5 Website Security Tips

5 Website Security Tips.  Available from <http://www.forbes.com/sites/thesba/2016/11/29/5-website-security-tips/#17469c582ca7> [

Imagine leaving your car parked in a crime-ridden neighborhood. Would you leave your windows down and doors unlocked? Unfortunately, the internet is very much a crime-ridden neighborhood and too many of us are not even taking basic security steps to keep our websites protected.

The goal of this article is to give you some general best practices that can help you keep your website secure from many common cyber threats. Think of this as advice on “How to roll up your windows” and “How to lock your doors” – very straightforward but important steps. While a determined hacker may still be able to break into your vehicle, following these steps will substantially decrease your chances of becoming a victim of a cyber-based attack.

Keep all software updated, always

This applies not only to your website, but to every piece of software you have installed on your workstations. Hackers regularly find vulnerabilities and security flaws in software. Software vendors, on the other hand, are regularly providing software fixes to patch up vulnerabilities that are found or exploited. If you don’t update your software when updates become available, you could be leaving a wide-open door for hackers to exploit.

You need to keep all software updated on your workstations because an infected workstation could give access to other systems, including your website. If your website is powered by a content management system, such as WordPress, you will need to keep the content management software updated at all times, including any plugins you may have installed. Because content management systems, like WordPress, are so widely used, any security holes that are found can also be exploited widely.

Keep backups of your website, local and offsite

When your website has been hacked and injected with malware, the most secure way to fix the issue is to restore your website from the most recent backup prior to the hack. Make sure the sever your site is hosted on is being backed up daily, and make sure your webmaster is retaining copies of your site locally (securely, of course) as an extra precaution.

Use a reputable hosting provider

Not all hosting providers are alike. Many discount web hosting companies do not make adequate investments into security. Ask your provider how they keep your websites protected. Be sure they make regular software updates to the server operating system and other installed software. Ask if they proactively scan and address security issues. Business-focused providers, like Newtek, have invested millions into system and network security, and have adequate staff to manage and monitor systems around the clock.

Manage User Access

It is import to limit who has access to your important systems and website. This is not because you shouldn’t trust your employees – it’s because the more staff you have with access to systems, the higher the probability of someone from your business becoming victim to a cyber scam or hack, which could then lead to unauthorized access.

If you have multiple people from your business that needs access to your website, be sure they only have permission to the areas they need. For example, the content management system WordPress allows you to assign different access levels to different people.

Use an SSL Certificate

An SSL Certificate is used to establish a secure, encrypted connection between your website and a visitor’s web browser. If your website utilizes logins, processes payments, or stores personal information, an SSL certificate is not only required from most compliance standpoints, it will also give assurances to your visitors that you take their privacy and security serioiusly.

5 Website Security Tips.  Available from <http://www.forbes.com/sites/thesba/2016/11/29/5-website-security-tips/#17469c582ca7> [

7 Cyber Security Tips for 2017

7 Cyber Security Tips for 2017 by Andrew Deen.  Available from <http://www.business2community.com/cybersecurity/7-cyber-security-tips-2017-01711398> [November 22, 2016]

You don’t have to look far to find examples of cyber security breaches – they happen every day, in nearly every industry and country. While many smaller breaches don’t make headlines, others affect millions and have lasting effects on businesses. On November 14th, 2016, millions of Americans were reminded that Internet privacy is fragile, when a breach was discovered on the adult websites of FriendFinder Networks LLC. The company estimates that 412 million records were compromised, making the security breach the biggest of 2016, just as the year draws to a close.

With so many records exposed, FriendFinder will have to do extensive damage control, and likely respond to lawsuits and investigation by the Federal Trade Commission, as Ashley Madison did last year during its much smaller breach. For businesses, the cost of a breach can be devastating. While it’s not always possible to prevent a breach, having proper cyber security protocols in place can help reduce the likelihood of a breach and make recovering from a security event much easier, should one occur. Here are 7 tips to help get your business’s cyber security ready for the threats of 2017.

