Tag: Quick Digital

FBI Tells Users to Change Passwords Frequently, Experts Say This Is Bad Advice

FBI Tells Users to Change Passwords Frequently, Experts Say This Is Bad Advice by Bogdan Popa.  Available from <http://news.softpedia.com/news/fbi-tell-users-to-change-passwords-frequently-experts-say-this-is-bad-advice-510528.shtml> [Nov 27, 2016 07:16 GMT]

You’d normally expect the FBI to provide us with the most efficient security tips, but a tweet published recently by the Bureau made many security experts raise their eyebrows and wonder who is actually behind these posts.

Specifically, the FBI tweeted on November 25 a piece of advice that’s supposed to help people stay secure during the holiday shopping season when cybercriminals are also very busy trying to steal our information.

“Shopping online this holiday season? Keep your accounts secure, use strong passwords & change them frequently,” the FBI posted.

And while keeping accounts secure and using strong passwords are indeed good recommendations, it’s the last part that caused controversy. Changing passwords frequently has been often described as bad practice, especially because doing this repeatedly can eventually lead to users turning to easy-to-remember passwords that can be quickly compromised by hackers.

Furthermore, it’s been proved that corporations forcing their employees to change their passwords on a frequent basis are actually more exposed because of the same reasons: workers end up using simpler passwords that are easier to remember, and this can’t lead to anything good.

Security experts: Nope

Security experts have questioned FBI’s tweets, and one of those who recommended exactly the opposite is Per Thorsheim, who founded his own password conference to discuss the importance of passwords.

In a statement for Motherboard, Thorsheim explained that changing passwords frequently is a thing that you shouldn’t do and there are other ways to remain secure online.

“I am surprised and sad to see that the FBI continues to give out bad advice when solid academic research, numerous organisations, corporations and the US government themselves have said for at least half a year now that frequently changing your passwords is a bad idea,” he said.

“While I don’t know who at the FBI is in control of their Twitter account, the people behind it do not seem to be in control of current best practices. I do expect better than that from the FBI.”

So how exactly can you protect yourself online without actually changing passwords frequently? The easiest way to do this is to use a password manager that can help generate complex passwords that are difficult to compromise. Furthermore, make sure you enable two-factor authentication whenever it’s possible, and avoid using the same password for more than a service.

FBI Tells Users to Change Passwords Frequently, Experts Say This Is Bad Advice by Bogdan Popa.  Available from <http://news.softpedia.com/news/fbi-tell-users-to-change-passwords-frequently-experts-say-this-is-bad-advice-510528.shtml> [Nov 27, 2016 07:16 GMT]

6 Common Front-End Web Development Mistakes to Avoid

6 Common Front-End Web Development Mistakes to Avoid by Jennifer Marsh.  Available from <http://www.business2community.com/brandviews/upwork/6-common-front-end-web-development-mistakes-avoid-01717769#YMrkXBlRp8vGI6k4.97> [Nov 30, 2016]

Front-end designers and programmers are responsible for developing everything that users of a site or app see and interact with. This includes coding and bringing interfaces to life that are engaging and aesthetically pleasing to viewers. Just because a customer-facing interface functions well doesn’t mean it will be a success. The wrong design can destroy a site’s user base and cause a dramatic drop in revenue, and getting that design right is the role of a front-end developer.

In front-end development, it’s very important to understand users and their behaviors to build a beautifully functioning front end, but there are also a few common coding mistakes to avoid. Here are a few to keep an eye out for when developing a site or application as well as some tips and best practices that can help you keep your projects on track:

1. Using Tables Instead of Div Containers

Tables were the de facto way of HTML element placement years ago. They almost seem easier to work with than using div containers and CSS when you’re starting a front-end design career. However, tables can be pretty messy and can cause design flaws and misplacements in different browsers.

Table designs have been replaced more and more by CSS and div containers as a more optimal way to place elements and create a layout. Tables are still useful when displaying charts of information, but they’re rarely used to create layouts. Try to opt for “table-less” layouts when designing your front-end HTML code.

2. Coding with Old HTML Elements

HTML5 is the newest form of the HTML coding language, and it’s provided a lot of changes to standard page design. HTML5 replaces elements such as Adobe Flash with the <canvas> tag. The new standards also deprecated some tags such as <frames> and <center> for CSS design.

