Security exists to make sure everything that we hold valuable in life is safe, secure and protected from those with malicious intent. Life has become a long list of passwords and combinations. From locker combinations to PIN codes for ATM, cellphone access to passwords for websites, social media accounts and email. It pays to err on the side of caution but having too many passwords eventually ends up compromising convenience for security.

The solution? Use a Password Manager program.

The Realities of Living in a Password-Heavy World

Here are a few interesting statistics from the June 2015 TeleSign Consumer Account Security Report on digital security concerns and practices which surveyed more than 2,000 people from the United States and the United Kingdom:

  • 75% of respondents use the same password for multiple accounts.
  • 40% of those surveyed reported that they had been hacked or notified their personal information had been compromised.
  • 21% have not changed their password for the past 10 years.
  • 47% use passwords that are at least 5 years old.

Of those who participated in the TeleSign study, 80% shared their concern about being hacked. Yet many of them still continue with their irresponsible practices regarding online security.

Like most consumers, we don’t believe we are vulnerable to crime until we finally become victims. By then, it could be too late. We end up losing more than we gained by following lackadaisical practices.

This kind of disengaged mentality is the reason why the 5 most popular passwords in 2014 were:

  1. 123456
  2. Password
  3. 12345
  4. 12345678
  5. Qwerty

You could be shaking or scratching your head; or maybe even both, but the truth is people did not take password security seriously. When making a choice between security and convenience, they chose the latter.

The fact that 40% claimed they were hacked was proof they should have taken the effort to come up with more challenging and complex passwords.

Imagine the consequences if your email password was stolen. The cyber criminal could easily reset several of your online accounts including PayPal.

But coming up with strong passwords for different purposes is easier said than done. Every program has its own parameters for strength. Some require a minimum of 10 characters. Others demand that the password contain a number, a capitalized letter and a sign.

Gone are the days when post-its on a computer screen would be enough to keep track of your passwords. With the Internet, you need to be more creative with your password and strategic when it comes to securing your codes from the bad guys.

The good news is that with a Password Manager, you no longer have to compromise convenience for additional security.

What is a Password Manager?

Password managers work by storing all of your log-in information for the websites and accounts you use. It makes logging in easier because the Password Manager does it for you automatically.

The Password Manager will encrypt your database file for all your passwords with a Master Key. In effect, the Master Key is the Master Password which you will have to come up with and is the only one you have to remember.

How Does a Password Manager Work?

Let’s say you want to log in to your Facebook account. When you use a Password Manager, you don’t have to type in your details onto the Facebook web page. Instead you type in the Master Password onto the Password Manager which fills in the correct details so you can access Facebook.

You no longer have to spend time thinking of your user name or combination of letters, numbers and signs for your password. Can you imagine not being able to log in to your Skype account because you forgot the password and the client is already online?

There are many great useful online services that we sign up with so we can make life and work easier. But the truth is, how many of these services do we actually use on a daily basis?

It is easy to forget passwords for websites that we hardly use. The same goes for emails. It is not uncommon for people to have multiple email accounts.

Another benefit of having a Password Manager is that it can create passwords for you.

Whether it is for one of your current online accounts or a new one, the Password Manager can generate a strong one for you and there is no need to extinguish brain cells trying to remember the combination. The Password Manager will do it for you.

 Which Type of Password Manager Should You Use?

Password managers are nothing new. The rise in demand for these programs was commensurate with the growth in popularity of the Internet. As more computers were integrated into systems that used Internet- based processes, it became more important to find ways to manage passwords and secure networks.  

There are different types of password managers that you can consider. The one you choose should have the features that would greatly benefit your business. Here are some of the password managers you can find in the market today:

1. Bonus-Feature Password Manager: 

Some operating systems, browsers and antivirus software offer password managers as a bonus feature or added value for choosing their program.

Examples would include those included in Chrome, Firefox and the Norton 360 comprehensive security suite.

