Hackers Feel Like Slivers in Your Derriere!

The following true story is courtesy of my youngest brother Luke. I feel a little guilty

When I was a young teenager, my brother’s friends would ‘toilet paper’ my yard. Little did they know the problems their playfulness caused. You see, my dad would make us gather it all up in brown paper bags, and he placed the bags in the bathrooms and removed all other TP until we finished with everything in the paper bags. This presented a very painful and unpleasant bathroom experience, because we had several evergreen bushes in our yard. No matter how hard we tried, we could never find and remove all the stickers, prickly leaves and thistles wedged in the TP.

hackers sliversFree toilet paper seemed like such a blessing to my dad, but it came with scrapes and bruises that have left a lifetime of unforgettable, miserable memories. Just like the toilet paper in this story, developers have designed an awesome website with all the bells and whistles, but have also left their websites susceptible to vulnerable holes that allow online hackers to easily ‘stick’ us with very unpleasant consequences – much more severe and lasting than a sliver in your rump.

Has your company been hacked?

Robert S. Mueller, III, former FBI director, made this now-famous statement a few years ago. “There are only two types of companies: Those that have been hacked and those that will be hacked.” But that was then, and this is now. In today’s online world, there are only two types of companies: Those that have been hacked and those that don’t know they have been hacked.

If Target, Sony, Yahoo, eBay, Sonic, Whole Foods, Equifax and thousands of other businesses would have been receiving regular security scanning services from an approved scanning vendor (ASV) certified by the Payment Card Industry (PCI) Security Standards Council and making the suggested improvements, our personal information may have been cyber safe. Instead, the world is in a panic, and the compromised companies are spending millions to try and redeem themselves. But, the hard reality is that you and I will think twice before using any of these services again.

Cybersecurity is a serious issue that affects all of us. We can no longer sit around thinking, “I won’t get hacked; that only happens to other people.” The reality is that no business is immune to online hackers’ criminal tactics. In fact, more than 30,000 websites get hacked into every single day.

Cyber-criminals use bots that they’ve created to search for online businesses that have holes and vulnerabilities they can easily exploit. Malicious bots can potentially run all night, and then when the hackers open their computers the next day the bots have found numerous vulnerable websites, servers, networks and/or POS credit card terminals to steal personal identifiable information and credit card data from.

Regardless of what kind of online business you have, your website is not safe from the outstretched hands of cyber-criminals. You should do all you can to keep your business and customers cyber safe. Act now by scanning your website, network and/or POS terminal for vulnerabilities and immediately repairing security holes found.

Trust-Guard-Seal-300x74Finally, if you are doing everything you can to protect your online business, clients, partners, online-shoppers and POS terminals, then you should NOT keep that a secret; shout it loud and clear. It should be a priority to let all your consumers and associates know that you are cyber safe. The best way to do this is by placing a trust seal by your checkout page to show the world that you are doing everything you can to stay cyber safe.

A trust seal is an easy, cost-effective solution for business owners who want to create trust between themselves and online shoppers. Third-party verification can go a long way for those who want the ease of the internet but are cautious and don’t want to be victims of fraud, theft or bad business practices. A seal takes the gamble out of online shopping, which statistically is why it significantly increases sales conversion. It’s an affordable win-win solution.

In conclusion, be caught on the news as being the ‘next’ victim that’s been hacked. Take action now. Find an ASV of the PCI Security Standards Council to routinely scan your network, website and/or POS credit card reader. Make sure that any vulnerability holes are fixed. Then let everyone know you are cyber safe by posting a trust seal for everyone to see.

Good luck at getting cyber-safe. I am an optimist by nature and I believe there is still much good in the world and plenty of good to be achieved.


Special thanks to Luke’s article found here: https://staysafeonline.org/blog/online-hackers-worse-sliver-rump/

 

Website Security Threats and Solutions

What is website security? Is it really important? Well, if you are a business owner and you have a website or you are responsible for managing or maintaining your company’s websites, then it is definitely important that you know website security threats and solutions.