It’s usually best to avoid coding with older HTML standards. Front-end design depends heavily on browser support. Older HTML support is not always available in some browsers, and it’s bad practice that can put your site at a disadvantage in the long run. (Not to mention, HTML5 has many awesome advantages that will make a site more modern and secure.) The code can be harder to support and in some cases, it can leave your site more vulnerable to security attacks.

3. Forgetting to Test for Each Major Browser

Front-end design relies heavily on JavaScript and client-side scripting. This is why the best practices is to test your code in all the major browsers. At a minimum, most people expect you will test your code in Chrome, Firefox and Internet Explorer (now Edge). You can determine what browsers you’d like to support by looking at your site’s browsing analytics data or using an external source to determine common browsers.

You should also determine the oldest browser version you’ll support. Many users stick with the same older browsers as their computer ages, so you should weigh the pros and cons of possibly alienating these users with the effort it takes to maintain code for both older and newer browsers. Decide the oldest browser version you’ll support and then test on these older versions.

4. Forgetting Responsive Mobile Design

Mobile is the new generation web browsing. Tablets and smartphones are the most popular ways for browsing the web, increasingly replacing desktop browsing. Your front-end design should always be responsive and support mobile devices, or you’ll risk penalties in search results. You can also create a separate site for mobile (also called “m sites”) on a subdomain, but responsive design should be the default in modern front-end coding.

After you make your design responsive, you’ll want to test it as well—with all browsers and browser versions. Remember that mobile devices have several different screen sizes, so ensure that your code supports all possible breakpoints. You can use emulators that help you test so that you don’t need to have several devices on-hand to test.

5. Not Prioritizing Site Speed

Servers and bandwidth are important for site speed, but it’s possible that your front-end can be too bloated even for the fastest server. Image size is a major factor, as is bloated JavaScript code that could be too slow. Always reduce image size and use a format that can be resized without losing much quality such as PNG.

Several site speed testers are available to help you identify what elements of your site design are slowing down your application. “Spaghetti” JavaScript code can slow down the client-side, and large images can slow page load performance. As with responsive design, search engines even take site speed into consideration for ranking, because slow sites frustrate users. A best practice is to always test your site and ensure its performance is fine tuned.

6. Using Outdated or Abandoned JavaScript Libraries

Expert tip: Stick to JavaScript libraries that have active support, documentation, and consistent updates by their developers. You don’t have to only stick with worldwide famous libraries, but you should ensure that the one you do choose will be maintained down the line. If the library is not supported or maintained years later, you might find yourself in a sticky situation with a dependency that is no longer functional if a developer abandons his or her project.

It’s difficult to predict what a developer will do with a project years from now, but you can view its popularity by searching the number of support communities online. For instance, you can’t go wrong with AngularJS or KnockoutJs libraries—they’re popular and supported by big brands.

These mistakes are common, but very easy to avoid. As a front-end developer, your goal should be to create applications that are easy to use for your viewers and support site functionality and speed. JavaScript is probably the most difficult front-end technology to streamline, but by using good libraries and supported code, you can design a front end that doesn’t slow your site down and is highly responsive to mobile devices.

6 Common Front-End Web Development Mistakes to Avoid by Jennifer Marsh.  Available from <http://www.business2community.com/brandviews/upwork/6-common-front-end-web-development-mistakes-avoid-01717769#YMrkXBlRp8vGI6k4.97> [Nov 30, 2016]

Tips To Improve Your Website

Tips To Improve Your Website by Martinsville SCORE.  Available from <http://www.martinsvillebulletin.com/opinion/ask-score-tips-to-improve-your-website/article_acdbd624-1689-550b-8763-be0e4778e440.html> [

After working hard to make your website easier to find in online searches, the last thing you want is to drive visitors away because of a poor user experience after they’ve arrived.

“Good design, usability, and user experience are more important than ever in website development,” shares SCORE mentor and technology professional, Matthew Krieger. “It’s a constant fight for visitors’ attention—any delay, complexity, or friction whatsoever could prompt users to leave your site. I often see companies put too many barriers in front of customers—overly complex signup processes, excessively strict forms, surveys with too many questions, etc. These things hurt the engagement process and can result in a lost sale.”

Here are two basic things you can do to help give your website visitors a positive experience:

Pay attention to the loading speed of your pages.