If you feel your type of business does not need additional security and you are confident of what these password managers can do, go ahead and utilize the service.

2. Standalone Password Manager: 

These are password manager programs that are not associated with other software. KeePass and Aurora are good examples.

They provide strong encryption and Aurora has other features such as password generation, automatic form-filling and the ability to import passwords to a readable file.

This type of password manager is ideal if you use only one device for all of your computing work.

3. Password Managers with Embedded Security Hardware:

You will need hardware in order to get this password manager to save and encrypt data.

A good example would be Lenovo’s T-Series ThinkPad laptops that have an Embedded Security System mounted as a chipset on its motherboard. Only someone with the Master Password, fingerprint reader or both can access your data.

You should have this type of password manager if you work in a shared space environment where the risk of hacking is very high.

4. Web-Based Password Manager:

This is one of the latest types of password managers. It is a web-based application so you can use it from any Internet-connected device.

Examples would be RoboForm and PasswordSafe which have the same features as Aurora.

If your network consists of PC’s, laptops and tablets, this is the Password Manager for you because it can help you retrieve your passwords from all connected devices.

Risks of Using Password Managers and How to Avoid Them

Using a Password Manager will certainly make work more efficient. Instead of spending time and energy trying to remember passwords and usernames, the Password Manager will do the work for you.

But there are very real risks when entrusting your passwords to a singular system. If you had all of your valuables stored inside your home, what do you think would happen if a thief found your master key?

Here are a few tips on how to keep your Master Password secure regardless of the type of Password Manager program you are using:

  • Take steps to ensure the physical security of your computers at the home or at the office. For example, use computer locks or keep the rooms tightly secured before you leave your home or office.
  • Make sure you have a password to access the user account on your computer or mobile device.
  • Change your Master Password frequently.
  • Set a screen lock on your PC or mobile device.
  • Do not entrust your Master Password to anyone.
  • Regularly update your antivirus, malware programs and firewalls.
  • Enhance your security with a biometric program such as fingerprint reading in case you forget your Master Password.

You may also want to consider the old school approach in securing the protection of your Master Password. After all, given its importance, you should take precautionary measures in the event you somehow forget the combination.

Write down your Master Password on a piece of paper, place it in a sealed envelope and just like the recipe for Krispy Kreme’s donuts, Col. Sander’s Kentucky Fried Chicken and the Coca Cola formula, keep it under lock and key at a personal or bank vault.

How to Get Started With Your Password Manager

Once you have made your choice of Password Manager program the only thing you need to do is create your Master Password. It must be as strong as possible and offer virtually no chance of being uncovered by any hacker. Therefore, take your time coming up with one.

The most important takeaway in this article is to understand the value of managing and keeping track of your passwords given the sheer number of activities you may have on the Internet.

We hope you enjoyed reading our article on the importance of having a Password Manager. It has been a proven way of protecting websites since the 1990’s and will continue to evolve into better and more efficient programs throughout the next few years.

If you want to have one installed or have more questions on this valuable software program, please do not hesitate to give us a call or an email.

 

SSL or Secure Sockets Layer certificates protect your information from being intercepted by hackers as it is transmitted from your browser to server. More entrepreneurs are migrating their businesses from traditional brick-and-mortar to the Internet. This leads to more online transactions which involve confidential data being transferred between two parties.

But there is a third party lurking in the Internet. One with malicious intent. These unscrupulous groups or individuals are the hackers and they will stop at nothing to steal what you have for their own selfish gain.

Having an SSL certificate will help foil their diabolical plans, protect your customers and enhance the security and integrity of your e-commerce website. These certificates are not expensive to secure and are easy to install and manage. Best of all, they will give you peace of mind that you; and not the bad guys, will reap the fruits of your labor.

The Lure of the Internet and Why You Need SSL Now More Than Ever

In the United States alone, e-commerce generated revenues of $394.86 Billion in 2016. This amount represented 42% growth of the total retail industry for the year. By comparison, global sales of e-commerce in 2016 totaled $1.859 Trillion and is projected to hit $4.479 Trillion by 2021.

