Servertastic

UK £ US $ Euro

Cyber security when working from home – stay safe online

Working from home

The current Coronavirus pandemic means the majority of the UK, and the world, could be entering a prolonged period of social distancing. For those able to do so that means working from home. But what about the cyber security impact of working from home? Is it intrinsically less safe?

The world is highly connected, and thankfully technology makes it much easier to transition to the "home office". However, our homes are often a much more relaxed place. We feel safe in our homes which can lead to complacency and a drop in cyber security standards.

As experts in cyber security, here’s our advice about the most important things you can do to make working from home as secure as possible.

Secure your home Wi-Fi

Routers are targets for hacking, but there are some simple steps you can take to secure yours. Make sure your network is using WPA2 or WPA3 for wireless encryption. If it is using WEP or WPA the network is open to hacking. To check this you need to log in to your router. This is usually done via your browser and isn’t as technical as it sounds. Check your router’s manual or ISP help pages for how to log in to your particular type of router.

If WPA2 or WPA3 are not available you must upgrade your Wi-Fi router as soon as possible. Your internet service provider (ISP) may provide an updated version at no cost. Any router provided in the last two years should be using WPA2 or WPA3 encryption by default.

Really you need a separate network for your work and personal devices as things like TVs and internet-enabled thermostats can be less secure and more prone to hacking. 

To do this you will need two routers. It can be complex to configure such a set-up securely. The simpler alternative is to use a VPN.

Set-up a VPN

A VPN is a "Virtual Private Network". This effectively creates a secure encrypted tunnel between your device, be that a phone, a tablet, a computer or laptop, and the internet. It can prevent anything on your home network from being able to intercept or read communications from your work device. Your employer may provide a VPN to securely connect to the office network. But for smaller businesses and individuals, setting up a VPN can seem complex or difficult.

To simplify this, Servertastic has partnered with NordVPN. With the installation of a simple program on your phone, tablet and/or computer you can enable a VPN connection with a simple click. There is a small cost which we have currently discounted by 70%. If you pay for three years in advance it works out at less than £3.00 per month for one person and you can add it to up to six devices. Click here for more information. You can also contact us if you have a VPN query.

Tidy desk policy

I am going to confess my desk is often not the tidiest. However, working from home significantly increases the risk of leaving confidential or sensitive materials on your desk. 

We all still have to comply with GDPR legislation. Handwritten notes may contain personal information of customers or suppliers. Letters you open and leave on your desk could be used to build a profile of you and create an opportunity to steal your data.. Information could be easily misplaced or accidentally lost. Consider having a lockable drawer or filing cabinet to keep paper records secure and shred your paperwork as soon as it is not needed.

Consider using apps like ScanBot, HubDoc and ReceiptBank to quickly scan paperwork and then immediately dispose of it.

Window spying

If you’re working from home you may want to position yourself somewhere with a nice view. Or you might simply just cram yourself into a corner where you can fit. Make sure it is not possible to see your device screen from outside or from perhaps a neighbour’s upstairs window. You might think the chances of your neighbours spying on you are remote, but it’s better to remove the risk than suffer as a result of it later.

Keep work and personal devices separate 

Keep your work device – tablet , laptop or computer – as solely your work device. Do not share it with other family members. It may be tempting to let one of the younger ones play online games, but they can easily introduce vulnerabilities without realising. You don’t want to admit to your boss that you can no longer work from home because your laptop got a virus from Roblox. Or worse, have your IT team point that out once they’ve fixed it.

Enable your auto lock screen

Make sure you set your screen to auto-lock. This should be as short as you find you can practically manage but never any longer than five minutes. This means if you accidentally wander away from your desk and leave your laptop open it will lock the screen after a period of inactivity. Get into the habit of manually locking your screen when you walk away too. This is just as pertinent in the office as at home. The auto-lock is just a back-up for this habit.

Communicate securely

To save ending up with a bulging inbox you are likely to want to chat with other members of the team or customers/suppliers via messaging platforms. Consider using end-to-end encrypted messaging services such as Telegram, WhatsApp, Signal, Slack, or Microsoft Teams.

Facebook Messenger is NOT encrypted by default and could leave your messages open to being read.

Better still, use the phone or video call. You can do this through Zoom, Skype, Teams or WhatsApp. It’s a bit of social contact as well as a way to get work done. We all still need to stay in touch, but ensuring our communications are secure is still important.