Ensure employees know safe protocols for social networking sites

It’s easy to forget that the Internet is a public resource, and privacy is not guaranteed, even on social networking sites. If your employees use social networks on company devices (and many do), educating them on safety protocols for social networks is crucial to preserving cyber security. Here are just a few reminders to give your team:

  • Always assume that everything you post is public, even if your settings are set to “friends only”. You never know who will share what you post.
  • You can’t take anything back once it’s been posted. Even deleting a post won’t necessarily remove all the copies of the information available.
  • Don’t post any identifiable information, like your address or daily routines. This goes for business secrets as well.
  • Be considerate of the information you post about others.
  • Be wary of strangers. You never know the intent of someone you meet online

Establish cyber security training for all employees

You can’t blame your employees for unsafe cyber security habits if they haven’t been taught how to protect the sensitive information your company retains. Develop protocols for protecting your business’s data so that everyone can be on the same page for cyber security. Establish cyber security training for all new and existing employees. Because knowledge can fade over time, and protocols can change, offering periodic review trainings should also be a priority.

Add encryption protocols

Encryption has been used since ancient times to code messages that could only be read by authorized parties. Today, encryption technology uses advanced algorithms to make data unreadable except by those with the correct key. Encryption is a must for businesses protecting sensitive information, such as patient records or customer credit card information.

Keep software and browsers up to date

Vulnerabilities often occur when software and browsers are not updated on a regular basis. Software manufacturers periodically release updates for their programs, which often include security updates. Cyber criminals are always changing their methods for breaching security systems, and software companies are forced to keep up with them, constantly improving on their security measures. Take advantage of these updates, and don’t leave your operating systems, browsers, and anti-virus software vulnerable.

Use multi-factor authentication technology

Passwords can be compromised, and once they are, it’s easy for criminals to gain access. Multi-factor authentication requires an extra step to log in, whether that means email authentication, or a text message sent to users’ phones. While these protocols often spark protest from employees, they are a great way to ensure an additional layer of security.

Ensure the security of Wi-Fi networks

Access to your business’s Wi-Fi network is a huge benefit to cyber criminals. Keeping your network safe requires a few extra steps than setting up a home router. Use a firewall, and hide your network name from broadcasting to help protect it. Require a strong password for Wi-Fi access.

Implement protocols from the Department of Homeland Security’s Cybersecurity Framework

The U.S. government is taking cyber security seriously, and they’ve put together a framework of protocols for safe security systems. Take some time to go over the information, and see how you can implement these protocols to protect your business.

Don’t Get Complacent in 2017

Even if you’ve never fallen victim to a data breach personally or professionally (and 1 in 5 Americans have), 2017 is not the time to become complacent. As we continue to move online more and more, breaches will continue to increase. Implement these tips for your business, and move a few steps closer to optimized cyber security!

7 Cyber Security Tips for 2017 by Andrew Deen.  Available from <http://www.business2community.com/cybersecurity/7-cyber-security-tips-2017-01711398> [November 22, 2016]

Don’t let yourself be targeted by cybercriminals: Here are 6 tips for safe holiday shopping

Don't let yourself be targeted by cybercriminals: Here are 6 tips for safe holiday shopping by By .  Available from <http://www.techrepublic.com/article/dont-let-yourself-be-targeted-by-cybercriminals-here-are-6-tips-for-safe-holiday-shopping/.> [ November 22, 2016, 11:30 AM PST] Photo Credit: flickr.com/Don Hankins

Online shopping is easy and convenient, and more people are doing it than ever before. The rise in e-commerce also gives cybercriminals more opportunities to rob you blind. Here’s how to stay safe.

Online shopping is predicted to increase by 8% in 2016, meaning 56% of holiday shopping will be done online. Odds are good that you or someone you know is going to buy at least one gift through a desktop, laptop, smartphone, or tablet. But how do you ensure sensitive information stays secure?

Data breaches tend to make headlines in the news but they’re hardly the only means of identity theft. Countless people have had information stolen by unscrupulous websites, fraud, and hacking. Here are six tips to share with your end users, friends, and family members to help them become smarter online consumers.