An online business is easier to manage while giving you access to a population of billions who scour the Internet everyday for information and the best deals. But these websites are also under constant attack from unethical groups or individuals who want to take what you have worked hard for.

Hackers are well aware of the huge growth potential of Internet- based businesses over the next few years. Unfortunately the vast market of opportunities offered by the Internet for you to grow your business also increases your level of vulnerability from malicious attacks.

Your website can be compromised in many different ways. It is not just identity theft or loss of data you should worry about. Hackers can upload inappropriate content on your website and destroy your online reputation.

And some of them do it for fun. They don’t get paid. Think of it as earning their “Internet Cred” or building their own hacking reputation at your expense.

Getting SSL Certificates is No Longer a Choice

We wrote about SSL in an earlier article, “SSL: What It Is And Why Your Business Needs It”. But we believe there is more ground to cover regarding SSL. We also want to stress the urgency for online businesses, especially those involved in e-commerce, to secure SSL certificates.

In fact, getting SSL certificates for your website is no longer a choice.

You should get them to protect your website from being attacked because the hackers will not stop until they have taken what you already have.

If you want to learn about the economic cost of hacking to your business and the frequency of these attacks, you can refer to our article, “How to Protect Your Website from Hackers”.

No surprise that getting SSL certificates is listed as one of the most important courses of action.

But securing your website is not the only benefit from procuring SSL. As you will find out later in this article, these certificates can also give your website a boost in the search rankings!

 What is SSL?

Earlier we gave our definition of SSL. However to get a better understanding of these certificates, what they can do and the entire encryption process, let’s look at the textbook definition of SSL:

SSL is the standard security technology for creating an encrypted link between a web server and a browser which ensures that all data passed between the web server and browser remain private.

The best way to understand the definition is to break down the process of transmitting data from browser to web server:

  • You click on a link of special interest and end up on a web page with a form that requires you to provide information. Depending on the type of form, the required information could include your address, phone number, Social Security Number, Driver’s License or birth date.
  • Once you click “Send”, the information is transmitted from your browser to the web server. It is during this process of transmission that the information can be intercepted by hackers. How?
  • The most common method is for the hacker to upload a “listening program” on the server that is hosting the website.
  • When you start typing in the information, the listening program will capture the data and send it to the hacker.

How does having SSL Certificates prevent your information from being intercepted by hackers?

With the SSL, your browser will form a connection with the web server. It will identify the data on the certificates and once confirmed, will establish a powerful link with the web server so that no one else will be able to see the information.

How can you tell that a website has SSL certificates? There are two ways to determine if a website has been secured with SSL:

  1. The URL indicates “https://” instead of “http://”. The “s” is the difference.
  2. Depending on your browser, you will see a padlock icon on the left or right hand side of the URL.

Is it still possible for a website to be unsecured even if the URL has either of these two indicators?

Yes if the certificates are invalid or expired!

If a website keeps asking for confidential information, it would be a good idea to check if the certificates are still valid:

  • If you are using Chrome, go to view > Developer’s Tools
  • Navigate the security tab to find out if the SSL Certificates are still valid.

In a future article we will discuss why it is absolutely important to keep track of the validity period of your SSL Certificates. Many businesses; large corporations included, had their systems and databases compromised because they did not manage their certificates responsibly.

Will Having SSL Improve Your Search Rankings?

In 2014, Google announced that it would include SSL as a factor in its search ranking algorithm. The search ranking giant said that between two websites the one with SSL will outrank the one without.

Google’s purpose for including SSL was to encourage website owners to prioritize security for their customers by getting  the certificates.

A study by HubSpot showed that 85% of Internet users will abandon the search if the site is not secured. Google’s research in January 2017 had similar results for websites that required users to disclose confidential information. You may have come across websites that carry the “not secure” warning. Chances are it made you forego exploring the site any further.