If you have any queries about working from home securely, speak to us today and find out how we can help.

Preventing Ransomware

preventing ransomware

Image by Tumisu from Pixabay 

Ransomware is a growing concern for many businesses. According to Europol research, ransomware was the biggest cyber threat in 2018. In 2017 the now infamous WannaCry and NotPetya attacks affected around 300,000 victims worldwide.

Ransomware encrypts all of the files on your system and holds them to ransom. The attackers will demand a payment, usually in bitcoins, in exchange for the key to decrypt your files. Ransomware also comes with the risk that the data affected will be leaked online.

Why You Shouldn’t Pay Ransomware Demands

If you become victim of ransomware and are desperate to get your data back, it can be tempting just to give into their demands. However, this is usually a bad idea.

There’s no guarantee that you’ll get your files back. The attackers are under no obligation to uphold their end of the bargain. Even if the attacker does give you the decryption key, they're not likely to care or offer help solving the problem.

You may be targeted for future attacks. If the attacker believes your business will easily give into their demands, then they may attempt to double dip. You may become the target of other types of attack, or other cyber crime groups may target your business.

Decryptors that can reverse some strains of ransomware are available.

As with all cyber security matters, prevention is better than remediation. Fortunately, there are many tools and techniques you can access to protect your business.

Backups

The most important step you can take to protect your business from ransomware is to put in place a plan for backing up your data. Backing up data protects your business from data loss, and prevents such incidents from leaving you unable to operate. You can use the backups to to perform a wipe and restore of your system, removing the ransomware without paying.

Online backups are the easiest and most accessible option for most businesses. These can back up your data automatically on a regular schedule, and they make restoring data faster and easier than other methods.

Fully featured backup services, such as CodeGuard, also allow you manage your backups and track changes made. With this you can ensure that no one is tampering with your backups.

Physical backups, using portable hard drives or USB sticks, are also effectively. However, these need to be updated manually.

Keeping backups in multiple formats is the ideal, with both cloud and physical storage.

Phishing Detection

Phishing, usually executed through emails, is the most common vector for malware attacks, including ransomware. There are common signs that can give away a fake email, including poor spelling and grammar, suspiciously long links hidden behind anchor texts.

Educating your employees on how to spot fraudulent emails can cut the risk of cyber attacks significantly.

Our CybSafe and Cyber Essentials packages can give your business the tools needed to stay informed.

Patch and Update

Outdated technology and legacy software are vulnerable to exploitation from ransomware and other cyber attacks. Make sure that you use technology that is supported by its creator and regularly updated.

It can be difficult to keep track of what needs updating, especially if you’re using software with many plugins or extras.

Our Vulnerability Scans for example can look over your CMS are inform you if any plugins are out of date or susceptible to attack.

If you are vigilant and take the proper measures, you can prevent ransomware from infecting your system, or at least mitigate the worst damage.

How Servertastic Can Help You Maintain GDPR Compliance

GDPR compliance checklist

Failing to maintain GDPR compliance can land your business with severe penalties. But security breaches can happen to even the most cautious businesses. Nowadays it seems only a matter of time. Is punishment therefore inevitable?

Fortunately, your business can stay on the right side of the law even if you suffer an attack.

GDPR legally requires that you implement security measures that are appropriate to the risks presented by the data you're processing. This means you can avoid fines so long as you put measures in place and can demonstrate that you've made them. Besides complying with the law, these steps can build trust with your customers.

At Servertastic, we offer many services that help you maintain GDPR compliance.

HTTPS Encryption

The simplest step to improving your business’s security is enabling encryption. This means running your website over HTTPS instead of HTTP. This requires a valid SSL/TLS certificate.

When data is transmitted over HTTP, it’s done in plain text, which means that anyone hacking into the communication has access to the information. However, HTTPS scrambles the data in transmission, preventing hackers from reading it.

HTTPS is considered standard, and browsers like Google Chrome warn users against using sites without it. This should be seen as a minimum measure.

You can find out more about SSL certificates and a view a range of options.

Cyber Essentials

Putting in place basic technical controls, such as those established by Cyber Essentials, demonstrates your commitment to cyber security. It also educates your employees on how to identify cyber threats and protect themselves.

These controls include securing your internet connection and devices, controlling access to your data, and updating software. These controls prevent 80% of cyber threats to your business.

