There are many website platforms that you can use to build your website. At Mountaintop, we have studied and built websites with most of these popular platforms. Our knowledge and experience have led us to one conclusion.

When it comes to designing, building, and managing websites, WordPress is the best platform to use. We are not alone in this assessment. 30% of the top 10 million websites use WordPress.

Here is a shortlist of statistical evidence that shows why WordPress websites rule the Internet:

  • 48% of Top 100 Blogs under the Technorati advertising platform run using WordPress.
  • 22% of all newly-registered business website domains in the United States use WordPress.
  • More than 74 Million websites use WordPress.

For these reasons and more, we strongly recommend WordPress as the website platform for our clients.

9 Benefits Of Using WordPress For Your Website

Over the years, clients have come to us complaining about their current website platform. Among the common complaints were as follows:

  • The website was hacked; in some cases, the website was infiltrated by cyber-criminals multiple times.
  • The website frequently broke down or did not function properly.
  • The website was difficult to update and manage.

Our first recommendation is to transfer the website to the WordPress platform. As expected, despite the long list of problems with his website, the response from the client is always:

“Why should we transfer to WordPress?”

1. WordPress Is Free

Let us start with an easy one – WordPress is for free! You can download WordPress, install it, and customize it according to your needs without spending a dime.

However, you still have to pay for your domain name and web hosting which are needed to install WordPress.

The domain name is what Internet searchers will type on their browser’s address bar in order to visit your website.

An example of a domain name is www.mountaintopwebdesign.com.

The web host is the platform which houses the servers where all of the assets and files of your website are located.

2. Easily Customizable

Are you thinking of starting a blog site? How about a business website or an e-commerce website? WordPress has thousands of website themes or templates to choose from.

These templates are highly customizable. A standard WordPress template comes with its own panel which showcases different options that allow us to change the look of your website.

We can play around with the various color selections and match them with the ideal background. Likewise, we can design eye-catching website sliders for your homepage. A slider is also known as a slide show.

This is a great tool for highlighting the key selling points of your business. We can display your signature products or perhaps a few powerful testimonies from your regular customers.  

We can also adjust the “feel” of your website. WordPress comes will plugins which function like apps. Each plugin has a specific function that can introduce a new feature to your website.

3. Google LOVES WordPress

When he was still a software engineer for Google, Matt Cutts referred to WordPress as one of the best software for the search engine giant. WordPress will help your website move up the search rankings because it is designed to accommodate SEO principles.

Search Engine Optimization (SEO) is the process of using various techniques and strategies in order to rank high in the organic or natural search results of the search engine.

By using WordPress for your website, you are already several steps ahead of the competition. This is because WordPress websites are constantly upgraded with plugins that help optimize content, functionality, and overall user experience.

What are the key ranking factors in Google’s search algorithm?

  • Website Speed
  • Navigability
  • Image Optimization
  • Text Optimization
  • Mobile- Responsiveness

These are all made possible with WordPress.

4. Easy to Manage

WordPress knows that not all of its users are tech-savvy. That is why they built-in a management system that functions to update the platform whenever a new version, plugin or program is available.

Of course, as small business owners, the majority of your waking hours should be dedicated to running the day-to-day activities of your business.

Even if WordPress can send you automatic notifications of software updates, because of your busy schedule, you might overlook it.

This is the reason we recommend that our clients avail of our Extreme WordPress Care Plans.

These are programs which we developed to help clients focus on the demands of their business by leaving their WordPress website to the care of our highly-experienced and capable, professional website designers.

Put simply, we will manage your WordPress website for you. From updating plugins to improve functionality, mobile-responsiveness, site speed, and security, you can sleep soundly every night knowing your business is in good hands.

Extreme WordPress care - what types of plans we offer

5. WordPress Is One of the Safest and Most Secure Website Platforms

A lot of responsibility comes with being the most popular website platform on the Internet. With more than 23% of websites running on WordPress, that means hackers are working overtime to break through your defenses.

Hackers will constantly try to find vulnerable areas on your website which they can use as entry points to steal your valuable data.

WordPress is not oblivious to this and regularly issues updates on security plugins and website system upgrades. Unused and outdated plugins can easily be overridden by hackers and before you know it, your data is all gone.

Even though WordPress makes it easy to update plugins, fortifying your website is a more sensitive and technical matter. This is another reason why you should seriously consider our Extreme WordPress Care Plans.

Sign up for one of our Extreme WordPress Care Plans and we will protect your website’s assets from the consistent, almost daily attacks from these malicious hackers.

6. WordPress Can Accommodate Various Types of Media

Gone are the days when a website was primarily used as an online marketing brochure. Today’s websites are more dynamic and interactive. It is no longer enough to pack your web pages with optimized text content. The Internet community is more demanding. They want high-quality images and videos.

WordPress has an answer for all of your multimedia concerns. It has a built-in media up-loader which can accommodate different types of media.

Do you want an interactive and compelling homepage that will help you generate leads and increase conversion rates?

We can embed your explainer YouTube video on the home page so you can get more views and opportunities for sales. We can do the same for your Instagram photos and SoundCloud audio files.

7. WordPress Is Mobile-Responsive

As we mentioned earlier, mobile-responsiveness is a ranking factor in Google’s search algorithm.

What does it mean to be mobile-responsive?

It means that when someone clicks on your URL from a mobile device, your website should set up nicely on his screen. If a mobile user has to zoom-in to read your content, chances are he will leave and go to your competitor.

If your website is not responsive to mobile devices, not only will you lose potential business opportunities but Google will penalize you down the search rankings.

WordPress has designed templates that are fully mobile-responsive. These templates are not only beautiful to look at but also highly-functional. We can set and improve these designs so that they can set up faster and more efficiently on mobile devices.

8. Do You Want to Blog? WordPress Has a CMS

CMS stands for Content Management System. This means you can publish blogs on your WordPress website.

Why should you blog anyway?

People who go on the Internet are always searching for content. And the cornerstone of any content marketing strategy is blogging. Studies have reported the following benefits of regular blogging for businesses:

  • 23% of Internet time is spent reading blogs.
  • Companies that blog have 97% more indexed pages.
  • Websites that have a blog page have 434% more indexed pages.
  • 61% of consumers have made their buying decision after reading a blog.
  • 81% of consumers from the US trust advice from a blog.

For your blogging strategy to be effective, you should be publishing content at least 16 times a month.

If this schedule is too much for your busy schedule, outsource it to us. Many of our blogs have been cited by renowned websites such as UpCity as among the best in the U.S!  

9. Integrate Your Social Media Accounts with WordPress

Before social media, a restaurant that was opening for business had to spend thousands of dollars to prepare and publish marketing collaterals such as press releases, full-page ads, advertorials, product shots, radio air-time, and hire an expensive publicist to put everything together.

With social media, traditional marketing channels have become obsolete. That restaurant would only have to open a Facebook page to build followers, a Twitter account to mass market special promotions, and an Instagram page to highlight the main products.

At very little cost!

Add to that the ability of your WordPress website to integrate your social media accounts. It would be easier to distribute content from your website to your various social media accounts so you can have more visits.

Your website has become a central online hub for your business. Your digital marketing strategies can create inbound traffic that is necessary to drive more traffic to your website. It is an effective way to open up your sales funnel and potentially convert followers to paying customers.

Conclusion

The Internet is home to billions of consumers searching for content every single day. In order to capitalize on its available opportunities, your business should have a website.

And you should only settle for the best website platform on the Internet – and that is WordPress.

If you are thinking of setting up a WordPress website, give us a call and avail of our free 30-minute consultation. We will let you know how we plan to design and manage your website so it can deliver the best results for your business.

If you are not happy with your current website platform, transfer to WordPress! We will help you get started!

the journey to success is similar to climbing a mountain

ICANN is the acronym for the Internet Corporation for Assigned Names and Numbers. ICANN is a non-profit organization that is responsible for ensuring the stability, integrity, and secure operation of the Internet.

The first step to buying a domain name is to look for a registrar that is accredited by ICANN. Once you buy the domain name, the registrar will be required by the laws and provisions governing ICANN to enter your personal information into its WHOIS database.

The WHOIS database is a directory that is highly searchable. It can be accessed free-of-charge by any person who wants to verify the authenticity and availability of a domain name.

What personal information will be uploaded?

  • Your complete name
  • Email address
  • Business address
  • Contact numbers

If you are the type of person who does not want to give out these types of personal information to public listings, you should register your domain as private.

By choosing private domain registration for your domain name, your personal information in the WHOIS database will be replaced by those of the registrar’s own information.

In fact, some domain name registrars can even come up with a unique email address that will be listed as your contact email address on the WHOIS database. This way, your company or personal email address will remain secure from individuals who have malicious intent.

3 Reasons Why You Should Register Your Domain As Private

Despite the potential risks to personal information, there are businesses that opt for business registration.  