Google will be introducing version 62 of its Chrome browser. It will advise Internet users if the page they land on has forms but is not secured by SSL certificates.

For Internet users that go on incognito mode, Chrome will always identify websites that are not secured by SSL. For those that don’t go incognito, Chrome will reveal that the site is not secured once the user starts typing information onto the form.

Since Chrome is the dominant browser on the Internet, version 62 will definitely have an impact on the search rankings of e-commerce and other websites that integrate forms in their pages.

How to Get SSL Certificates For Your Website

Google has provided the following guidelines on how to get SSL Certificates for your website:

  • Identify the kind of certificate you need: Single, multi-domain or wildcard.
  • Choose 2048-bit key certificates.
  • Choose relative URLs for resources that reside on the same secure domain.
  • Use protocol relative URLs for all other domains.
  • Don’t prevent robots.txt from crawling your website.
  • Enable search engines to index your web pages whenever possible.
  • Do not use the noindex robots meta tag.

If this all seems confusing to you, just leave it to us to help you secure your SSL Certificates.

It is always a good idea to have professional webmasters handle the technical aspects of your website. Plus these certificates have an expiration period of one year. As previously mentioned, if your certificates expire, your website will be left unsecured.

We will make sure your SSL Certificates are managed and updated as necessary. As you will find out in a forthcoming article, websites that are covered by SSL are facing a new kind of threat. It is no longer just enough to simply have the certificates. You must manage them responsibly.

We hope that you enjoyed reading this article as much as we did writing it. Website security is more important today than ever before as hackers are getting aggressive with their methods.

If you want to learn more about SSL and how to get the certificates for your website, please do not hesitate to give us a call or an email.

 

One of the hardest aspects of starting a business is coming up with a name for it. Your business name forms part of your brand. It should be easy to remember, relevant to your trade and of course, original. These qualities are important because your business name carries over to your domain name. Now what would you do if you tried to register it and found out the domain name was already taken? You could be a victim of Cybersquatting.

What is Cybersquatting?

Cybersquatting is the act of registering, selling or using a domain name for the purpose of extracting profit from the goodwill of another person’s trademark.

Here is the official definition of cybersquatting from the U.S. Anti-Cybersquatting Consumer Protection Act (ACPA):

“Cybersquatting is the opportunistic practice of registering, trafficking in and using a domain name resembling a trademark belonging to someone else with the aim to profit from it.”

It is difficult to refer to cybersquatters as “enterprising” but they had the foresight of buying domain names of existing businesses that hesitated going online for a long time.

Panasonic, Hertz and Avon are just a few of the large, successful companies that had their domain names held hostage and paid out as much as $15,000 to reclaim them.

The cost of registering a domain name? US$6.00.

Cybersquatting has its roots in the late 1990’s as the Internet moved toward global accessibility. In 1995, the Internet was only accessible to 16 million people or roughly 0.4% of the world’s population.

By the year 2000, 304 million people had Internet connectivity. Today, an estimated 3.88 billion or 52% of the world’s population are on the Internet everyday.

As more businesses migrate their operations online, more opportunities become available for cybersquatters. According to the Arbitration and Mediation Center of the World Intellectual Property Organization (WIPO), it received 2,754 complaints related to cybersquatting in 2015. This was a 5% increase from 2014.

Types of Cybersquatting

The reality is cybersquatters are free to register any domain names that remain available even if these are similar to those that have already been registered.

Domain registration in the United States goes through the Internet Corporation for Assigned Names and Numbers (ICANN). This is a non-profit organization that was formed in November 1998. ICANN was given the responsibility of managing ownership of the Domain System.

A domain name is registered through a master database when you file an application with one of ICANN’s accredited registrars. If the domain name is available and the applicant pays the fee, the applicant automatically becomes the owner of the website name.

Keep this rule in mind when coming up with a business name: Registering domain names is on a first-come, first-serve basis.

ICANN’s registrars are not tasked to check if the applicant of the domain name is related or associated with the business that owns the trademark.