Our Cyber Essentials package gives you the advice to guarantee that your business becomes certified.

You can find out more about Cyber Essentials here. Our Cyber Essentials package also provides other security benefits alongside certification.

Regular Assessments

Cyber threats are constantly evolving and changing tactics. Protections add today can become outdated quickly. This means you can't just forget about security.

Regular vulnerability assessments can inform you when you are susceptible to new threats. They tell you when software needs updating, and discover loopholes in your system that could be exploited.

Regular testing shows that you take security and GDPR compliance seriously. It also keeps your business alert to the changing landscape of cyber security. However, these tests are only valuable if you act on them and make the necessary changes.

Our Cyber Security package makes the task of assessing vulnerabilities easier. We perform scans each month and compile digestible reports, helping you understand where security improvements can be made.

You can find more details on our Cyber Security package here.

Making your business GDPR compliant is not optional. But our services can reduce the headache of playing catch up and keep your business on track.

Introduction to Sextortion Emails

Man viewing sextortion email

You look through your new emails and spot something with a severe warning in the subject. The content makes some worrying claims. They hacked into your webcam and filmed you watching porn. They also have your email contacts, and are threatening to send the footage to each one of them. Just to make the message even more convincing, they seem to know one of your passwords. Of course, you can spare yourself the humiliation by making a small payment in bitcoins.

And you only have twenty four hours to comply, or else.

This is the usual premise behind Sextortion emails, a scam which blackmails its victims into paying up to save face.

A typical threat may read something similar to this;

"I'm aware, XXXXXX is your password. You don't know me and you're probably thinking why you are getting this mail, right? 

Well, I actually placed a malware on the adult video clips (porno) web site and guess what, you visited this website to experience fun (you know what I mean). While you were watching video clips, your internet browser started out working as a RDP (Remote Desktop) with a key logger which gave me access to your display screen as well as web camera. Just after that, my software program gathered every one of your contacts from your Messenger, Facebook, and email. 

What did I do?

I made a double-screen video. First part shows the video you were watching (you have a nice taste omg), and 2nd part displays the recording of your webcam. 

Exactly what should you do? 

Well, I believe, $2900 is a fair price tag for our little secret. You'll make the payment by Bitcoin (if you do not know this, search "how to buy bitcoin" in Google). 

BTC Address: 1HpXtDRumKRhaFTXXXXXXXXXX 

(It is cAsE sensitive, so copy and paste it)

Important: 

You now have one day to make the payment. (I have a special pixel within this email message, and now I know that you have read this e mail). If I do not receive the BitCoins, I will definately send out your video recording to all of your contacts including close relatives, co-workers, and many others. Nevertheless, if I receive the payment, I'll destroy the video immidiately. If you need evidence, reply with "Yes!" and I will send your video to your 10 friends. It is a non-negotiable offer, therefore do not waste my time and yours by responding to this message."

So am I in Danger?

The good news is that these emails are bluffing. They likely haven’t been watching you. The passwords, or any other information they have on you, was likely acquired from a data breach from another website.

Sextortion is a good example of how cyber criminals will create a sense of urgency to bypass the victims critical thinking. The thought that a malicious party has damning footage of you may scare you into acting quickly to save yourself.

When you’re scared, you don’t think straight, and are more susceptible to believing the scammer. The sprinkling of your password, or other data, adds a hint of legitimacy to their threats and could lead you to believing they actually know something.

The success of these scams relies on balancing the danger with the likelihood. The warning needs to be dire enough to inspire you to take action, but believable enough for you to not dismiss it immediately.

Other Sextortion style scams have attempted to push the boat out further, with more outlandish claims proving less successful. One such version even threatened the victim with a hired assassin, which proved too difficult to take seriously. On the other hand, since plenty of people watch porn, those threats will elicit more responses.

Understanding this is the key to see through a range of online scams, including phishing or tech support scams.

How do I Handle Sextortion Emails?

When handling Sextortion emails, don’t take any threats at face value. Like all suspicious emails, don’t click on any links or attachments that may have been included. These can be vectors for malware. You can simply delete the email.

If you spotted any of your passwords in the message, it’s worth taking precautions. Have I been Pwned can tell you if your email address has been compromised in any data breaches. The password section can inform you if the password was leaked. You should consider changing the password in either case.