To clarify, business registration means having your personal information listed openly in the ICANN WHOIS database. They want to have their business data publicly accessible for the following reasons:

  • Promote their business
  • Create impressions of trust and transparency
  • Enhance the online presence of the business

We understand the importance of promotion and the value of establishing trust and transparency with the market. However, there are other ways – much safer and lower risk ways – of promoting the business.

That is why at Mountaintop, we always recommend that our clients register their domain name as private.

Is private domain registration an add-on service? Yes, which means opting for it will entail a fee that is separate from the usual cost of registering a domain name. Think of the fee as your insurance premium for keeping your personal information safe from hackers, online criminals, and other unsavory groups on the Internet.  

Here are other reasons why you should register your domain as private:

1. Personal Information Should Be Kept “FYEO”

If your personal information is made public, it is not just the hackers you should worry about. Your information can be used by marketers, suppliers, and competitors to serve their own purposes.

You might find yourself inundated with phone calls from telemarketers. Your inbox could be flooded with product or service offerings from vendors and suppliers. With your key information out, you may leave your business vulnerable to cutthroat strategies from your competitors.

For example, an aggressive but unscrupulous competitor may contract the services of a cyber-criminal to run phishing expeditions on your email. A competitor may try to get spies to procure sensitive information from you via phone.

We will discuss the importance of keeping your email secure toward the end of the article. You may be surprised at the extent of damage you can incur by having your email compromised.

In business, it is always a good practice to keep your sensitive or confidential data as FYEO or For Your Eyes Only. Information such as email addresses, phone numbers, and business address should be given judiciously.

You want to give these types of information only to entities that can directly contribute to the growth of your business such as:

  • Stakeholders – or those who are part of your value chain. This shortlist includes qualified suppliers/ vendors, current and prospective clients, management and select personnel, and business partners.
  • Strategic Partners – Strategic Partners are entities – companies or individuals – where formal arrangements are entered into for the benefit of your business. An example would be an outsourcing agreement between you and an outsourcing service provider.

As we mentioned, you can promote your business without having to disclose personal information. A good example would be to run a Digital Marketing campaign.

A Digital Marketing strategy that incorporates processes such as SEO, content marketing, social media marketing, and PPC or Pay-Per-Click Advertising can successfully increase awareness and enhance the Internet profile of your business without revealing your personal information.

learn more about web design with coffee cup on desk in blue

2. Number of Cyber-Attacks Will Continue to Increase

In our article, “Why Is It More Important To Secure Your Data In 2019”, we shared our opinion that acts of cyber-criminality will continue to increase over the next few years.

Cyber-crime has become a lucrative industry. Highly sensitive data such as Social Security and bank account numbers, credit card numbers, birth dates, email addresses, and phone numbers can fetch a good price on the dark web.

All a cyber-criminal needs is a small opening. Once he gets access, your confidential data becomes at risk. Unlike a brick-and-mortar business where access points are doors and windows, the Internet provides multiple points of entry:

  • Outdated plugins
  • Outdated or unused software
  • Obsolete antivirus programs and firewalls
  • Weak passwords
  • Lax administrative processes
  • Opening suspicious emails
  • Accessing suspicious websites

Driven by profit, these cyber-criminals are motivated to stay ahead of the cyber-security experts. In fact, agencies such as the CIA and the FBI are fighting fire-with-fire by hiring hackers to come up with more powerful anti-malware tools and programs.

It is a good idea to err on the side of caution and invest in programs that will protect your personal data.

Last year, we launched our Extreme WordPress Care Plans. These programs are designed to help our clients manage their websites, make sure they are running in perfect condition, and protected from malicious attacks.

As an entrepreneur, your time is best dedicated to the core functions of your business. Leave domain security to us! You can sleep well knowing that your website is under close guard and watch 24/7.

3. Secure Your Email

If there is a singular way or process that best represents our online activity, it would be the email.

Think about it.

We check our emails more than we check our social media accounts. We use our email to sign up for newsletters or gain access to some websites. Whenever you run online banking transactions, chances are your email address is needed to verify your identity.

Online shopping, social media… the list goes on. Your email is the key that allows you to gain entry into these platforms. If someone grabs ahold of your email address, these platforms can be compromised.

Can you imagine what would happen if someone gained access to your webmail? He could easily search and find every website you frequent including your online banking platform. All the hacker needs to do is to request the website for a password reset.

The hacker can also view your Inbox and sent messages. With that information, the hacker can establish your weekly calendar of activities and determine your whereabouts.

The hacker can find out your schedule of online conference calls with clients and eavesdrop on the discussion. If you save work on Google Drive, Google Docs, and Google Sheets, your documents can be stolen by the hacker.

We bring these scenarios up with clients whenever we discuss the importance of registering their domain as private.

Conclusion

As we mentioned earlier in this article, be judicious when it comes to giving out personal information such as email. On the Internet, you do not know who is searching and watching. Whenever you are venturing into the Internet, always think “safety first”.

As popular and as accessible as the Internet is, it remains The Great Unknown. Keep your assets secure and protected by adding layers of security at every opportunity. Start by registering your domain as private.

Have you experienced any breach in security? Please feel free to share in the comments section. Let our readers know how you dealt with the situation and what you learned from the experience.

If you want to know more about our web design services and our Extreme WordPress Care Plans, please feel free to give us a call or an email.

Extreme WordPress care - what types of plans we offer

2018 was supposed to be a breakthrough year in cyber-security with the General Data Protection Regulation (GDPR). The GDPR is a regulation under the European Union’s (EU) Data Protection Law.

The objective of the GDPR is to provide safety, protection, and to maintain the privacy of data of individuals residing in the EU and the European Economic Area or EEA. The GDPR also takes into account the export of data outside the confines of the EU and EEA.

Yet, despite the implementation of the GDPR, many businesses and private individuals continue to become victims of cyber-criminals. During the first half of 2018, it was estimated that more than 4.5 Billion confidential information was lost to data breaches.

Among the biggest names among the list of cyber-crime victims included Marriott Starwood Hotels, MyFitnessPal, Quora, Cathay Pacific, British Airways, and Google. In addition, we found out that not even our online communities – our favorite social media platforms – were safe.

Social media giant Facebook had over 29 million of its private user information stolen.

To make matters worse, it was revealed that in 2015, 87 million Facebook users had their personal information compromised after a personality predictive app passed on their data to Cambridge Analytica, an analytics firm that figured prominently in then-Presidential hopeful Donald Trump’s campaign.

Why Is It More Important To Secure Your Data In 2019?

It is more important to secure your data in 2019 because cyber-criminals will be more aggressive and daring. They know businesses are too focused on improving sales and streamlining costs that data security has become an afterthought.

Ask yourself the following questions:

  • Does your website have a regular webmaster or developer who can run frequent audits?
  • Have you updated plug-ins and remove programs that you hardly use?
  • Have you changed your password?
  • Is your website covered by SSL or Secure Sockets Layer certificates?
  • Have you updated your website’s content and features?

If your answer to all or even just one of these questions is “No”, then your website is vulnerable to hacking and other forms of malicious cyber-attacks.

Always keep in mind that the Internet is made up of over a billion lines of code. These billion lines of code make data accessible to any cyber-criminal because they connect all systems on the Internet.

Cyber-criminals can and will use these lines of code to connect to your website and steal all of your data. All the criminals have to do is find openings that they can exploit.

Old and unused plug-ins, outdated antivirus programs and data protection systems, and the lack of any high-level data encryption program are just the openings the cyber-criminals are looking for.

It’s like a homeowner who leaves his house keys under the welcome mat or under the flower pot that is nearest the door. These are the first places thieves will look into before they break into your house and steal your possessions.

Taking a lackadaisical approach to cyber-security is that last thing you should do for your business. It is when you let your guard down that you become just another statistic – another victim of cyber-criminals.

6 Basic Steps To Take In Order To Safeguard Your Data

Keeping your website and other online accounts protected can be done by following a checklist of basic safety measures. Here are the 6 steps you can take to feel more secure about the integrity of your personal information:

1. Change Your Passwords Frequently

The password is the key to your website and other online platforms. If someone gets ahold of your password, that person can get inside your account and steal whatever data he/she can find.

However, unlike the key to your home or your office which can remain the same until its natural end, the same cannot be said about your Internet-based accounts. That said, people don’t like to change their passwords. In the first place, it is very hard to keep track of passwords.

According to a survey conducted by Keeper Security, 87% of respondents aged 18 to 30 reuse their passwords. The number is only slightly lower for those aged 31 and up at 81%.

This means for nearly nine out of 10 people, they use the same password for all of their online accounts. Thus, the cyber-criminal only needs to figure out one password to open all of the person’s assets.

Another eye-popping and head- scratching statistic is that 76% of respondents make a written record of their password!

It is absolutely important to change your passwords frequently. 60% of the respondents in the survey, claim to change their passwords every 60 days. If you can change them every month, so much the better.