Thus if “mountaintopwebdesign.com” was available, an applicant with no relation to Mountaintop Web Design would be able to acquire the domain name.

Lack of domain name regulation has resulted in cybersquatters coming up with different schemes to profit from holding your trade name hostage:

1. Typosquatting.

This type of cybersquatting goes by other terms such as “URL hijacking”, “a sting site” and “fake URL”. Typosquatters capitalize on mistakes frequently made by Internet users when typing a URL. For example:

  • Misspellings – www.mountantopwebdesign.com
  • Different Phrasing – www.mountaintopwebdesigns.com
  • Use of other domain variations – www.mountaintopwebdesign.net
  • Fake website – Looks similar to the authentic website in terms of layout, design and content.

2. Identity Theft.

Cybersquatters use software that allows them to track down domain names which were unintentionally not renewed by the owner. Once the cybersquatter re-registers the domain name, he may link it with a website that duplicates the original. Visitors of the cybersquatter’s website will think they have clicked unto the original website.

3. Name Jacking.

In the United States, your name can avail of trademark protection if it is distinct through advertising, associated as a brand or established as an entity. A good example would be the personal name of a popular celebrity.

But personal names that do not fall under these qualifications cannot avail of trademark protection because people within the same geographic area may have the same name.

Name jacking is the act of registering a domain name associated with an individual. The usual targets are celebrities and other famous people. As an example, pop singer Madonna’s name was used to launch a pornographic site madonna.com.

4. Reverse Cybersquatting.

This is a direct attempt to steal your domain name by taking advantage of existing dispute resolution procedures. The reverse cybersquatter will try to pressure you into transferring its legitimate ownership to another person or organization that has registered a trademark reflected in the domain name.

 How Do Cybersquatters Profit?

There are five ways a cybersquatter monetizes these illegal practices:

1. Domain Parking

Redirects a domain name to a website that carries advertisement so it can generate traffic.

2. Domain Name Ransom

Cybersquatter uses domain name to spread ransomware. The malicious program blocks access until the victim pays the amount of the ransom.

3. Affiliate Marketing

Redirects domain name to websites used for selling products and services in exchange for commissions.

4. Hit Stealing

Refers a visitor of the cybersquatted domain name to the website of a competitor.

5. Scamming

This practice covers identity theft and credit card fraud. People who land on a cybersquatted website may be asked to provide confidential information to win prizes in a raffle.

How to Find Out if You Are a Victim of Cybersquatting

So now you have finally decided on a domain name. If you want to know if it is being used by a cybersquatter, simply type the domain name in the address bar , then press “enter” to find out where it will lead you.

Here are a few possible scenarios:

  • You land on a website that states “This domain is for sale”, “Under construction” or “Can’t find server”. It becomes increasingly clear that the owner’s purpose is to profit off the sale of the domain name.
  • You end up on a fully- functioning website packed with advertisements for products and services similar to those carried under your trademark. The purpose of the cybersquatter is to profit off the goodwill of your trade name.
  • You find yourself in a website that has a similar domain name but does not compete with your products or services. This is not a case of cybersquatting but possibly trademark infringement.

It is frustrating to know you cannot use the domain name you worked on and want for your online business. But rather than allow your emotions to take over, breathe, analyze the situation carefully and think of other possibilities.

For example if the web page reads “Under construction”, it is still within the realm of possibility that the owner of the domain name has legitimate plans for the website.

The next step is to find out the identity of the person who owns the domain name. You can do this by going to whois.net and using its “WHOis lookup” feature. Contact the registered owner and see if he or she is willing to sell you the domain name at the right price.

If the price is reasonable then buy the domain name. It will be a cheaper option than going through an arbitration or litigation process.

What to Do if You Are a Victim of Cybersquatting

If it is confirmed that you are a victim of cybersquatting and the domain owner has not shown reasonable interest in negotiating the sale or turnover of the domain name to you, there are two options you can exercise:

  1. Apply for arbitration procedures under ICANN.
  2. Sue the domain name owner under the Anticybersquatting Consumer Protection Act or ACPA

How do these two options vary?