1. Pay attention to your browser’s URL

Whenever you’re online there’s a web address in the top bar of your browser. It tells you where you are on the internet, and it can be a good indicator of the legitimacy of the website you’re on.

For shopping purposes, and anything else that involves personal information, you need to be sure the website’s address starts with HTTPS. The S indicates a secure connection and any site trying to earn your business should have it.

2. Watch out for email deals

Regular online shoppers have inboxes filled with digital ads from the places they frequent, and those ads are legitimate. What you need to watch out for are ads from places you aren’t familiar with or that seem too good to be true.

Detecting phishing emails can be tough. If you’re not sure what to watch out for check out CNET’s guide for some good tips.

3. Don’t shop on public WiFi

Public WiFi is great, but it’s not necessarily safe. You don’t know who’s on the network, what they might be doing, or what they’re capable of—they may just be hanging out waiting to steal credit card info.

Shop from home, or from any secure connection. Make sure your home WiFi is secured as well—an openly accessible WiFi network is a serious security risk.

4. Use a password manager

Complex passwords are a must, but even those can be stolen if you type them into a spyware-infected computer. You can beef up security even more by using a password management app.

Not only will these apps allow you to sign in to websites with a single click, they can also generate random passwords that are incredibly secure. All you’ll have to do is use a master password to unlock the app and it will do all the hard work for you. And since you aren’t typing your passwords manually there’s much less risk of theft.

5. Keep your computer and antivirus software up to date

No one likes to be reminded of software updates: They interrupt us, take a long time to install and configure, and sometimes come with bugs that make life harder. That doesn’t mean they aren’t essential, though.

Operating system updates often patch security holes, and antivirus software is completely useless without updated virus definitions. If you’re the kind of person who avoids updating their machine take some time before you start shopping to run all your updates and doing a full scan of your computer.

If you don’t have any antivirus software on your computer now is the time to install some. Free applications like Avast and AVG are both great options.

6. Use Paypal or stick with a single credit card

Paypal and websites like it act as intermediaries to online vendors. Anyone who has ever forgotten their Paypal password knows how many security hurdles you have to jump through—it’s serious about security.

If you don’t want to use Paypal or are buying from a vendor that doesn’t accept it stick to using a single credit card. This isolates your risk to one account and if you pick one with good security features you’ll be alerted as soon as something bad happens.

Don't let yourself be targeted by cybercriminals: Here are 6 tips for safe holiday shopping by By .  Available from <http://www.techrepublic.com/article/dont-let-yourself-be-targeted-by-cybercriminals-here-are-6-tips-for-safe-holiday-shopping/.> [ November 22, 2016, 11:30 AM PST] Photo Credit: flickr.com/Don Hankins

Bigger is better: Symantec announces world’s largest set of threat data

Bigger is better: Symantec announces world’s largest set of threat data by Ashton Young.  Available from <https://securitybrief.com.au/story/bigger-better-symantec-announces-worlds-largest-set-threat-data/> []

Following their acquisition of Blue Coat just three months ago, Symantec recently announced the first positive spin-off.

By combining the two company’s threat intelligence, Symantec has created their Global Intelligence Network (GIN), which they assert is the world’s largest and most diverse set of threat data.

Combined, the companies leverage more than nine trillion elements of security data, applying the data-crunching force of artificial intelligence to enable analysis. Symantec now protects 175 million consumer and enterprise endpoints, 163 million email users, 80 million web proxy users and processes nearly eight billion security requests across these produts every day.

Symantec CEO, Greg Clark says they now have unparalleled visibility into the entire threat spectrum, with views into the darkest parts of the web and malware trade craft.

“By fast-tracking the integration of the threat intelligence capabilities from Symantec and Blue Coat, Symantec products are now blocking 500,000 additional attacks per day for our endpoint, email, and web security customers,” says Clark. “Drawing out those kinds of results from data is only possible by using artificial intelligence, which gives our threat researchers a vastly augmented ability to spot attacks earlier than anyone else.”