The best way to keep track of your password is to use a Password Manager software program. You can read up on the benefits of a Password Manager in our article, “Why You Need A Password Manager Now”.

Lastly, give your password some thought before confirming it. Once you have a password in mind, run it through a program like How Secure Is My Password to have an idea of how fast a hacker can decipher it.

2. Get SSL Certificates For Your Website

SSL stands for Secure Sockets Layer. This is an encryption program that protects your data as it moves from browser to server.

It used to be the case that SSL certificates were only essential for e-commerce or online retailer websites because this type of website collects financial information such as credit card and bank account numbers.

Not anymore. Since last year, Google has included the SSL certificate as part of its search engine ranking factor. You can tell if a website is covered by an SSL certificate by looking at the URL. It is preceded by “https” instead of “http”.

Under Google’s new directive, all websites must be covered by an SSL certificate. Failure to do so will receive a warning from Google in the form of 2 words in your URL:

Not Secure.

Would you want to enter a website that is marked “Not Secure” by Google? At the very least, it would discourage the visitor from exploring the website further.

We have written extensively about the importance of having an SSL certificate for your website. A good resource is our article, “SSL Basics: Why You Need It To Protect Your Website From Hackers”.

If you want to secure your website with an SSL certificate, give us a call. We can do this for you. In fact, it is one of the services Mountaintop Web Design provides.

learn more about web design with coffee cup on desk

3. Schedule a Website Audit

As we mentioned earlier in this article, cyber-criminals can enter your website by exploiting its weak points. The most popular points of entry to your website are the outdated plugins and the programs that are hardly being used.

If you are using WordPress, you should be getting frequent reminders on which plugins can be updated. From our experience working with clients, these reminders can easily be overlooked because of their busy schedules.

This is the reason we wrote the article, “Extreme WordPress Care Plans: Why You Need Them And What We Can Do For You”.

We understand how hectic your daily schedule must be. It is possible that managing your website is not one of your core competencies. Even if it is, as a business owner, your time is best spent managing the core functions of your enterprise.

By signing up with one of our Extreme WordPress care plans, you will leave the responsibility of managing and auditing your website to us.

We will run frequent audits on your website to make sure the plug-ins are current and updated. We will give you professional, numbers-supported advice on which programs should be removed from your website.

If for some reason your website gets hacked, we will take care of it. For sure, you can sleep better knowing that your data has been backed up.

4. Patronize Only Trusted Sources

If curiosity can kill the cat, it can most certainly get your website compromised. The rule is simple. If you find yourself on a suspicious-looking website, don’t take any chances. Get out.

Sometimes, you will get a preliminary warning. The screen will turn red and a warning that the website is not secure and someone may be trying to steal your data will appear. When this happens, get out.

If you are doing research, patronize only websites that are generally considered trusted sources.

Your email can also be targeted by another brand of cyber-criminals. These are the cyber-criminals who like to go on phishing expeditions.

If you come across an email from an unknown source, delete it right away. The email may contain a link that when clicked, exposes your information to immediate theft. Definitely, do not click suspicious emails that have landed in your Spam folder.

5. Remove/Delete All Cookies

Cookies are programs that websites use so that you can have a better browsing experience. While most of these cookies are harmless, they can be used to get personal data such as browsing activity, lifestyle, and spending habits which the website owner will use to create its user profile.

As such, it is possible for cookies to secure highly-sensitive information about you and your clients.

Thus, to keep your PC or mobile device secure, make it a point to delete all stored cookies. You can do this directly from Chrome or use a software program that is designed to remove all cookies.

It is good practice to remove all cookies from your computer before calling it a night.

6. Keep Your Devices Separate and Distinct

If you use your PC for work, use your mobile device when transacting with banks and other online platforms that require confidential information.

Is it tedious? For some, yes. You may prefer to use just one computer for work and for storing financial information.

However, every little layer of security that you can add to your current data protection system will go a long way in ensuring the integrity of your accounts or website.

Conclusion

Data protection should be the priority of every business that uses the Internet in 2019 and beyond. The cyber-criminal is relentless. He/she will stop at nothing to get your assets.

The cyber-criminal feels no remorse and is not concerned with your present status in life. He/she is focused only on feeding his/her greed and will destroy your life’s work whenever the opportunity arises.

If you are concerned about the safety and integrity of your website, take our offer of a free 30-minute consultation. We will take you through the process of how Mountaintop Web Design can secure your website and other online platforms.

mountaintops - curious about websites- click here to learn more

When it comes to website security, a little bit of paranoia can be a good thing. With the number of cyber attacks growing every year, we strongly advise our clients to prioritize website security best practices. The usual behavior is to act after an attack has occurred. By then, it might be too late. The damage to your business may be beyond repair. Your website is always vulnerable to cyber threats. It’s not a question of “if”, rather, it’s a question of “when”.

Every day, cybercriminals are launching attacks on websites all over the Internet. Cybercrime has become a profitable industry. According to a study conducted by Hewlett-Packard, a cyber-attack can cost a company $7.7 Million in a year. The cost is double for an American company at 15.4 Million.

In 2017, a study by Norton revealed that 978 million consumers from 20 countries lost a total of $172 Billion to cybercriminals. The number is expected to hit $6 Trillion per year starting 2021.

Statistics on cybercrime from the University of Maryland showed that a website is being hacked every 39 seconds.

That website could be yours.

If you do not take a proactive position on website security, your website could be the next victim. Therefore, you must be aware of the areas where your website is most vulnerable to attacks.

Top 8 Website Vulnerabilities

A website can have several areas of vulnerability. In this article, we will discuss the 8 most common vulnerabilities that can be taken advantage of by hackers.

1. Injection Flaws

To put it simply, an injection flaw occurs when there is unfiltered data from the SQL server to the browser and to the LDAP server. In the process, hackers can steal your information by injecting their programs into these areas.

It is absolutely important to filter all data that your applications receive from all sources, especially those which cannot be trusted. And that is the challenge there – knowing with 100% certainty that the input or the source can be trusted.

For example, if your website received 100 inputs and you were able to filter 99 of them, does that mean your website is 100% safe? No, because the 1 input which was not filtered could be the Trojan horse that destroys your website.

It is a good idea to make sure your website’s filtering frameworks are routinely scrutinized and fortified as often as possible.

2. Broken Authentication

When you visit a website, be informed that it may contain session cookies. These cookies may have data that can retrieve sensitive information such as username, passwords, and account numbers.

Before you log out, make sure the cookies are invalidated. Otherwise, the data from the cookies will remain in your system.

A good example would be a person who uses a PC in a public network such as an Internet café may visit a website that contains such cookies. If the person fails to invalidate the cookies before logging out, the cookies will remain in the system.

A cybercriminal can visit the website, search for the user’s session and steal his/her private data.

You should likewise check the strength of your current system for authentication and session management.

3. XSS or Cross Site Scripting

Cross Site Scripting is related to Injection Flaws. XSS injects code into the application’s output for the purpose of manipulating a user’s browser. XSS grants hackers access to the user’s browser and steal valuable data such as passwords, usernames, and account numbers.

Website designers can fix the problem by not returning HTML tags to the user. This has the additional benefit of protecting the website from HTML injections whereby the cybercriminal injects annoying plain HTML content.

learn more about website design

4. Insecure Direct Object References

A direct object reference occurs when a file or database key is exposed to a website user. The problem starts when the reference originates from a hacker or an agent with malicious intent. If your authentication process gets bypassed or overcome, the hacker can gain access and manipulate your website.

The website’s password reset function can also be an access point for this type of vulnerability. For example, a hacker can simply modify or alter the “username” field in the URL and input a popular keyword like “admin”.

5. Misconfiguration of Security Network

It is not uncommon for applications and web servers to have security networks that have been misconfigured simply because there are several ways this can happen.

A debug function can be enabled while the application is running.
A directory listing contains key information; often sensitive data. It can be leaked out if the directory listing is enabled on the server.
Your website still uses or runs software that has not been updated.
Your PC contains applications and other services that are hardly used or not necessary.
Passwords and default keys are not changed.
Error handling information is visible to attackers.

6. Exposure of Sensitive Data

Every time someone goes on the Internet, they are vulnerable to cyber-attacks. If you are running an e-commerce website or one that requires sensitive information to be disclosed, no ifs and buts, sensitive data must always be encrypted.

This is especially true if you are handling user passwords and credit card data. These types of information should never be transmitted without encryption. Google has already started penalizing websites that do not have SSL certificates.

You can read our article about this topic on “Is Google Punishing Sites Without SSL Certificates?”

7. Cross Site Request Forgery

As the term implies, Cross Site Request Forgery involves misrepresenting your identity to a website that can grant access to data with monetary value. It should of no surprise that banks are usually targets of CSRF.

