Protecting Your Email, Website and Social Media
Everyone knows somebody who has been hacked and maybe even you too have experienced a compromise of your online security. When identity theft results it can lead to damages that could take months, or even years, to remedy. If you have a website, your risk of exposing others to hacking is something to take very seriously as it can having lasting effects on your brand, reputation and bottom line.
Most people know the basics, but there are new things to consider for implementing online security best practices. Web technology is constantly changing and so are the strategies hackers and criminals use to exploit it. Understanding these concepts is your best defense, and as new threats emerge Sarit + State will help keep you informed and secure.
Expanding on The Basics:
- Strong Passwords Duh! One of the best measures you can take is to use strong passwords that contain special characters, upper and lower case letters, and numbers. Ten characters in a password should be a minimum and 16+ is ideal. Passwords should be changed every year and especially if there was a compromise on any of your accounts. Not using the same password for every account is advised and having exceptionally strong passwords for your most important accounts is important.
- Avoid Open or Public Wifi Connections. It is easy for hackers to hijack your online sessions if you are on an open or public wifi (Think coffee shops, airports, restaurants). Under no circumstances should you ever use one of these wifi connections, it may even be a hacker’s fake hotspot representing itself as that coffee shop or airport!
- My Browser Says This Website Is Not Secure. Modern web browsers are really into letting you know if a site is secure or not. This is a good and bad thing as explained in this article by online security company Wordfence, click to read ‘Secure’ in Chrome Browser Does Not Mean ‘Safe.. Most content on the web is not secure and that is totally normal. You will see “http:” instead of the secure “https:” in the URL. You should ALWAYS use a secure connection when transmitting personal information including online transactions, however do not fear the ‘not secure’ warning for normal browsing. Criminals have the ability to setup websites using SSL certificates that appear secure to your browser even though they are most definitely NOT safe. Always pay attention to the URL in the address bar to be sure you are on a trusted site’s true URL as many people can get fooled by fake websites pretending to be legitimate ones.
- Phishing Emails are Getting Sophisticated. Criminals have the ability to send emails disguised as people or companies which can appear authentic, sometimes even spoofing the real email address of someone you know. Use common sense when opening emails, attachments and clicking links in emails that seem suspicions. Pick up the phone and call the sender when in doubt. Phishing is the hacker’s most effective tool, therefore the strategies they use evolve quickly to exploit human error. The single weakest point of any online security system is people. Be diligent in keeping up with the latest phishing scams to avoid falling victim to one.
- Beware of SPAM Email Unsubscribe Links!!! So you are getting SPAM emails from all sorts of newsletters, companies and organizations you have never signed up for or even heard of. You should always mark these incoming unsolicited emails as SPAM, JUNK, or just DELETE them and NEVER allow a read receipt to be sent. IF YOU NEVER SIGNED UP DO NOT UNSUBSCRIBE! The sender will sometimes even put the unsubscribe option at the top of the email hoping you will click it and verify that a real person is the recipient of the email. Most of the time there is no real business, newsletter or organization and it is just trying to validate your email address so it can be sold to other spammers and online criminals making the problem 100 times worse. The best defense against SPAM is good Anti-Spam software on your email server and email client.
- Telephone Scams. This is not necessarily an online threat but it is always best to just hangup on telemarketers and know that banks and government agencies will never ask you for personal information over the phone. Never talk to the caller because they could be recording your voice which could be used in stealing your identity, always just hangup or let unknown calls go to voicemail.
Securing Your Website:
- Your Hosting Matters. Not all hosting is the same by any measure and many consumers focus on cost while security and performance is overlooked. Most hosing plans are ‘Shared Hosting’ and expose you to many risks beyond your control. Your email addresses and website could get blacklisted and/or hacked without you doing anything wrong at all. Sarit + State provides our clients with individual Cpanel hosting accounts on our VPS (Virtual Private Server). Our hosting clients have the benefit of being isolated from potentially bad hosting neighbors keeping your email and website far more secure.
- Secure Website and Email. Be sure that your email client and server communicate using a secure connection (SSL). Some hosting providers do not offer this option and are putting their customers at risk of having communications intercepted. It is also important to use a secure connection when logging into your website and doing administrative tasks. This can be accomplished with a self-signing SSL certificate in place, and not all hosting providers offer this option either. If you have an E-commerce website that accepts transactions on your website you also are required to have a 3rd party SSL certificate in place. Sarit +State offers our hosting clients free self-signing SSL certificates for their websites and can setup affordable 3rd party SSL certificates for our E-commerce clients. All of our hosting clients can take advantage of Sarit + State’s 3rd party SSL certificate for their email connections keeping your communications private and secure.
- Daily Backups. Many hosting providers put it on the client to make backups of your account (this includes your settings, website files, databases, and email). Most people do not have time to perform manual daily backups of their hosting accounts. Other hosting providers only do a daily backup, so if there is an issue you can only restore your account to the day before, which is not helpful if you were hacked a week ago. Bottom line is you should have multiple trailing backups of your online account in the event of a hack or server failure. Sarit + State does a daily backup and retains 30 trailing days of backups for all of our hosting accounts. Our backups are stored in the secure Amazon cloud with redundancy across multiple data centers and 99.999999999% durability. So if something goes wrong and you don’t catch it for a week or two we can go back up to one month to recover your account information.
- Regular Website Maintenance. Websites require regular maintenance just like your car does. The amount of web maintenance, like with a car, depends on how much use it gets. The more users, features and traffic your site has, the more maintenance it requires to keep running smoothly. There can be many software packages running in the background of your website and these need to be kept up to date to protect you from hackers and keep up with ever changing browser and smartphone compatibility. Simple websites should have maintenance service four times a year and more active websites should be maintained on a monthly basis. Sarit + State offers affordable regular maintenance for our clients to keep their websites up to date and secure.
Implementing these best practices is far easier than dealing with a compromise of your online security. We recommend doing a cyber security self-audit once a year and check back with us regularly to stay informed about emerging threats. Sarit + State Creative Studio offers some of the more secure hosting available today with personalized service at a great value. If you are a current customer or interested in learning more about our services and hosting please contact us today.