Not all IT people know everything about securing a website. Just like not all doctors know how to cure every sickness. Believe it or not, when you go to school to study programming, computer engineering, or web development, you’ll find that there’s not much in the curriculum that would tell you how to create secure codes. You are simply taught to create a code that will run a software and later in life, as you experience failures in your newly developed software, you begin to think of a solution. You then create another software or a code to combat the weak link in your existing software.

Website Security Threats and Solutions
In other words, no one is truly secure online until someone finds a 
security tool or creates a new code better than the previous one.

For beginners, learning about web security may look like an intimidating feat because of the technical verbiage and profound coding involved. But once you get an understanding of its importance and why you need to know at least the basics, you’ll love every jargon!

So what are the problems of ignoring website security threats?

  • It can put your business or personal information at risk.
  • It can jeopardize your customers’ computers if you are running an e-commerce website or your readers’ if you are running a blog. This is because viruses and malware follow loopholes in the system. They see one, they get in, then move to the next, and so forth, infecting every computer they get into until someone finally figures out something is wrong and finds a solution for it.

Where do you start?

  1.   Always make sure your website’s software is up to date.
  2.   As much as possible, do not allow uploading of files to your website as this can be a total security risk.
  3.   Use an HTTPS protocol instead of just HTTP (SSL certificates).
  4.   Use web security tools like Trust Guard’s security scanning services to check for holes used by hackers.

 

Jonna LindawanArticle written by Jonna Lindawan
Jonna is a startup VA business owner who loves helping her clients grow their businesses through her skills in writing, customer service, research, data entry, transcription, social media management, and admin support. Visit her website here.

Online Payment Security Options

Special thanks to a friend for sharing an article about online payment security options from fitsmallbusiness.com. You can read it here.

One of the initial points of the article was discussing the differences in security needed based on whether or not you used a hosted or self-hosted checkout page. The most important reason for this is to know who is responsible for scanning the site for security holes – you or the company hosting the checkout process. Here is a snippet from the article my friend shared with me:

Online payment security starts with a secure checkout. That means the order checkout forms that collect customer data are hosted securely, data is properly encrypted during transmission, and any stored payment information is protected.

There are two types of online checkouts that you can use: A self-hosted checkout or a hosted checkout.

online website securityWhat is a Self-hosted Checkout?

A self-hosted checkout collects and transmits customer payment data on your store’s servers. This puts the security risk on you and makes you responsible for managing secure data connection, transmission, and storage systems Even if you use a top e-commerce platform, you can be responsible for handling security. Not all e-commerce platforms ensure secure checkouts with every payment processor.

What is a Hosted Checkout?

With a hosted checkout, sensitive payment data is entered directly into your secure payment provider’s system via a secure, encrypted connection called SSL (secure sockets layer authentication). Simply put, sensitive data never touches your store’s servers. In some cases your e-commerce platform ensures this, in others, your payment provider makes it happen. Either way, using a hosted checkout takes the bulk of e-commerce security risks off your shoulders.

This is one reason why hosted checkout providers like Square, Paypal, and Stripe are so popular.

How do You Choose?

Wondering why anyone would choose a self-hosted checkout over a secure hosted checkout? That’s a good question. For most small online sellers, a hosted checkout delivers everything needed to process payments in a tidy, secure package. But for others, factors such as checkout customization and lower credit card processing costs can come into play. In these cases, the flexibility that self-hosted checkouts offer can be worth the security headaches.

However, even if your checkout pages are hosted, it’s always a good idea to scan and secure your website from vulnerabilities accessible by hackers. Trust Guard provides trust seals and security scanning to help you protect your site and keep it safe.

Five Ways to Combat Cyber Crime

Like most theft, cyber crime tends to follow the path of least resistance.  For paid security monitoring for your website, contact Trust Guard. They’ll help you combat cyber crime by scanning your website for more than 75,500 known vulnerabilities used by hackers to really screw things up.