In the event of CSRF vulnerability, a third party will issue a request to the target website, for example, your bank. The third party can do this through your browser by using your session cookies.

If your bank is vulnerable to this type of attack and you are logged on to their website, another tab can lead to your browser misusing its credentials for the benefit of the hacker. The end result referred to as a “confused deputy problem” with your browser being the deputy.

A CSRF attack can have a hacker manipulate a transaction that can result in an unauthorized transfer of money from your bank account to the hacker’s account.

8. Maintaining Flawed Website Components

We briefly touched on this issue in #5. It is worth mentioning again the importance of making sure the apps and programs you use for your website are updated.

WordPress is the most popular Content Management System (CMS) on the Internet. One reason WordPress is commonly used is the massive number of plugins that are available. It is easy to update the features of your website.

However, some website owners are negligent on this responsibility. If you don’t update your plugins, these can become potential entry points for hackers. The same goes for apps and services that are hardly used.

Conclusion

Cybercriminals are always trying to stay ahead of cybersecurity measures. Like a common criminal, they will look for ways to overcome your defenses. They will study flaws in your website design and structure.

For sure, a cybercriminal will capitalize on your weaknesses and make you pay for your carelessness.

This is why several of our clients signed up for our Extreme WordPress Care Programs. Our clients can rest easy and focus on their core business tasks while we make sure their website is in perfect health.

We schedule frequent website audits and see to it that all security networks are in fine working order and all plugins have been updated.

If you want to learn more about how we can help secure your website, please do not hesitate to give us a call or to drop us an email. Let’s discuss the importance of website security over our free 30-minute consultation!

desktop with coffee cup - learn more about website design

Yes. Google is punishing websites without SSL certificates. Not only will not having SSL certificates mark you down in the search rankings. Google’s approach will negatively impact your trust rating with Internet users. Therefore, if your website does not have SSL certificates, take the necessary steps to get them as soon as you can.

The question is “Why?”

What Are SSL Certificates?

SSL is the acronym for Secure Sockets Layer. This is a program that encrypts data that is transmitted between a browser and a web server. When you submit information on a website, it will pass through different networks and servers before arriving at its destination point.

While your data is being transferred through the Internet, it can be intercepted by unscrupulous third parties. Having SSL certificates will let the recipient of the data know that the sender is a verified party.

Websites that have SSL Certificates will have the acronym HTTPS before their URL. HTTPS stands for HyperText Transfer Protocol Security. For Internet users, the “S” in “HTTPS” will tell them the website is secure.

In contrast, the standard URL that does not have SSL Certificates will be accommodated by the acronym HTTP.

We have written extensively about SSL in our articles “SSL: What It Is And Why Your Business Needs It” and “SSL Basics: Why You Need It To Protect Your Business From Hackers”. If you want to learn more about SSL, please take some time to read those highly-informative articles.

It used to be that SSL Certificates were recommended only for e-commerce sites and other websites which collected sensitive information from its users.

These types of sensitive information included numbers of credit cards, social security, driver’s license, bank accounts, and personal information such as birth dates, residential and email addresses.

With data theft and other cyber-criminal acts rising, Google wanted proprietors of e-commerce to prioritize getting SSL certificates for their websites.

In 2014, Google even tried to incentivize Web Masters to get SSL Certificates by including it as a ranking factor in its search algorithm. However, that did not seem to encourage enough websites to secure their data. Now, they have forced Google’s mighty hand.

Effective last July 2018, all websites that do not have SSL Certificates will be marked “Not Secure” by Google.

All websites. This means even websites that are not engaged in e-commerce or collect sensitive data are required to get SSL Certificates.

Why Google Demands SSL Certificates For Websites In Its Search Rankings

It is no secret that Google has always been big on User Experience (UX). From 2015’s “Mobilegeddon”, where Google required websites to become mobile-responsive to its guidelines on producing high-quality content, it is clear the search engine giant wants its users to have an amazing search experience.

Therefore, Google’s demand that all websites obtain SSL Certificates is an obvious next step to further improving UX.

Google has always clamored that the Internet should be a safe place for people to use. Especially in view of 2017 becoming a banner year for cyber-crime, Google wants all data traveling on the Internet to be secured. One of the best ways to secure data is through encryption.

Prior to the directive, websites that only had HTTP were identified with an icon of a white page. Web pages which obtained SSL Certificates had an icon of a padlock with a green lock to inform visitors that the site is secure. If there is something wrong with the HTTPS page, the visitor will see an icon of a padlock with a red letter “X” over it.

In its security blog dated 8 September 2016, Google shared its opinion that the current classification system did not reflect the actual risks of visiting HTTP websites. For this reason, Google decided to take its security campaign to the next level by having websites without SSL Certificates marked “Not Secure”.

According to Google, labeling websites without SSL Certificates as “Not Secure” is just the first step in its campaign to raise awareness of the importance of data security.

Newer versions of Chrome will mark websites as “Not Secure” even when you are browsing in “Incognito Mode”. Eventually, Google will identify all HTTP-only websites with an icon of a red triangle, the universally-recognized sign for “warning”.

web design - learn more here

Should You Get SSL Certificates For Your Website?

As the famous saying goes, “When Google sneezes, everyone catches a cold.” If Google requires all websites to get SSL Certificates, then yes, you should get them for your website.

The big question you might be asking is “Will not having SSL Certificates lower my website’s search rankings?”

The best way to answer this question is to simply state that as far back as 2014, Google mentioned that having SSL Certificates will be a ranking factor.

Given the fact that Google’s present directive is all-encompassing in that all websites should have SSL Certificates, it only signifies that transitioning from HTTP to HTTPS has become a priority factor in its search ranking algorithm.

Another reason why you should consider obtaining SSL Certificates is that it helps foster trust with your customers/ users.

Even if your website does not collect sensitive data, the idea of dealing with a site that is “Not Secure” will be unsettling with the visitor. For sure, he/she will have second thoughts. The probability of visitors abandoning your website will be much greater if it is labeled “Not Secure”.

If you’re still on the fence about getting SSL Certificates for your website, you should know that shifting from HTTP to HTTPS will improve your page loading speed.  

According to the page loading speed test, HTTPS pages load 334% faster than HTTP pages. Keep in mind that page loading speed is a ranking factor in Google’s search algorithm.

For the reasons that obtaining SSL Certificates for your website will present the following benefits:

  • Adds another layer of protection through encryption of data
  • Higher search rankings
  • Higher trust ratings from users
  • Builds your business brand
  • Improves website speed

Then you should take the necessary steps to shift from HTTP to HTTPS as soon as you can.

Conclusion

Google estimates that 50% of websites that load via desktop have SSL Certificates which is an all-time high. Many of the top ranking sites on Google such as Facebook, Amazon, Wikipedia, and Twitter are using HTTPS.

When Google first announced its decision to penalize websites without SSL Certificates in 2017, high-ranking, high-traffic websites like eBay, Microsoft, and CNN maintained their HTTP status.

As of the latest Google Transparency Report, these websites along with many others have complied and have shifted to HTTPS.

If you are thinking of getting SSL Certificates for your website, let us know. We can get this done for you. To be sure, drop us an email or better yet, give us a call. We’ll take you through the entire process of acquiring SSL Certificates.

mountaintops - curious about websites- click here to learn more

WordPress is the most popular content management system in the world. More than 500 websites are built daily using WordPress and it has been the most dominant CMS the last eight years. Overall, WordPress runs nearly 30% of all websites operating on the Internet.

There’s a reason for this; and that is because WordPress is easy to use. Business owners can manage content on their own. They have their choice of plugins which they can use to improve design and functionality. Google loves WordPress websites because its code makes site content easy to read and index.

However, technical issues can arise which could affect the performance of your website. For example, you may want to improve certain features such as its download speed, accessibility, and level of security.

It is no different than a physical office or retail outlet that wants to improve efficiency and security. It may improve the office or store layout and introduce stricter and more elaborate security measures.  

Improving site performance while enhancing security are good enough reasons for you to seriously consider getting an Extreme WordPress Care Plan.

What Are Extreme WordPress Care Plans?

Extreme WordPress Care Plans are customized sets of maintenance and repair options that have been put together by our web development professionals to help you manage and protect your website according to individual need and budget.

Continuing our analogy with a brick- and- mortar business, a physical office would hire professionals to cover its needs for security, accounting, legal expertise, cleaning and maintenance services.  

With your website, care and maintenance are best left in the hands of web development professionals who have the experience and expertise managing WordPress platforms.

What could happen if your WordPress website does not undergo regular care and maintenance procedures?

  • Your website will not function properly, which will make it difficult to access, also site speed speed and security could be compromised.
  • Your message queue has grown considerably and you have a backlog of comments to attend to.

None of these incidents can be good for business. Instead of becoming a platform for development, the website has made it difficult for you to build business.

Our Extreme WordPress Care and Maintenance Plans have been proven effective and highly successful in ensuring the performance of our clients’ WordPress websites.