If you have a habit of reusing passwords, then this needs remedying, since information leaked in breaches could be used to break into other accounts. Using a password manager can help you select better passwords and make each one different without needing you to remember all of them.

Fully featured email servers give you the option of creating filters to block potentially harmful messages. Since Sextortion messages often use similar language it’s easy to create a filter that will block the majority of them. This saves you the hassle of dealing with more scams.

Whatever you do, don't give these crooks a single penny.

Preventing BEC Attacks

BEC attacks

Photo by rawpixel on Unsplash

Business Email Compromise (BEC) attacks have increased by almost 500% over the previous year. They are the most common cyber threat to businesses today, and can result in losses to finances and reputation.

BECs are social engineering attacks made against employees of a business. The criminal attempts to impersonate a contact of the employee, whether that be a higher up in the business or an external supplier. Unlike regular phishing, where a criminal may send out many emails, BEC attacks tend to focus on one employee, who is groomed into trusting the attacker.

Once the victim has been deceived the attacker will request a transaction. The victim will believe it to be legitimate, but in fact the criminal is siphoning the money for themselves. In worse case scenarios the criminal might pull of multiple cons.

BEC attacks are also vectors for malware and ransomware attacks. These can be very damaging to a business.

How Can I Protect My Business From BEC Attacks?

The key to keeping your business secure is to educate your employees on the risks and how to keep safe. Employees should be taught how to spot and evade fraudulent emails. Up to date technology and procedures can also reduce the risks of BEC attacks.

Avoiding Opening Emails From Unknown Parties

The safest way to avoid risk is to not click the email in the first place. Employees should check the address of the sender carefully for any differences that might be a sign of a spoofed address. This could include "l" with "1" or a subtle misspelling that could easily be overlooked.

Check Links

Links in emails can be disguised using anchor text. You can reveal the true destination by hovering over the link. A box next to the cursor or in the bottom corner of the browser will display the real address the link leads to. Investigate these carefully. Fraudulent links may try to mimic a real address.

Avoid Attachments

Attachments are one of the most common methods criminals use to distribute malware. Unknown attachments must never be opened. Even attachments you are expecting should be scanned by up to date anti malware before being accepted.

Use a Company Domain

Using free web-based emails accounts for your business makes it easier for criminals to spoof your addresses. You should create a company domain and use it for your email accounts instead. Criminals may still try to mimic the address, but diligent employees will be able to spot the inconsistencies.

As well as protecting your business, customers are more likely to trust an email if it comes from a branded email address.

Verify Money Transfers

Creating a procedure for money and data transfers can prevent careless losses. Any transfers should be verified with another member of staff through face to face or telephone call, using previously established numbers. You should not rely on any contact methods suggested by the email, especially if they differ from the norm.

Consider What Information Your Are Putting Online

Cyber criminals can use the information you put online to enhance their facades. They use this data to build profiles of employees in preparation for grooming them as part of their phishing attempts. This can include names, addresses, job titles and descriptions.

Posting details about holidays can clue criminals to when key figures will be out of the office. This can present them with the best opportunities to attack. Keep the holiday photos for when you return.

Keeping social media accounts private can prevent criminals from trawling them for data.

Keep Anti-Malware Updated

Using the latest anti-virus and malware technology can catch harmful payloads often distributed by email. Malware is constantly evolving, so it is vital to regularly updated your software to keep up.

Email Authentication

Using email authentication, such as SPF, DKIM, and DMARC, can protect you from email spoofing.

Email authentication gives the sender a way of proving that an email comes from who it claims to be from. Without it, a criminal can more easily pretend to be someone from the company when sending out their fake emails.

Emails that fail the authentication process should end up in the spam folder or outright rejected. With DMARC you can even get reports whenever there has been an attempt at abusing your domain.

Not only does email authentication protect your employees, but it prevents criminals from scamming your customers, as messages that fail validation will be sent to the spam folder or rejected.

Keeping your emails secure takes time and effort, but is a necessary step in ensuring the safety of your business and its customers.

Recommended Services

Take a look at our DMARC management service and let us provide you with insight into the security of your email domain.

Increase the cyber resilience of your staff with our Cyber Security Training platform.