Arbitration Through ICANN

ICANN developed and implemented the Uniform Domain Name Dispute Resolution Policy (UDNDRP) in 1999. This policy was designed as a measure for resolving disputes regarding domain names.

The UDNDRP prescribes an arbitration not a litigation process which can be initiated by any person or complainant who argues the following instances to the ICANN:

  • That the domain name in question is identical and confusingly similar to a trademark to which the complainant has rights to;
  • That the domain name owner has no rights or expressed any legitimate interest in the domain name;
  • That the domain name in question which has been registered is being used in bad faith.

If these conditions can be successfully proven, the domain name will be cancelled and rights of use transferred to the complainant. It should be noted that financial remedies are not covered under the UDNDRP.

Litigation Through the ACPA

Under the ACPA, you can sue an alleged cybersquatter in federal court and secure a court order to retrieve the domain name. There have been cases where the cybersquatter will be asked to pay monetary damages.

To win your case versus a cybersquatter, you must be able to prove the following:

  • There is bad faith intent to profit from the use of the domain name;
  • Your trademark or business name was already distinctive at the time the domain name was registered;
  • The domain name is indisputably identical and confusingly similar to your trademark;
  • Your trademark qualifies for protection under existing federal trademark laws because it is distinctive and you were the first one to use it for the purpose of commerce.

However if the alleged cybersquatter can prove that he had legitimate reasons to register the domain name without trying to profit by selling it back to the complainant, the federal court may allow him to keep it.

What would be your best option?

Most trademark experts will advise you to go through the arbitration process under ICANN because it is faster and inexpensive as you are not required to have the assistance of an attorney.

Conclusion

With thousands of businesses being registered every day, it can be a challenge finding a trade name that is unique and all your own.

71% of small businesses in the United States have websites. Of the 29% that don’t have websites, 92% say they will put it off until 2018. There is very high possibility that these small business owners will deal with cybersquatters by then.

Don’t be part of the 92%. If you have a business in mind, setting up a mobile responsive website should always be part of your development plan. Once you have a trade name in mind, register it as your domain name right away.

Remember the rule we stated earlier in this article:

Registering domain names is on a first-come, first-serve basis.

At Mountaintop, domain name registration is part of the web design process. We will assist you in securing your domain name before cybersquatters can hold it hostage.

If you want to know more about domain name registration, please feel free to give us a call or drop us an email. We will do our best to keep you from becoming a victim of cybersquatters.  

 

When your E-commerce website goes live, it’s like opening the doors of a brick- and- mortar business inside a commercial location. Except that instead of welcoming 10,000 people who comprise daily foot traffic, you are on the Internet where 3.7 Billion users are searching for information every day.

People who enter your business premises are not all potential consumers. Some may buy, others may just want to look around while a few may have stumbled upon your business by accident. Then there are those who did intend to enter your premises but not to patronize your products or services.

They have malicious intent. They have infiltrated your business to steal valuable data. Others have a worse agenda. They want to destroy your business through a number of ways. They could eradicate your records, shut down your system or post inappropriate messages to soil your business reputation.

These virtual sociopaths are called hackers. They aren’t petty criminals who enter a convenience to steal a few hundred dollars or a six pack of beer. Hackers are not just high school kids on a mission to build a reputation of online notoriety from their mom’s basement. There are groups that are funded by organized crime to conduct hacking activities.

The Economic Cost of Website Hacking

According to the Internet security teams at Symantec and Verizon, almost one million cyber attacks are launched everyday. In 2014 alone, Symantec uncovered 317 million pieces of malware or software viruses.

The U.S. State Department alone reportedly blocks thousands of hacking attempts everyday. In 2014, the agency was forced to shut down its email system after a series of aggressive cyber attacks from a suspected group of Russian hackers.