Let’s find out what our clients have to say about our Extreme WordPress Care and Maintenance Plans:

Testimony No. 1

Client – Randy Bowman

Website – www.sqrdup.com

“I was very concerned about SSL security. As an online retailer, I wanted to make sure customers would feel very confident and assured when using our site. We were paying another company a lot of money for untold hours of work that did not meet expectations.

I was about to give up until Josiah and the team at Mountaintop advised us to sign up for their Extreme WordPress Care Plan. Josiah suggested we give the plan a try. We did and it was the best decision we ever made for website security.

It is great! I don’t have to think about this part while going about my busy days! Life and work are so much easier! Mountaintop’s Extreme WordPress Care Plan is fantastic. It takes all the worry off my shoulders.”

Testimony No. 2

Client: Christy Smith

Website: halloweeneventsco.com

“As a first-time owner of a business website, I needed to know my site was well-maintained and secure. Purchasing the Extreme WordPress Care Plan was a no-brainer. Everything is done in a timely manner and what is promised is exactly what you get!

The work Mountaintop does is amazing! I am very satisfied with their excellent customer service and how they have taken care of my website. If you want to secure and protect your website, sign up with Mountaintop’s Extreme WordPress Care Plan.

The prices are very reasonable and Mountaintop goes the extra mile to make sure you get your money’s worth. Mountaintop has the experience and expertise to make sure your website is running and functioning properly.

Most of all, you will have peace of mind knowing your website is safe and sound under experienced and expert hands. I highly recommend their services to anyone who needs a website designed and managed.”

Testimony No. 3

Client – Lynn Ann Huizingh

Website – www.swshelternetwork.com

“Our previous web provider was very frustrating to work with. It was a difficult website to update and frequently I could not figure out how to do what I wanted to do. Customer service took more than 48 hours to hear from and they very rarely answered my question.

I spent hours trying to get done what I wanted to do and it didn’t always work like I thought it should.

After building a website with Mountaintop, we decided to sign up for Mountaintop’s Extreme WordPress Care Plan. It has been a totally different experience! The design process was fun and easy for me because Josiah is so easy to work with.

I never heard, ‘I can’t’. I have often heard, ‘Let me check into how we can make that happen’, although he already knew the answer. Josiah has the ability to point out the rare problem before I noticed it. He would fix it and tell me after what happened and how they approached the problem.

Updating content is so much easier! If I wanted some pages and the format updated, Josiah is just one email away and he would give updates within a 24-hour period.

The plans are also very affordable. We set up an auto-pay system so we don’t have to worry about paying the monthly fees on time. The coverage of our plan included support for web updates and coaching.

So grateful! I highly recommend signing up with Mountaintop’s Extreme WordPress Care Plan.”

Extreme WordPress care - what types of plans we offer

FAQs: Extreme WordPress Care And Maintenance Plans

Q: We’ve come across other companies that offer WordPress care plans. Why should we go with your company?

Testimonies are the most powerful forms of validation. As you have read from 3 of our clients, they are very happy with their decision to sign up for our Extreme WordPress Care Plan. We can assure you of our expertise in website management and excellent customer service as proven by our large number of loyal customers. With Mountaintop, we provide high-value service for only a small monthly cost.

Q: Once I sign up for your WordPress care plan, what are the next steps?

When you are ready to take the next steps, let us know and we can setup a website evaluation. We typically charge $150 for one of these website evaluations as we like to dig into the website to see what is going on.

As part of the evaluation, we will give you a report containing information like a list of pages & posts, users by security level, plugins, themes, speed of your website, possible security issues like malware, broken links, Google’s mobile friendly test, Domain authority, and we make backups of the site.

We will also include our recommendations on how to make the website faster and better overall. We want to make sure we have your website needs covered from start to finish. Once your website goes live, we will work to keep it secure, up to date and functioning properly.

This way, we can keep track of your site’s performance and become more accountable for the work we’ve done for you.

Q: What kinds of security measures do you provide?

We work hard to stay on top of current WordPress website best practices. We use a combination of plugins/code/server changes that make your website stronger against potential attacks.

We also run regular backups of your site as well as malware scans as another line of defense. We want to make sure we can identify potential vulnerabilities and have them addressed as soon as possible. You can be assured that if something goes wrong, we are ready to take care of the situation before it becomes a full-blown problem.

Q: Can you manage e-commerce websites?

Yes, on the top two care plans we work with “WooCommerce”. If your website uses another ecommerce platform, get in touch with us and we can discuss requirements.

Q: I have multiple websites. How would you manage them?

Managing multiple websites will not be a problem. We have the experience, expertise, and professional know-how of using the correct tools and processes to manage and monitor multiple websites for many of our clients.

Q: Are you particular about the web host services provider or can you work with anyone?

We prefer a host that allows us to have the most access to the hosting platform. We work quite a bit with GoDaddy and that is our preference, however we do work with lots of platforms. These Extreme WP Care Plans are not limited to a single platform.

Q: Can you fix a hacked website?

This one is tricky. Yes, we definitely can. However, depending on how bad a website has been hacked there might be extra work to get the website safely operational before the Care Plans can maintain it.

Please note that we will fix hacked websites if they are on our care plan (prior to being hacked) at no additional cost.

However, if a website that is being moved over to us for care has been hacked, we would probably have to charge you to have the site cleaned first. For the purpose of transparency, we will provide an estimate before we cleaning the website.

Q: What are your standard response time and turnaround time?

The standard response and turnaround time is 24 to 72 hours. However, we do our best to respond within 24 hours. This would be contingent on the amount and level of clarity of the information that is given to us.

Q: Are your services available 24/7?

We have hosting support that is available 24/7 for technical issues. With our WordPress Extreme Care Plans, we will not rest until your website is working properly!

We work hard to keep those going. If you have questions, you are free to email us at any time. Mountaintop has a global team working round-the-clock to make sure all of your concerns are addressed right away. However, as we are a smaller organization, we might not be able to get back to you for inquiries or concerns sent at 2:00am.

Conclusion

As a business owner, having a website is a step in the right direction. By going online, you can reach out to a wider market of potential end users of your products and services.

Your marketing and promotional strategies will have a larger ocean to cast its net; an ocean of more than 3.5 billion daily Internet users. A website will help you grow your business by capitalizing on opportunities available on the Internet.

But just like how a brick- and- mortar business goes through maintenance and repair issues, your WordPress website likewise needs regular care. Even if you had the time to monitor your website, time is a valuable asset that is best spent managing the core business of your enterprise.

Sign up for our Extreme WordPress Care Plans and leave your site’s management to us. We will monitor your website so you can successfully go about your obligations to work and family. If there is a problem, we will take care of it and send you a report detailing the issue and how we fixed it.

If you have any questions about our Extreme WordPress Care Plans, please do not hesitate to give us a call or an email. We will get back to you right away!

Contact us today by filling out our form to learn more about our Extreme WordPress Care Plans!

Extreme WordPress care - what types of plans we offer

Cybercriminals are becoming increasingly aggressive. In the first 6 months of 2017, we’ve seen mounting evidence of state-sponsored ransomware, leaks of spy tools from U.S. intelligence agencies, campaign hacking and more daring attempts at stealing confidential information from private corporations and small businesses.

Google has mandated that websites (especially those engaged in ecommerce) should get SSL Certificates not only for security purposes but also to improve their SEO rankings. The search engine giant has included SSL as a factor in its search algorithm since 2014 but it has become more important with the updated version of Google Chrome.

But these cybercriminals will never stop because hacking has become a lucrative profession. They work round-the-clock to stay ahead of the latest security protocols including SSL Certificates.

Yes, cybercriminals have found ways to circumvent the filters provided by SSL Certificates. Still, SSL remains a vital component in your data protection and security checklist.

If your website procures confidential information or stores valuable data such as a subscriber or user base, you should get SSL certificates. But it is not enough to simply have the certificates. You must manage them responsibly.

SSL Encrypted Malicious Attacks are Rising in Frequency

Cybersecurity firm Zscaler reports that from January to August of 2017, it encountered 8.4 Million malicious attacks through SSL encrypted traffic. 7% of the malicious software or 600,000 were categorized by the company as “advanced threats”.

Zscaler also identified an average of 12,000 phishing attempts per day that bypassed the encrypted protocol. This number represents an alarming 400% increase from 2016.

According to Zscaler’s Senior Director of Security Research and Operations, Deepen Desai, hackers are using SSL as a way to conceal device infections, data exfiltration and to control communications.

SSL works to ensure the security of network traffic within an enterprise. It sits between the users and the Internet; inspecting every byte that traverses online traffic including those that have encryption. This way potential threats are intercepted before they can do damage to your network.

If you want to learn more about SSL Certificates, you can refer to our article “SSL: What It Is And Why Your Business Needs It”.