Here are five online hygiene tips anyone can follow, for free, to make life harder for people looking for an easy way to steal your personal or financial information – whether you’re a business owner or not.

Combat Cyber Crime1. Use multifactor authentication. This includes entering a password plus a code or a question that only you know. Google’s authenticator app is a quick download and works easily with many services including Amazon and Gmail. It’s worth checking to see if there’s a multifactor option every time a website asks you to fill out bank account or credit card information.

2. Don’t share passwords across websites. Almost everyone shares at least a couple of passwords. Don’t. There are plenty of inexpensive password manager phone apps that can help you with this, notably the open-source Password Safe and LastPass.com.

3. Refuse to give up information whenever you can. Best Buy doesn’t need your phone number. The more information you part with, the more can be used against you if the retailer is hacked. Ron Swanson from Parks and Rec didn’t have it right all of the time, but staying off the grid as much as possible is always a good idea.

4. Check your bank balance regularly. Thieves often try for a small purchase to see if the card works before they go shopping; in particular, look for easy-to-resell items like gift cards and credits on online marketplaces. When it comes to financial accounts, you also want to change the passwords to those accounts every three months at a minimum.

5. Close down services that you don’t use anymore. Do you still have a Steam account from that one time you bought a PC game all your friends were talking about? Are you sure? Is it linked to a credit card you still use? These are the easiest ways for hackers to steal in bulk, and the one-off purchase you make on impulse is probably the one you’ll unthinkingly reuse your old password on, too. For these types of purchases, it’s a good idea to get a pay-as-you-go debit card that you load from another card with only the amount you need to make the one-off purchase.

Everyone can and should do their small part to keep their personally identifiable information safe and protected. These five tips should help.


Special thanks to The Guardian for supplying much of the information found in this article.

Gambling with Your Website’s Security

Let’s face it. We love gambling. There is a thrill in risk taking that isn’t found anywhere else. The anticipation of possibly guessing right gives us an emotional high. The possibility of failure outweighs the possibility for success. Many entrepreneurs and their investors have made millions on just such gambles while others have lost almost everything.

Some gambles are meaningless, others are life-changing. Gambling $50 to bet that our favorite team will win the Superbowl isn’t a big deal. If they don’t win, we’re often more upset at the loss of the game than we are at the loss of the $50. However, when we win big games like that, even though monetarily we may have only doubled our risk, we feel like millionaires as we celebrate our winnings.

Gambling with Online Website Security

But how many of us, as online business owners, knowingly or unknowingly, risk opening up our websites up to hackers? We gamble that out of the 30,000 websites that are destroyed or debilitated every day, for some reason, hackers will continue to leave us alone – even though we’ve done nothing to keep them out.

There is an online service that monitors for more than 75,500 vulnerabilities used by hackers to make a mess of online businesses. During the monitoring process, if any vulnerabilities are found, the company sends a report to the business owner with instructions on how to fix the issue. Once fixed, the website is safe from unfriendly visitors trying to ruin the lives of business owners and their online visitors.

Trust Guard, the leader in websites security, runs security scans for thousands of websites for owners from all over the world. These business owners don’t gamble when it comes to their website’s security. They understand the risks associated with malware, trojans, and viruses that hackers can leave. They have spent too much and effort to risk losing it all to a hacker. They don’t want to face the economic, legal and/or reputational consequences that would come if their website were hacked.

The truth is, however, that there are still hundreds of thousands of website owners that are still gambling unnecessarily with their website’s security. Are you one of them? If you are, you have two choices: Continue to trust your luck or ask Trust Guard to scan your website on a daily basis against online security threats.

 

 

 

Playing Russian Roulette with Hackers

Business owners who never scan their websites for security vulnerabilities are playing Russian Roulette with hackers.

Russian Roulette is the practice of loading a bullet into one chamber of a revolver, spinning the cylinder and then pulling the trigger while pointing the gun at one’s own head. There is a one in six chance that the bullet will kill you. It’s an activity that is potentially very dangerous.