Findings released by Akamai Technologies, Inc. revealed that nearly half of Internet users expect website pages to load in less than two seconds and 40 percent are likely to abandon a page if it doesn’t load within 3 seconds. If your website pages load slowly, your business could be missing out on potential sales—and that could hurt your business’s bottom line.

According to Krieger, “Page load time and, perhaps more importantly, page responsiveness are very important to visitor perception and can ultimately impact engagement. Additionally, Google considers page performance in their ranking algorithm. There’s a balance to be struck between the desire to include advertisements, analytics mechanisms, and other page widgets (all of which can benefit the business) and the necessity of creating a fast site and a good experience for the user.”

Be direct and clear with your content.

According to Nielsen Norman Group, “On the average Web page, users have time to read at most 28 percent of the words during an average visit; 20 percent is more likely.”

To help make sure your readers are taking away what you want them to know about your company, products, and services, you need to get to the point. They don’t have time to sift through endless blocks of text or waste time on irrelevant content. Make it easy for readers to find what they want by breaking text into sections with clearly defined headings and subheadings. Also, give your web page text some white space to make it less cluttered and easier for visitors to read.

“A website’s information architecture—the art and science of structuring and presenting digital information to achieve good usability—is important to consider when developing your content. Furthermore, the need for a clear and focused message is greater than ever,” explains Krieger. “Given the overwhelming amount of digital content competing for people’s time, delivering value quickly should be a focus.”

Tips To Improve Your Website by Martinsville SCORE.  Available from <http://www.martinsvillebulletin.com/opinion/ask-score-tips-to-improve-your-website/article_acdbd624-1689-550b-8763-be0e4778e440.html> [

5 Website Security Tips

5 Website Security Tips.  Available from <http://www.forbes.com/sites/thesba/2016/11/29/5-website-security-tips/#17469c582ca7> [

Imagine leaving your car parked in a crime-ridden neighborhood. Would you leave your windows down and doors unlocked? Unfortunately, the internet is very much a crime-ridden neighborhood and too many of us are not even taking basic security steps to keep our websites protected.

The goal of this article is to give you some general best practices that can help you keep your website secure from many common cyber threats. Think of this as advice on “How to roll up your windows” and “How to lock your doors” – very straightforward but important steps. While a determined hacker may still be able to break into your vehicle, following these steps will substantially decrease your chances of becoming a victim of a cyber-based attack.

Keep all software updated, always

This applies not only to your website, but to every piece of software you have installed on your workstations. Hackers regularly find vulnerabilities and security flaws in software. Software vendors, on the other hand, are regularly providing software fixes to patch up vulnerabilities that are found or exploited. If you don’t update your software when updates become available, you could be leaving a wide-open door for hackers to exploit.

You need to keep all software updated on your workstations because an infected workstation could give access to other systems, including your website. If your website is powered by a content management system, such as WordPress, you will need to keep the content management software updated at all times, including any plugins you may have installed. Because content management systems, like WordPress, are so widely used, any security holes that are found can also be exploited widely.

Keep backups of your website, local and offsite

When your website has been hacked and injected with malware, the most secure way to fix the issue is to restore your website from the most recent backup prior to the hack. Make sure the sever your site is hosted on is being backed up daily, and make sure your webmaster is retaining copies of your site locally (securely, of course) as an extra precaution.

Use a reputable hosting provider

Not all hosting providers are alike. Many discount web hosting companies do not make adequate investments into security. Ask your provider how they keep your websites protected. Be sure they make regular software updates to the server operating system and other installed software. Ask if they proactively scan and address security issues. Business-focused providers, like Newtek, have invested millions into system and network security, and have adequate staff to manage and monitor systems around the clock.

Manage User Access

It is import to limit who has access to your important systems and website. This is not because you shouldn’t trust your employees – it’s because the more staff you have with access to systems, the higher the probability of someone from your business becoming victim to a cyber scam or hack, which could then lead to unauthorized access.

If you have multiple people from your business that needs access to your website, be sure they only have permission to the areas they need. For example, the content management system WordPress allows you to assign different access levels to different people.

Use an SSL Certificate

An SSL Certificate is used to establish a secure, encrypted connection between your website and a visitor’s web browser. If your website utilizes logins, processes payments, or stores personal information, an SSL certificate is not only required from most compliance standpoints, it will also give assurances to your visitors that you take their privacy and security serioiusly.