What has caused the increase in SSL- encrypted cyber crime? It is basically the natural process of adaptation.

SSL Certificates had become highly effective in stopping website infiltrations and malicious attacks. This means that the cybercriminals simply had to develop new technologies that would enable them to sidestep the security filters.

Another cyber security firm, Venafi reported that over the past year alone, 90% of IT firms in the United Kingdom saw a higher than 25% increase in the use of encryption solutions.

Venafi surveyed more than 500 companies that had employed at least 1,000 personnel. The survey covered companies located in the United Kingdom, Germany, France and the United States so Venafi could better understand the different ways encryption certificates are being used.

The interesting statistic uncovered by the study was that 90% of the CIO’s of the companies surveyed revealed that they were already attacked or at the very least under threat by malware concealed within the certificates.

Venafi concluded that the rise in malicious attacks through encryption had a direct relationship with the increase in the use of certificates. The reason?

Companies that acquired the SSL did not manage the keys and certificates responsibly.

Basically these companies lost track of how many certificates and keys they owned leaving many sites vulnerable. They unwittingly opened doors for hackers to sneak in and manipulate the certificates to suit their own selfish needs.

 The SSL Process

Let’s take a look at how the SSL process works in order to have a better understanding on why it is important to manage your SSL Certificates responsibly and make sure they are updated.

The SSL process involves authentication and data encryption. Given the volume of activity on the Internet, encryption is very important to ensure all data packets are protected during transmission.

The problem in the SSL process usually lies in authentication which covers the digital certificates.

What is a digital certificate?

It is essentially a data file which contains key information about the website’s certificate holder. The digital certificate is used to verify the authenticity of the website. Among the information indicated in the certificate are:

  • Web server’s host name
  • Issue and expire time
  • Public key for the web server

This is what a digital certificate looks like:

Image from https://www.techrepublic.com/blog/data-center/ssl-tls-certificates-what-you-need-to-know/

There are 2 types of certificates: trusted and untrusted.

Trusted certificates reside on the web browser and are signed by a recognized Certificate Authority (CA) which is an entity that is authorized to sell certificates. Untrusted certificates are self-signed and require manual installation on the web browser.

For purposes of this article, we will only focus on the process covering trusted certificates.

These are the steps involved during a web server/ web browser certificate exchange:

  1. Open your browser and type in a URL.
  2. The web server of the URL will receive the request for the website or web  page.
  3. The web server will respond by returning the certificates to your web browser.
  4. Your web browser will conduct a number of inspections such as expiration of the certificate and hostname on the certificate.
  5. Your web browser will notice the certificate from the website was signed with the CA’s private key.
  6. Your web browser will immediately check its certificate database if it has the CA’s certificate information.
  7. Once the certification information is found, your web browser will use the public key to validate the signature on the certificate sent by the website.
  8. If the certificate signature has been validated, your web browser will know the CA can be trusted. It will now also trust the web server of the website.

From this process summary, you can see why it is important to have your certificates updated. In step number 4, the expiration date on the certification will be checked and validated.

If your SSL Certificates are expired, your site is vulnerable to infiltration and other forms of malicious attacks.

As we mentioned in our previous article “SSL Basics: Why You Need It to Protect Your Website from Hackers”, the most common mode of attack is for hackers to upload a listening program on the web server. Once you type in your confidential information, the program will capture it and send it back to the hacker.

Getting SSL Certificates for your website is a definite step in the right direction. But acquiring protection is one thing; making sure it is implemented and running 24/7 is another.

If your website provides your bread and butter, you should do everything within your power to protect it from anyone with bad intentions. The Internet is rife with opportunities and opportunists. One act of carelessness or irresponsibility may be all it takes to destroy everything that you have worked hard for.

Would you spend a fortune on a home then disregard the value of a comprehensive insurance plan? Acquiring SSL Certificates is your insurance plan for your website. But it will have no value once it is expired.

What You Can Do

At this point; and after 3 articles, we hope we have made our position very clear:

If your website requires users to disclose confidential or personal information, you should secure it with SSL Certificates.

Then take the time to make sure these certificates are managed effectively.

Is there a way to ensure the integrity and effectiveness of the certificates? Yes by acquiring them from a reputable CA and have it managed by a third party service provider you can trust.

Mountaintop Web Design can offer you both! We are authorized to sell SSL Certificates and we can manage these for you so that you can dedicate all your time and energies squarely on your business.

We’ve installed and kept the certificates updated for our clients. Never lose sleep at night thinking cybercriminals are hatching diabolical plans to steal your data.

If you want to know more about the SSL Certificates we offer, please give us a call or drop an email. We will get back to you as soon as possible because we understand that every second your website remains exposed, the risk of long term and large scale damage becomes greater.

Security exists to make sure everything that we hold valuable in life is safe, secure and protected from those with malicious intent. Life has become a long list of passwords and combinations. From locker combinations to PIN codes for ATM, cellphone access to passwords for websites, social media accounts and email. It pays to err on the side of caution but having too many passwords eventually ends up compromising convenience for security.

The solution? Use a Password Manager program.

The Realities of Living in a Password-Heavy World

Here are a few interesting statistics from the June 2015 TeleSign Consumer Account Security Report on digital security concerns and practices which surveyed more than 2,000 people from the United States and the United Kingdom:

  • 75% of respondents use the same password for multiple accounts.
  • 40% of those surveyed reported that they had been hacked or notified their personal information had been compromised.
  • 21% have not changed their password for the past 10 years.
  • 47% use passwords that are at least 5 years old.

Of those who participated in the TeleSign study, 80% shared their concern about being hacked. Yet many of them still continue with their irresponsible practices regarding online security.

Like most consumers, we don’t believe we are vulnerable to crime until we finally become victims. By then, it could be too late. We end up losing more than we gained by following lackadaisical practices.

This kind of disengaged mentality is the reason why the 5 most popular passwords in 2014 were:

  1. 123456
  2. Password
  3. 12345
  4. 12345678
  5. Qwerty

You could be shaking or scratching your head; or maybe even both, but the truth is people did not take password security seriously. When making a choice between security and convenience, they chose the latter.

The fact that 40% claimed they were hacked was proof they should have taken the effort to come up with more challenging and complex passwords.

Imagine the consequences if your email password was stolen. The cyber criminal could easily reset several of your online accounts including PayPal.

But coming up with strong passwords for different purposes is easier said than done. Every program has its own parameters for strength. Some require a minimum of 10 characters. Others demand that the password contain a number, a capitalized letter and a sign.

Gone are the days when post-its on a computer screen would be enough to keep track of your passwords. With the Internet, you need to be more creative with your password and strategic when it comes to securing your codes from the bad guys.

The good news is that with a Password Manager, you no longer have to compromise convenience for additional security.

What is a Password Manager?

Password managers work by storing all of your log-in information for the websites and accounts you use. It makes logging in easier because the Password Manager does it for you automatically.

The Password Manager will encrypt your database file for all your passwords with a Master Key. In effect, the Master Key is the Master Password which you will have to come up with and is the only one you have to remember.

How Does a Password Manager Work?

Let’s say you want to log in to your Facebook account. When you use a Password Manager, you don’t have to type in your details onto the Facebook web page. Instead you type in the Master Password onto the Password Manager which fills in the correct details so you can access Facebook.

You no longer have to spend time thinking of your user name or combination of letters, numbers and signs for your password. Can you imagine not being able to log in to your Skype account because you forgot the password and the client is already online?

There are many great useful online services that we sign up with so we can make life and work easier. But the truth is, how many of these services do we actually use on a daily basis?

It is easy to forget passwords for websites that we hardly use. The same goes for emails. It is not uncommon for people to have multiple email accounts.

Another benefit of having a Password Manager is that it can create passwords for you.

Whether it is for one of your current online accounts or a new one, the Password Manager can generate a strong one for you and there is no need to extinguish brain cells trying to remember the combination. The Password Manager will do it for you.

 Which Type of Password Manager Should You Use?

Password managers are nothing new. The rise in demand for these programs was commensurate with the growth in popularity of the Internet. As more computers were integrated into systems that used Internet- based processes, it became more important to find ways to manage passwords and secure networks.  

There are different types of password managers that you can consider. The one you choose should have the features that would greatly benefit your business. Here are some of the password managers you can find in the market today:

1. Bonus-Feature Password Manager: 

Some operating systems, browsers and antivirus software offer password managers as a bonus feature or added value for choosing their program.

Examples would include those included in Chrome, Firefox and the Norton 360 comprehensive security suite.

If you feel your type of business does not need additional security and you are confident of what these password managers can do, go ahead and utilize the service.

2. Standalone Password Manager: 

These are password manager programs that are not associated with other software. KeePass and Aurora are good examples.

They provide strong encryption and Aurora has other features such as password generation, automatic form-filling and the ability to import passwords to a readable file.

This type of password manager is ideal if you use only one device for all of your computing work.