A study by the Center for Strategic and International Studies revealed that hacking costs the U.S. economy $100 Billion a year. On a global scale, hacking costs the world economy an estimated $300 Billion every year. The study continues that hacking results in the loss of 500,000 jobs every year in the United States alone due to business closures.

While the mainstream media has mainly focused on cyber attacks launched versus big businesses such as Sony, Target and JP Morgan Chase, small business owners are much more vulnerable to hacking activities.

A study by McAfee showed that nearly 90% of small and medium sized businesses in the United States do not have data protection or security measures installed on their websites. Meanwhile, almost 50% of small business emails remain highly susceptible to phishing scams.

If you think hackers only go after the Big Fish, you are wrong.

98% of all businesses registered everyday fall under the classification of small business. Approximately 543,000 small businesses start out every month. In 2013 alone there were a total of 28 million small business owners in the United States.

Right after the Charlie Hebdo terrorist attacks in France in 2015, hackers went after 19,000 French websites.

Cyber criminals have no conscience. They do not care that you are running an online business simply to pay the bills and put food on the table. They are not impressed that as a small business, you are doing your part to stimulate employment in the economy.

All they want is what you have and will not stop until they get it.

How to Protect Your Website from Hacking Attacks

Small businesses provide a large ocean of opportunity for hackers to unleash their fiendish schemes.

Not having data protection and security measures in place is like having your store’s front door open while your safe is left unlocked and unattended.

Don’t make it easy for hackers to do their dirty work. It should be the responsibility of every business owner; small, medium or large scale, to choke out cyber crime by making sure they come away empty handed.

Here are 10 tips on how you can protect your website from being hacked:

1. Strengthen Your Network Security

Let’s start with the basic, fundamental rule of strengthening your network security. Clients can be lulled to complacency once we’ve updated their current network security programs and added a few more layers of protection.

What we remind them consistently is that hackers are always trying to stay ahead of security programs. There are a few things you can do on your own to secure your website:

  • Change your password from time to time and make sure you use strong ones.
  • Use password manager programs that randomly generate 20 alphanumeric characters. The password manager will tell you if you’ve already used a particular password.
  • Update your antivirus and anti-malware programs.
  • Make sure your firewalls are updated and always up.
  • Scan all devices attached to the network for malware.

Just because you have not been hacked does not mean it won’t happen to you. A little bit of paranoia goes a long, long way when you are trying to protect your website from malicious attacks.

2. Use Two- Factor Authentication

Two-Factor authentication works as a stop gap measure when someone tries to log unto a service from an unrecognized device.

What happens is that you will receive a text notification with a temporary password. If you receive this message, it means someone was trying to log into your website. Apple, Twitter, Google and Microsoft all have two-factor authentication installed in their network.

 3. Fortify Admin Access Control

It is every business owner’s worst nightmare to have their website admin level infiltrated by hackers. Your website will be at their mercy.

Again it all starts with the obvious access points. Make sure you use strong passwords and usernames. Instead of the usual default database prefix of “wp6_”, change it to something more difficult to guess.

Finally, limit the number login attempts within a specific time frame. Practice sound OPSEC or Operation Security measures by not sending login details via email. Remember email accounts are constantly being hacked.

4. Update Your Programs Regularly

It is standard procedure for software manufacturers to install an automatic update feature once it is available. When you receive notice that updates are ready for installation, do not delay. Update your program right away.

Every second that passes leaves your site vulnerable to attacks from hackers. Outdated programs are a favorite access point. The same goes for programs or plugins that are hardly used.

Hackers have voracious appetites; they will stop at nothing to get into your website. The most notorious hackers are known to scan thousands of websites in an hour. If one of them is able to find a breach in your program, you can be sure so will hundreds of hackers.

5. Use a Web Application Firewall

A Web Application Firewall or WAF is set up at a location between your website browser and data connection. It has the ability to read all bits of information that pass through it.