 

Russian Roulette

 

There are people out there that love to take risks. They go climb cliffs, swim in oceans, and walk into dance clubs leaving very little to the imagination. Hobbies aside, some people take unnecessary risks with their online businesses. More than 30,000 websites of all shapes and sizes fall prey to hackers every single day, holidays included. But for some unexplainable reason, there are those who believe that, although they have done nothing to protect themselves from viruses and malware, getting hacked could never happen to them.

 

Truth is, there are about the same odds in getting hacked as there are in playing Russian Roulette. And the same is true for both games: the longer you play, the ‘better’ the chances of ending the life of your body or business. If you have been in business for more than five years without ever running a security scan, consider yourself a very lucky person.

 

Security scans, like those performed by Trust Guard and their partners, can check for over 75,500 vulnerabilities used by hackers to make a total mess – just like Russian Roulette would make a total mess of your face. More than 85% of all websites they scan fail their first scan – which demonstrates the overall need for additional and consistent scanning.

 

If you haven’t scanned your website, contact Trust Guard and use this 50% off discount code: STO50. They have a money back guarantee. They’ll also give you a trust seal. It’s a little image that you display on your site to show website’s visitors that you’re not a risk-taker when it comes to their online safety. When they see the seal, it gives them peace of mind, so more of them buy from you.

 

So stop taking unnecessary risks. Sign up for security scans from Trust Guard.

The Basics of Online Website Security

Website security is the cornerstone of a successful online business.

Why? It’s simple: people only want to give their money and their business to companies and organizations that they can trust. If a retailer has a website that doesn’t feel secure to the visitor, nothing else matters. The online consumer will go elsewhere to fulfill his or her needs. Here are some basic online website security practices that all e-commerce business owners should employ to make sure that their website is a secure, successful online destination.

SSL Certificate

Hypertext Transfer Protocol with Secure Sockets Layer (SSL), or HTTPS, is a protocol to transfer data over the web that should be used instead of HTTP on all pages where data is created. Once again, the issue here is all about encryption. With HTTP, information is not encrypted — instead, it is sent as plain text, which means that anyone can intercept it and read what has been sent.

Further, many customers know about this insecurity and tend to avoid e-commerce websites that only use HTTP. This means that keeping HTTP could hurt a retailer’s security and their business over time. HTTPS should at least be used on pages that collect and store data so that site visitors customers can feel secure sending their information.

The SSL Certificate works to ensure that the sensitive information that is sent over the internet is encrypted and secure. When retailers or site visitors send information or data over the internet, it gets passed through multiple computers before reaching its destination server. At any point during this chain, it could get stolen if it is not encrypted with an SSL Certificate.

How does the certificate work? It essentially makes all sensitive information —which includes passwords, credit card information, and usernames — unreadable for everyone except the destination server, thereby protecting all communication from eavesdropping and theft.

Some people think that obtaining an SSL certificate essentially verifies an entity’s credentials, certifying that they are who they say they are and that their site is safe to visit. But this is not true. third-party security verification teams, like Trust Guard, can verify a company’s business identity for consumers, leaving a trust seal on the merchant’s website to confirm their identity.

 

online website security

PCI Compliance

The PCI Security Standards Council is a global group — whose founding members include American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. — formed to develop, enhance and maintain security standards for payment account security.

Together, the members of this group came up with a set of security requirements, known as the Payment Card Industry Data Security Standard (PCI DSS) that all merchants or organizations that process, store, or transmit credit card information must adhere to. These guidelines ensure that all stored credit card data is protected and that sensitive information is secure throughout the transaction process.

Staying PCI Compliant and ensuring that all stored credit card data is protected greatly reduces the risk of this sensitive information being stolen. Keeping this data secure is extremely important for all online retailers If cardholder data is stolen, their credit can be negatively affected and they could lose credibility, money, and even their business. Scanning your site periodically for potential vulnerabilities will apprise business owners of website security holes that they can then fix before hackers have a chance to mess things up.