3. Password Managers with Embedded Security Hardware:

You will need hardware in order to get this password manager to save and encrypt data.

A good example would be Lenovo’s T-Series ThinkPad laptops that have an Embedded Security System mounted as a chipset on its motherboard. Only someone with the Master Password, fingerprint reader or both can access your data.

You should have this type of password manager if you work in a shared space environment where the risk of hacking is very high.

4. Web-Based Password Manager:

This is one of the latest types of password managers. It is a web-based application so you can use it from any Internet-connected device.

Examples would be RoboForm and PasswordSafe which have the same features as Aurora.

If your network consists of PC’s, laptops and tablets, this is the Password Manager for you because it can help you retrieve your passwords from all connected devices.

Risks of Using Password Managers and How to Avoid Them

Using a Password Manager will certainly make work more efficient. Instead of spending time and energy trying to remember passwords and usernames, the Password Manager will do the work for you.

But there are very real risks when entrusting your passwords to a singular system. If you had all of your valuables stored inside your home, what do you think would happen if a thief found your master key?

Here are a few tips on how to keep your Master Password secure regardless of the type of Password Manager program you are using:

  • Take steps to ensure the physical security of your computers at the home or at the office. For example, use computer locks or keep the rooms tightly secured before you leave your home or office.
  • Make sure you have a password to access the user account on your computer or mobile device.
  • Change your Master Password frequently.
  • Set a screen lock on your PC or mobile device.
  • Do not entrust your Master Password to anyone.
  • Regularly update your antivirus, malware programs and firewalls.
  • Enhance your security with a biometric program such as fingerprint reading in case you forget your Master Password.

You may also want to consider the old school approach in securing the protection of your Master Password. After all, given its importance, you should take precautionary measures in the event you somehow forget the combination.

Write down your Master Password on a piece of paper, place it in a sealed envelope and just like the recipe for Krispy Kreme’s donuts, Col. Sander’s Kentucky Fried Chicken and the Coca Cola formula, keep it under lock and key at a personal or bank vault.

How to Get Started With Your Password Manager

Once you have made your choice of Password Manager program the only thing you need to do is create your Master Password. It must be as strong as possible and offer virtually no chance of being uncovered by any hacker. Therefore, take your time coming up with one.

The most important takeaway in this article is to understand the value of managing and keeping track of your passwords given the sheer number of activities you may have on the Internet.

We hope you enjoyed reading our article on the importance of having a Password Manager. It has been a proven way of protecting websites since the 1990’s and will continue to evolve into better and more efficient programs throughout the next few years.

If you want to have one installed or have more questions on this valuable software program, please do not hesitate to give us a call or an email.

 

SSL or Secure Sockets Layer certificates protect your information from being intercepted by hackers as it is transmitted from your browser to server. More entrepreneurs are migrating their businesses from traditional brick-and-mortar to the Internet. This leads to more online transactions which involve confidential data being transferred between two parties.

But there is a third party lurking in the Internet. One with malicious intent. These unscrupulous groups or individuals are the hackers and they will stop at nothing to steal what you have for their own selfish gain.

Having an SSL certificate will help foil their diabolical plans, protect your customers and enhance the security and integrity of your e-commerce website. These certificates are not expensive to secure and are easy to install and manage. Best of all, they will give you peace of mind that you; and not the bad guys, will reap the fruits of your labor.

The Lure of the Internet and Why You Need SSL Now More Than Ever

In the United States alone, e-commerce generated revenues of $394.86 Billion in 2016. This amount represented 42% growth of the total retail industry for the year. By comparison, global sales of e-commerce in 2016 totaled $1.859 Trillion and is projected to hit $4.479 Trillion by 2021.

An online business is easier to manage while giving you access to a population of billions who scour the Internet everyday for information and the best deals. But these websites are also under constant attack from unethical groups or individuals who want to take what you have worked hard for.

Hackers are well aware of the huge growth potential of Internet- based businesses over the next few years. Unfortunately the vast market of opportunities offered by the Internet for you to grow your business also increases your level of vulnerability from malicious attacks.

Your website can be compromised in many different ways. It is not just identity theft or loss of data you should worry about. Hackers can upload inappropriate content on your website and destroy your online reputation.

And some of them do it for fun. They don’t get paid. Think of it as earning their “Internet Cred” or building their own hacking reputation at your expense.

Getting SSL Certificates is No Longer a Choice

We wrote about SSL in an earlier article, “SSL: What It Is And Why Your Business Needs It”. But we believe there is more ground to cover regarding SSL. We also want to stress the urgency for online businesses, especially those involved in e-commerce, to secure SSL certificates.

In fact, getting SSL certificates for your website is no longer a choice.

You should get them to protect your website from being attacked because the hackers will not stop until they have taken what you already have.

If you want to learn about the economic cost of hacking to your business and the frequency of these attacks, you can refer to our article, “How to Protect Your Website from Hackers”.

No surprise that getting SSL certificates is listed as one of the most important courses of action.

But securing your website is not the only benefit from procuring SSL. As you will find out later in this article, these certificates can also give your website a boost in the search rankings!

 What is SSL?

Earlier we gave our definition of SSL. However to get a better understanding of these certificates, what they can do and the entire encryption process, let’s look at the textbook definition of SSL:

SSL is the standard security technology for creating an encrypted link between a web server and a browser which ensures that all data passed between the web server and browser remain private.

The best way to understand the definition is to break down the process of transmitting data from browser to web server:

  • You click on a link of special interest and end up on a web page with a form that requires you to provide information. Depending on the type of form, the required information could include your address, phone number, Social Security Number, Driver’s License or birth date.
  • Once you click “Send”, the information is transmitted from your browser to the web server. It is during this process of transmission that the information can be intercepted by hackers. How?
  • The most common method is for the hacker to upload a “listening program” on the server that is hosting the website.
  • When you start typing in the information, the listening program will capture the data and send it to the hacker.

How does having SSL Certificates prevent your information from being intercepted by hackers?

With the SSL, your browser will form a connection with the web server. It will identify the data on the certificates and once confirmed, will establish a powerful link with the web server so that no one else will be able to see the information.

How can you tell that a website has SSL certificates? There are two ways to determine if a website has been secured with SSL:

  1. The URL indicates “https://” instead of “http://”. The “s” is the difference.
  2. Depending on your browser, you will see a padlock icon on the left or right hand side of the URL.

Is it still possible for a website to be unsecured even if the URL has either of these two indicators?

Yes if the certificates are invalid or expired!

If a website keeps asking for confidential information, it would be a good idea to check if the certificates are still valid:

  • If you are using Chrome, go to view > Developer’s Tools
  • Navigate the security tab to find out if the SSL Certificates are still valid.

In a future article we will discuss why it is absolutely important to keep track of the validity period of your SSL Certificates. Many businesses; large corporations included, had their systems and databases compromised because they did not manage their certificates responsibly.

Will Having SSL Improve Your Search Rankings?

In 2014, Google announced that it would include SSL as a factor in its search ranking algorithm. The search ranking giant said that between two websites the one with SSL will outrank the one without.

Google’s purpose for including SSL was to encourage website owners to prioritize security for their customers by getting  the certificates.

A study by HubSpot showed that 85% of Internet users will abandon the search if the site is not secured. Google’s research in January 2017 had similar results for websites that required users to disclose confidential information. You may have come across websites that carry the “not secure” warning. Chances are it made you forego exploring the site any further.

Google will be introducing version 62 of its Chrome browser. It will advise Internet users if the page they land on has forms but is not secured by SSL certificates.

For Internet users that go on incognito mode, Chrome will always identify websites that are not secured by SSL. For those that don’t go incognito, Chrome will reveal that the site is not secured once the user starts typing information onto the form.

Since Chrome is the dominant browser on the Internet, version 62 will definitely have an impact on the search rankings of e-commerce and other websites that integrate forms in their pages.

How to Get SSL Certificates For Your Website

Google has provided the following guidelines on how to get SSL Certificates for your website:

  • Identify the kind of certificate you need: Single, multi-domain or wildcard.
  • Choose 2048-bit key certificates.
  • Choose relative URLs for resources that reside on the same secure domain.
  • Use protocol relative URLs for all other domains.
  • Don’t prevent robots.txt from crawling your website.
  • Enable search engines to index your web pages whenever possible.
  • Do not use the noindex robots meta tag.

If this all seems confusing to you, just leave it to us to help you secure your SSL Certificates.

It is always a good idea to have professional webmasters handle the technical aspects of your website. Plus these certificates have an expiration period of one year. As previously mentioned, if your certificates expire, your website will be left unsecured.

We will make sure your SSL Certificates are managed and updated as necessary. As you will find out in a forthcoming article, websites that are covered by SSL are facing a new kind of threat. It is no longer just enough to simply have the certificates. You must manage them responsibly.

