimherr. And then see what BizSugar members are saying about the post here.

Rank for Your Competitors’ Keywords
There are many different schools of thought when it comes to using your competition to gain search traffic. In this post, Neil Patel examines some of the pros and cons of this concept for different types of businesses.

Build a Marketing Budget for 2017
Before you really get started on your marketing efforts for the new year, you need to set some kind of budget so you don’t reach beyond your means. This Search Engine Journal post by Jacob Baadsgaard features some tips you can use to create a marketing budget for 2017.

Use Marketing Velocity to Increase Your Sales and Revenue
Marketing velocity is the speed at which your marketing efforts work to deliver results. So its an important concept for marketers to understand. In this crowdSPRING post, Ross Kimbarovsky details some ways you can use marketing velocity to increase sales and revenue. And the BizSugar community also shares thoughts on the post.

Help Your Ecommerce Store Recover From a Growth Setback
Running an ecommerce business isn’t easy. You’re likely to face setbacks at some point or another. So understanding how to recover from those setbacks is paramount. Shayla Price shares some tips for doing just that in a post on the Kissmetrics blog.

Get the Most Out of Your Holiday Emails
Email marketing can be an especially effective tactic during the holiday season. But in order to get the most out of it, you need to really understand your subscribers and what they’re looking for this holiday season. To see more tips about getting the most out of your holiday emails, check this Marketing Land post by Scott Heimes.

If you’d like to suggest your favorite small business content to be considered for an upcoming community roundup, please send your news tips to:  sbtips@gmail.com.

Typing Photo via Shutterstock through article source
10 Small Business Tips for SEO, Content Marketing and More by Annie Pilon. Available from <https://smallbiztrends.com/2016/12/10-small-business-tips-seo-content-marketing.html> [Dec 03, 2016]