DoS and DDOS protection

During both denial-of-service (DoS) and distributed denial of service (DDoS) attacks, hackers attempt to block legitimate users from accessing information or services by flooding a network with requests, thereby overwhelming the bandwidth of the targeted system and preventing legitimate requests from coming through. While both attacks work in the same way, the key difference is that a DoS attacker usually uses a single computer and internet connection, while a DDoS attacker uses multiple connected devices, making the flood of information that much larger harder to deflect.

Daily monitoring of security vulnerabilities, as well as setting up effective, well-configured firewalls can prevent this attack traffic from reaching your computer.

Use a Firewall

As the name suggests, a firewall is a hardware or software system that essentially works as a wall or gateway between two or more networks, permitting authorized traffic and blocking unauthorized or potentially malicious traffic from accessing a network or system. Like an actual wall.

It essentially protects what is inside a network from the outside — a.k.a from other networks or from threats on the internet like backdoor and DDoS attacks. Since e-commerce websites have a lot of inbound traffic, they need firewalls to protect themselves against malicious entry. There are many different kinds of firewalls, but two very effective firewalls for online retailers are application gateways and proxy firewalls. Both function as intermediary programs between two or more networks, meaning that incoming traffic has no direct connection or access to a retailer’s network.

Application Gateways
With an application gateway in place, there are two lines of communication: one between your computer and the proxy and one between the proxy and the destination computer or network. It’s essentially a checkpoint at which all network information has to stop. By serving as this middle point, application gateways help hide and protect your network. They only letting in traffic – or packets – that have been authorized.

Proxy Firewalls
Proxy firewalls are among the most secure. Why? Like the application gateway, the proxy serves as an intermediary connection. However, they take it one step further. Instead of your network connection going all the way through, a new network connection is started at the proxy firewall. This means that there is no direct connection between systems at all, which makes it even harder for attackers to discover your network and get in.

It is important to note that, for a firewall to be effective, it has to be properly configured. What does this mean? Well, firewalls don’t automatically know which traffic is malicious — they need to be programmed with this information. By staying on top of all these website security measures, online retailers can effectively build their customers’ trust and their own company’s reputability, taking the first steps to ensuring that they have a successful, long-lasting online presence.

 

Special thanks to Hubspot for their article on the subject of online website security.

Security Risks and How to Fix Them

security risksThe best way to protect your e-commerce business is with a comprehensive protection plan against security risks.

But knowing the security risks to your site and how to fix them will help save you time and money, not to mention the chance of any mistrust from your customers. Here are four different risks that can make you a target for hackers. And, how to fix them.

Weak passwords – A strong password is one of the first lines of defense against hackers. Many website owners use the same password for multiple sites. This leaves customer data vulnerable to hacking. What should you do? Experts recommend using a password that is at least eight characters long and a combination of capital letters and symbols. It’s even better if you pick a password that isn’t a real word.

Phishing – Phishing can come in the form of legitimate looking emails with an attachment or links to a virus, malware, or spyware. Phishing attacks are rising each year. What should you do? Don’t ever click on a link without knowing what it is first. Copy and paste the link to a URL rather than clicking on it. Keep your operating system and software up to date.

Untrained staff – Even if you have an excellent internet security plan unless your employees have been trained on how to not let in hackers, it won’t do any good. What should you do? Train employees on how to create strong passwords and how to back up their work. Make sure they understand not to click on suspicious links and attachments in emails.

Social engineering – This is one of the latest tactics that hackers use and it is on the rise. This is when hackers try to get the information directly from you instead of trying to hack into software. They may try to get you to install malicious software or use you to gain access to unauthorized locations. What should you do? Be cautious about what personal information you reveal online. Beware of hackers posing as IT specialists and asking for sensitive data or passwords.

4 Security Risks To Your Ecommerce Site and How To Fix Them|Epic Ecommerce