Guide to Safe Online Shopping for Christmas

As the holiday season fast approaches you will be on a race to do all your shopping in time. Online shopping makes the hassle of getting prepared for Christmas easier than ever before. No more shifting through shelves or waiting in queues. Now you can shop in the comfort of your own home. However, this comes at risk because the rising trend of cyber crime. Over the past years there has been a 45% increase of reported shopping fraud(1).

The huge number of shoppers, combined with Black Friday and Cyber Monday rushes, provide cyber criminals the perfect chance to set a scam into action on a wide range of people. They can harvest large amounts of personal information or credit card details from unsuspecting victims.

Fortunately, there are ways to keep yourself safe online and prevent any nasty surprises this Christmas. Here you can find the advice you need to keep your money and personal details safe when shopping online.

Shopping Safely

While you will be looking to find the best deals, you should be wary of crooks trying to lure you in. In 2016 there was an estimated £10 billion loss to individuals as a result of cyber fraud(2), and it is estimated that £16 million was lost due to shopping fraud at Christmas(3).

The most common items used in online fraud at Christmas include popular brands of clothing and makeup, as well as gadgets like iPhones and watches. The newer and more desirable an item is the easier it is for criminals to entice their victims with the promise of a huge discount.

When shopping online you can protect yourself from potential cons by keeping the following advice in mind:

Only purchase from websites with HTTPS in the address. Websites using regular HTTP cannot secure your personal or bank details. HTTPS will encrypt your details when you send them through the website, meaning hackers will not be able to read them. Most browsers, including Chrome and Firefox, will alert you if a website is not secured with a warning in the URL bar. A closed padlock symbol in the URL signifies the website is using HTTPS. Check before making a purchase.

not secure url bar

Example of Google Chrome's warning.

Make sure your computer has trusted antivirus software which is constantly updated. These tools can warn you if a website contains security threats. Over 360,000 new malware threats are detected each day(4), so keeping your antivirus updated is vital to staying on top.

If a deal looks too good to be true, it probably is. It is easy for criminals to create authentic looking product images and webpages to make their offers seem more legit. Apply some scepticism when faced with a dream offer. If a website is giving a bigger discount than every other outlet, especially on the latest products, then consider that all is not as it seems.

Buy from trusted retailers as much as possible. If you come across an unfamiliar site, then you should always do research before making any purchases. If you cannot find any information on the seller, then avoid them. When purchasing tickets, always buy them from official sources and not resellers.

Online auctions can net you some bargains, but you should exercise caution. Goods can arrive late or not at all, or the seller might not be truthful about the product they are offering.

Before placing a bid, you should inspect the item and its description carefully. You should also look up the seller’s history and the reviews of previous buyers. If the seller has little history or if people are leaving complaints, then it is best to avoid them.

One way of protecting yourself is to use secure payment methods, such as Paypal. Avoid paying by money transfers as these are not secure. Do not send any confidential or financial information to seller using email.

Avoid Phishing Scams

Phishing scams are ever present online, but extra care should be taken when Christmas shopping, because it is easy for scams to get mixed in with real messages. For example, you may receive emails claiming to be from Amazon, saying that you need to log into your account for whatever reason, with a link included in the email. If you have been making many purchases, then you can expect confirmation and shipping messages. It is easy for phishing emails to hide among the real messages, and you might be more susceptible to trusting them.

Phishing scams prey on your fears to you act without thinking. At Christmas time this might include an important gift getting lost in delivery, or that your account has been compromised.

Phishing scams can be avoided by applying some common sense rules when dealing with emails:

Avoid visiting websites via emailed links as these can be lead to spoofed webpages designed to steal your login details. Instead, visit the actual website from your URL bar or bookmarks to ensure you land on the real site. If your are seriously curious about the message, you can check the links by hovering over them without clicking. A box will appear next to your cursor or in the corner of the browser displaying the true URL address. Do not trust what the link says in the email as these can be faked. For example, an email may claim to link to amazon.com, but hovering over it reveals a seemly unrelated, misspelt, or nonsensical URL.

Check the spelling and grammar of the emails. Any mistakes are a certain sign of fraud. Also beware of vague language. For example, if a message addresses you impersonally, then it is likely a spam email sent out to millions.

Do not interact with any attachments included within the email. These can contain malware that can infect your computer. It can take as much as just clicking on the attachment to become infected.

Some online retailers, such as Amazon, offer package tracking which you can use to view the progress delivery. These should be used over trusting an email warning.