According to Symantec, their integration with Blue Coat means that they are now the only vendor to connect endpoint, email and web protection across a single integrated intelligence platform. Symantec asserts that already their new GIN has led to a series of significant protection improvements, in addition to discoveries of new attack campaigns. Examples include:

  • Shared threat telemetry: Because Symantec and Blue Coat productsn are now automatically exchanging millions of malicious files and URL threat indicators daily, more than 500,000 additional attacks are being blocked every day for endpoint, email, and web security customers.
  • Cyber espionage campaign discovered: Despite popular belief that the Chinese cyberespionage group ‘Buckeye’ had largely stopped their operations, the combined threat intelligence of Symantec and Blue Coat was able to determine the group was in fact still highly active. These discoveries enabled Symantec to enhance its protection capabilities against the Buckeye group.
  • Sophisticated financial heists outdone: Symantec and Blue Coat’s combined telemetry led to the revelation that since January 2016, an attack group known as ‘Odnaff’ has stolen millions of dollars from victim financial institutions.
  • Not a great time for phishing: Symantec has developed a technology that analyses new websites in real time by comparing them to screenshots known phishing sites. This technology is applied to more than 1.2 billion web requests every day, and has already fouled 137,000 new phishing campaigns since its release.
Bigger is better: Symantec announces world’s largest set of threat data by Ashton Young.  Available from <https://securitybrief.com.au/story/bigger-better-symantec-announces-worlds-largest-set-threat-data/> []

Smart home vulnerability: Tips for staying internet secure

Smart home vulnerability: Tips for staying internet secure Article by Alex Talevski, Swann Security CTO. Available from <https://securitybrief.com.au/story/smart-home-vulnerability-tips-staying-internet-secure/ > []

Connected Home devices are now a common feature in our everyday lives. Most consumers use smartphones, tablets and smart TVs that are connected with powerful internet driven features.

For this level of sophistication to be available, cloud connectivity is necessary. It enables us to access entertainment, social media, games, fitness applications, recipes, karaoke and many more, on-demand. All of this would not be possible and nearly as rich without the cloud.

Where such devices readily connect to the internet, they are exposed to vulnerabilities and attacks that could directly access other devices in your home, thus the potential to gain access to personal data.

Security around personal data becomes even more tricky where the internet connectivity relates to the smart home. Wherever such a threat exists, it could expose a way to unlock your door or disarm your alarm. Fortunately, the risk of such an intrusion is highly unlikely but it must be carefully managed.

Security is only as effective as the weakest link. Therefore, it is important to secure you entire home network and the devices that connect to it. It will not only save malicious Smart Home concerns but is also great practice to secure all other private data and services.

To mitigate risk, Swann Security solutions use the following security provisions;

  • Multi factor authentication
  • Bank grade data encryption
  • Unique device keys and passwords
  • Closed network device access
  • Hidden user and home details
  • Finally, we frequently update devices Over The Air (OTA) to address new vulnerabilities and threats

Malicious attacks can be prevented by applying the following 6 tips and tricks for each applicable device in a Secure Home;

1. Use strong and unique passwords for all accounts and users: Use a number, capital letter and symbol to make a unique device key and password.

2. Change passwords frequently (once every 3 months is good practice) and enable multi-factor authentication to make it harder for your systems to be hacked.

3. Do not share your network, smartphone and device credentials with others. Hide the user and homes details in your settings to prevent any breaches. Creating a separate network for devices and your security system can be an additional precaution.

4. Set your smartphone to lock and require authentication for unlocking. Try to use a strong PIN. Swann Security systems, their security provisions include bank grade data encryption to assist with your pin security.

5. Use good anti-virus and anti-malware scanners and enable closed network device access.

6. Frequently Backup all data on PCs, tablets and phones. As well as update to ensure is up to date. If you have a Swann product, this can be done through their ‘Over the Air’ (OTA) abilities to address new vulnerabilities and threats

*Swann Security Customer Survey – March 2016

Smart home vulnerability: Tips for staying internet secure Article by Alex Talevski, Swann Security CTO. Available from <https://securitybrief.com.au/story/smart-home-vulnerability-tips-staying-internet-secure/ > []