WAF can be software or hardware based although most of the modern versions are cloud-based. For a small monthly subscription fee, you can rest easy knowing full well you have security measures in place that regularly blocks all hacking attempts and filters out other unwanted sources of traffic such as spammers and malicious bots.

6. Set a Limit on File Uploads

Even if you work diligently to ensure the accuracy and precision of your network’s security system, the reality is, not all bugs can be captured. Some may get through and proceed to corrupt your website.

An option to consider is to prevent users direct access to files that have been uploaded.

Store the files outside the root directory. Your web host services provider can give you a script to access the files whenever you need them.

7. Get SSL Certificates

If you are running an e-commerce website, you must absolutely, 100% get SSL or Secure Sockets Layer certification.

SSL encrypts all data that are in transit. Without encryption, data can be intercepted by cyber criminals as it travels through servers and networks. SSL informs you the data came from a verified sender.

Having SSL certificates is also a great way to assure your customers that your website is safe. How do you know if the site has SSL authentication? Its URL address leads off with “https” instead of “http”.

You may even opt for the stronger EV SSL or Extended Validation Secure Sockets Layer with the URL green bar and SSL security seal.

You can read all about SSL certificates and its many benefits in our article, “SSL: What It Is and Why Your Business Needs It”.

8. Backup Files as Often as You Can

As the saying goes, “Even the best laid plans go awry.”

It’s great to have security measures in place but if the White House itself can get hacked, it is always best to assume the worst and have contingency plans ready.

One of the best backup plans is exactly that.

Backup files as often as you can. Every time someone saves a file it should backup automatically in other locations. It is not good to backup just once. You should do it as frequently as possible. Remember your hard drive can fail at any time.

9. Conduct Frequent PCI Scanning

E-commerce platforms should run quarterly Payment Card Industry or PCI scanning to reduce the risk of the site being hacked. All you need is to get the services of a PCI vendor to scan all the IP addresses the public has access to and which are related to your website’s transaction process.

Before acquiring any service, make sure that the company is an ASV or Approved Scanning Vendor.

10. Monitor Your Website Regularly

Did you know that you can install security cameras in your website the same way you would in a brick- and- mortar shop?

Online tools such as Woopra and Clicky allow you to observe how your visitors are behaving on your website in real time and can detect possible fraudulent or suspicious activity. You will receive alerts on your smartphone so you can act immediately and stop the hackers before they can infiltrate your website.

You should also find out from your web host service provider if it regularly monitors their servers for the presence of viruses and malware.

Conclusion

Without a comprehensive security plan in place and consistency in implementing courses of action, trying to stop the attacks of aggressive hackers would be like withstanding the full- borne fury of a tsunami with an umbrella. You’ll get wiped out.

As business owners, your time is best allocated to managing the tasks that improve your company’s bottom- line. The last thing you would want is to be concerned about your website’s security when you should be focusing on building up profits.

Our clients at Mountaintop understand this and have availed of our Extreme WordPress Care Plans.

27% of all websites run on the WordPress content management system. It is to be expected that many of our clients will prefer WordPress and will require regular maintenance for the websites to run efficiently and trouble-free.

By subscribing to our Extreme WordPress Care Plans, clients are assured of having their websites tracked and managed by expert, highly-experienced and proven professionals so they can go about the day-to-day activities of running their business.

We offer more ways to protect your website than just those listed in the article such as:

  • WordPress Core and Plugin Upgrades
  • Uptime and Security Monitoring
  • Priority Email Support
  • Preventive Maintenance Work
  • Detailed Monthly Maintenance Report
  • Daily Website Backups
  • Monthly Support Time
  • Scan and Fix Broken Links

The extent of the service will depend on the package you subscribe to. The monthly subscription fee is very reasonable and works as an insurance versus costly repairs that could adversely affect business earnings.

If you want to learn more about the real threats posed by hackers and other cyber criminals plus how our Extreme WordPress Care Plans work to secure your website, please feel free to give us a call or an email.