5 Website Security Tips.  Available from <http://www.forbes.com/sites/thesba/2016/11/29/5-website-security-tips/#17469c582ca7> [

7 Cyber Security Tips for 2017

7 Cyber Security Tips for 2017 by Andrew Deen.  Available from <http://www.business2community.com/cybersecurity/7-cyber-security-tips-2017-01711398> [November 22, 2016]

You don’t have to look far to find examples of cyber security breaches – they happen every day, in nearly every industry and country. While many smaller breaches don’t make headlines, others affect millions and have lasting effects on businesses. On November 14th, 2016, millions of Americans were reminded that Internet privacy is fragile, when a breach was discovered on the adult websites of FriendFinder Networks LLC. The company estimates that 412 million records were compromised, making the security breach the biggest of 2016, just as the year draws to a close.

With so many records exposed, FriendFinder will have to do extensive damage control, and likely respond to lawsuits and investigation by the Federal Trade Commission, as Ashley Madison did last year during its much smaller breach. For businesses, the cost of a breach can be devastating. While it’s not always possible to prevent a breach, having proper cyber security protocols in place can help reduce the likelihood of a breach and make recovering from a security event much easier, should one occur. Here are 7 tips to help get your business’s cyber security ready for the threats of 2017.

Ensure employees know safe protocols for social networking sites

It’s easy to forget that the Internet is a public resource, and privacy is not guaranteed, even on social networking sites. If your employees use social networks on company devices (and many do), educating them on safety protocols for social networks is crucial to preserving cyber security. Here are just a few reminders to give your team:

  • Always assume that everything you post is public, even if your settings are set to “friends only”. You never know who will share what you post.
  • You can’t take anything back once it’s been posted. Even deleting a post won’t necessarily remove all the copies of the information available.
  • Don’t post any identifiable information, like your address or daily routines. This goes for business secrets as well.
  • Be considerate of the information you post about others.
  • Be wary of strangers. You never know the intent of someone you meet online

Establish cyber security training for all employees

You can’t blame your employees for unsafe cyber security habits if they haven’t been taught how to protect the sensitive information your company retains. Develop protocols for protecting your business’s data so that everyone can be on the same page for cyber security. Establish cyber security training for all new and existing employees. Because knowledge can fade over time, and protocols can change, offering periodic review trainings should also be a priority.

Add encryption protocols

Encryption has been used since ancient times to code messages that could only be read by authorized parties. Today, encryption technology uses advanced algorithms to make data unreadable except by those with the correct key. Encryption is a must for businesses protecting sensitive information, such as patient records or customer credit card information.

Keep software and browsers up to date

Vulnerabilities often occur when software and browsers are not updated on a regular basis. Software manufacturers periodically release updates for their programs, which often include security updates. Cyber criminals are always changing their methods for breaching security systems, and software companies are forced to keep up with them, constantly improving on their security measures. Take advantage of these updates, and don’t leave your operating systems, browsers, and anti-virus software vulnerable.

Use multi-factor authentication technology

Passwords can be compromised, and once they are, it’s easy for criminals to gain access. Multi-factor authentication requires an extra step to log in, whether that means email authentication, or a text message sent to users’ phones. While these protocols often spark protest from employees, they are a great way to ensure an additional layer of security.

Ensure the security of Wi-Fi networks

Access to your business’s Wi-Fi network is a huge benefit to cyber criminals. Keeping your network safe requires a few extra steps than setting up a home router. Use a firewall, and hide your network name from broadcasting to help protect it. Require a strong password for Wi-Fi access.

Implement protocols from the Department of Homeland Security’s Cybersecurity Framework

The U.S. government is taking cyber security seriously, and they’ve put together a framework of protocols for safe security systems. Take some time to go over the information, and see how you can implement these protocols to protect your business.

Don’t Get Complacent in 2017

Even if you’ve never fallen victim to a data breach personally or professionally (and 1 in 5 Americans have), 2017 is not the time to become complacent. As we continue to move online more and more, breaches will continue to increase. Implement these tips for your business, and move a few steps closer to optimized cyber security!

7 Cyber Security Tips for 2017 by Andrew Deen.  Available from <http://www.business2community.com/cybersecurity/7-cyber-security-tips-2017-01711398> [November 22, 2016]