We hope that you enjoyed reading this article as much as we did writing it. Website security is more important today than ever before as hackers are getting aggressive with their methods.

If you want to learn more about SSL and how to get the certificates for your website, please do not hesitate to give us a call or an email.

 

One of the hardest aspects of starting a business is coming up with a name for it. Your business name forms part of your brand. It should be easy to remember, relevant to your trade and of course, original. These qualities are important because your business name carries over to your domain name. Now what would you do if you tried to register it and found out the domain name was already taken? You could be a victim of Cybersquatting.

What is Cybersquatting?

Cybersquatting is the act of registering, selling or using a domain name for the purpose of extracting profit from the goodwill of another person’s trademark.

Here is the official definition of cybersquatting from the U.S. Anti-Cybersquatting Consumer Protection Act (ACPA):

“Cybersquatting is the opportunistic practice of registering, trafficking in and using a domain name resembling a trademark belonging to someone else with the aim to profit from it.”

It is difficult to refer to cybersquatters as “enterprising” but they had the foresight of buying domain names of existing businesses that hesitated going online for a long time.

Panasonic, Hertz and Avon are just a few of the large, successful companies that had their domain names held hostage and paid out as much as $15,000 to reclaim them.

The cost of registering a domain name? US$6.00.

Cybersquatting has its roots in the late 1990’s as the Internet moved toward global accessibility. In 1995, the Internet was only accessible to 16 million people or roughly 0.4% of the world’s population.

By the year 2000, 304 million people had Internet connectivity. Today, an estimated 3.88 billion or 52% of the world’s population are on the Internet everyday.

As more businesses migrate their operations online, more opportunities become available for cybersquatters. According to the Arbitration and Mediation Center of the World Intellectual Property Organization (WIPO), it received 2,754 complaints related to cybersquatting in 2015. This was a 5% increase from 2014.

Types of Cybersquatting

The reality is cybersquatters are free to register any domain names that remain available even if these are similar to those that have already been registered.

Domain registration in the United States goes through the Internet Corporation for Assigned Names and Numbers (ICANN). This is a non-profit organization that was formed in November 1998. ICANN was given the responsibility of managing ownership of the Domain System.

A domain name is registered through a master database when you file an application with one of ICANN’s accredited registrars. If the domain name is available and the applicant pays the fee, the applicant automatically becomes the owner of the website name.

Keep this rule in mind when coming up with a business name: Registering domain names is on a first-come, first-serve basis.

ICANN’s registrars are not tasked to check if the applicant of the domain name is related or associated with the business that owns the trademark.

Thus if “mountaintopwebdesign.com” was available, an applicant with no relation to Mountaintop Web Design would be able to acquire the domain name.

Lack of domain name regulation has resulted in cybersquatters coming up with different schemes to profit from holding your trade name hostage:

1. Typosquatting.

This type of cybersquatting goes by other terms such as “URL hijacking”, “a sting site” and “fake URL”. Typosquatters capitalize on mistakes frequently made by Internet users when typing a URL. For example:

  • Misspellings – www.mountantopwebdesign.com
  • Different Phrasing – www.mountaintopwebdesigns.com
  • Use of other domain variations – www.mountaintopwebdesign.net
  • Fake website – Looks similar to the authentic website in terms of layout, design and content.

2. Identity Theft.

Cybersquatters use software that allows them to track down domain names which were unintentionally not renewed by the owner. Once the cybersquatter re-registers the domain name, he may link it with a website that duplicates the original. Visitors of the cybersquatter’s website will think they have clicked unto the original website.

3. Name Jacking.

In the United States, your name can avail of trademark protection if it is distinct through advertising, associated as a brand or established as an entity. A good example would be the personal name of a popular celebrity.

But personal names that do not fall under these qualifications cannot avail of trademark protection because people within the same geographic area may have the same name.

Name jacking is the act of registering a domain name associated with an individual. The usual targets are celebrities and other famous people. As an example, pop singer Madonna’s name was used to launch a pornographic site madonna.com.

4. Reverse Cybersquatting.

This is a direct attempt to steal your domain name by taking advantage of existing dispute resolution procedures. The reverse cybersquatter will try to pressure you into transferring its legitimate ownership to another person or organization that has registered a trademark reflected in the domain name.

 How Do Cybersquatters Profit?

There are five ways a cybersquatter monetizes these illegal practices:

1. Domain Parking

Redirects a domain name to a website that carries advertisement so it can generate traffic.

2. Domain Name Ransom

Cybersquatter uses domain name to spread ransomware. The malicious program blocks access until the victim pays the amount of the ransom.

3. Affiliate Marketing

Redirects domain name to websites used for selling products and services in exchange for commissions.

4. Hit Stealing

Refers a visitor of the cybersquatted domain name to the website of a competitor.

5. Scamming

This practice covers identity theft and credit card fraud. People who land on a cybersquatted website may be asked to provide confidential information to win prizes in a raffle.

How to Find Out if You Are a Victim of Cybersquatting

So now you have finally decided on a domain name. If you want to know if it is being used by a cybersquatter, simply type the domain name in the address bar , then press “enter” to find out where it will lead you.

Here are a few possible scenarios:

  • You land on a website that states “This domain is for sale”, “Under construction” or “Can’t find server”. It becomes increasingly clear that the owner’s purpose is to profit off the sale of the domain name.
  • You end up on a fully- functioning website packed with advertisements for products and services similar to those carried under your trademark. The purpose of the cybersquatter is to profit off the goodwill of your trade name.
  • You find yourself in a website that has a similar domain name but does not compete with your products or services. This is not a case of cybersquatting but possibly trademark infringement.

It is frustrating to know you cannot use the domain name you worked on and want for your online business. But rather than allow your emotions to take over, breathe, analyze the situation carefully and think of other possibilities.

For example if the web page reads “Under construction”, it is still within the realm of possibility that the owner of the domain name has legitimate plans for the website.

The next step is to find out the identity of the person who owns the domain name. You can do this by going to whois.net and using its “WHOis lookup” feature. Contact the registered owner and see if he or she is willing to sell you the domain name at the right price.

If the price is reasonable then buy the domain name. It will be a cheaper option than going through an arbitration or litigation process.

What to Do if You Are a Victim of Cybersquatting

If it is confirmed that you are a victim of cybersquatting and the domain owner has not shown reasonable interest in negotiating the sale or turnover of the domain name to you, there are two options you can exercise:

  1. Apply for arbitration procedures under ICANN.
  2. Sue the domain name owner under the Anticybersquatting Consumer Protection Act or ACPA

How do these two options vary?

Arbitration Through ICANN

ICANN developed and implemented the Uniform Domain Name Dispute Resolution Policy (UDNDRP) in 1999. This policy was designed as a measure for resolving disputes regarding domain names.

The UDNDRP prescribes an arbitration not a litigation process which can be initiated by any person or complainant who argues the following instances to the ICANN:

  • That the domain name in question is identical and confusingly similar to a trademark to which the complainant has rights to;
  • That the domain name owner has no rights or expressed any legitimate interest in the domain name;
  • That the domain name in question which has been registered is being used in bad faith.

If these conditions can be successfully proven, the domain name will be cancelled and rights of use transferred to the complainant. It should be noted that financial remedies are not covered under the UDNDRP.

Litigation Through the ACPA

Under the ACPA, you can sue an alleged cybersquatter in federal court and secure a court order to retrieve the domain name. There have been cases where the cybersquatter will be asked to pay monetary damages.

To win your case versus a cybersquatter, you must be able to prove the following:

  • There is bad faith intent to profit from the use of the domain name;
  • Your trademark or business name was already distinctive at the time the domain name was registered;
  • The domain name is indisputably identical and confusingly similar to your trademark;
  • Your trademark qualifies for protection under existing federal trademark laws because it is distinctive and you were the first one to use it for the purpose of commerce.

However if the alleged cybersquatter can prove that he had legitimate reasons to register the domain name without trying to profit by selling it back to the complainant, the federal court may allow him to keep it.

What would be your best option?

Most trademark experts will advise you to go through the arbitration process under ICANN because it is faster and inexpensive as you are not required to have the assistance of an attorney.

Conclusion

With thousands of businesses being registered every day, it can be a challenge finding a trade name that is unique and all your own.

71% of small businesses in the United States have websites. Of the 29% that don’t have websites, 92% say they will put it off until 2018. There is very high possibility that these small business owners will deal with cybersquatters by then.

Don’t be part of the 92%. If you have a business in mind, setting up a mobile responsive website should always be part of your development plan. Once you have a trade name in mind, register it as your domain name right away.

Remember the rule we stated earlier in this article:

Registering domain names is on a first-come, first-serve basis.

At Mountaintop, domain name registration is part of the web design process. We will assist you in securing your domain name before cybersquatters can hold it hostage.

If you want to know more about domain name registration, please feel free to give us a call or drop us an email. We will do our best to keep you from becoming a victim of cybersquatters.