Another common form of phishing is through SMS messages, or smishing. These messages will request you visit a link or calling back on a premium number. The same kind of precautions can protect you. Do not call the numbers or follow the links. If you think the message could be real then visit the website directly and check. Do not trust unsolicited messages in general, even if they appear to come from an official source at first glance.

Browser Plugins and Phone Apps

Browser plugins can potentially be used to find discounts on products online. These plugins inform you of other better prices online whenever you are looking at a product. However, these plugins can also contain unexpected features, such as tracking your movement online.

When looking for plugins, only install them from the official web store of whatever device or browser you are using. Do not download from third party sites. Never follow a pop up advertising a plugin, even if it is advertising what looks like an official plugin. If a website is trying to force you into downloading a plugin then leave immediately.

Plugins and extensions will often ask you to grant them permissions. It is a good idea to check what these permissions are before installing to make sure they are in line with the services the extension claims to offer. If you see anything unusual or unnecessary, then consider avoiding the extension.

By keeping these precautions in mind, you can avoid getting scammed this Christmas and help ensure everything runs smoothly during the festive season.

Refs

1.https://www.moneywise.co.uk/news/2017-12-05/scam-watch-christmas-shopping-fraud-rises-quarter

2.https://www.nao.org.uk/wp-content/uploads/2017/06/Online-Fraud.pdf

3.https://www.bbc.co.uk/news/uk-42085557

4.https://www.infosecurity-magazine.com/news/360k-new-malware-samples-every-day/

Comodo CA Rebrands as Sectigo

From the first of November Comodo CA will officially be rebranding as Sectigo. The goal of these changes is to emphasise their expansion beyond simply offering SSL certificates into a full blown web security services. They are also intended to distinguish them from Comodo cyber security and reduce market confusion. These changes come with a brand new website and imagery.

Many of their products will also be changing their names in line this rebranding. For example, ComodoSSL will become SectigoSSL. There will also be a new trust seal featuring the Sectigo logo.

Sectigo trust seal

The good news for customers is that nothing about their service will change for the worse. Any certificates bought under Comodo CA will still be valid and will not require any changes. Their prices will not be affected by the rebranding, and you will still receive the same level of support as you were before. Here at Servertastic, the cost of Sectigo certificates will not be changing from the Comodo CA versions.

All account manager phone numbers will remain the same, though customers should be on the lookout for notifications of their new email addresses.

With this rebranding, Sectigo are looking to build upon their past successes and grow their company even further.

New logos for PositiveSSL and EnterpriseSSL

You can find out more information on the Sectigo rebranding on their new website.

You can find our range of Sectigo SSL certificates in our new Sectigo section.

Introduction to Tech Support Scams

Tech support scams

Among the more common scams used by cyber criminals is the fake technical support service. Phone calls from Microsoft technicians and pop-ups warning of viruses are just a couple of the hallmarks of this con.

Tech support scams prey on the victim’s lack of IT knowledge to fool them into thinking there is something wrong with their computer. The victims are then conned into paying for an expensive service or downloading software in order to “fix” their problems. These services often entail giving the scammers remote access to their computer. This is their gateway to performing more malicious activity, which include theft of personal information and passwords or inserting more malware for future attacks.

In the past these types of scams have taken the form of cold calling. The scammers pretend to be a Microsoft technician to gain the victim's trust. They then talk the victim through various steps to fool them into believing their computer is compromised.

Phishing emails and pop-up ads are also popular methods of reaching victims. Sometimes these pop-ups go as far as to mimic Windows error messages. Those with low IT literacy can struggle to distinguish between the real and fake messages.

Newer Techniques

Scammers have been getting their schemes in front of victims using paid advertisements. When someone has a technical problem their first action is usually to look up a solution using a search engine. Services that appear as paid ads will seem more trustworthy in the eyes of potential victims and more likely to draw them in. Creating a convincing looking website, which can lure in victims, is simple for experienced crooks.

It has reached the point where Google are planning a special verification system to root out these fake ad (report by Naked Security). And in a recent development criminal have been exploiting un-patched WordPress plug-ins to redirect visitors to their scams (report by Malwarebytes).

How to protect yourself

The first important thing to remember is that companies like Microsoft will never make unsolicited contact with you. If you are contacted by anyone claiming to be from Microsoft or Apple, then it is best to assume fraud and hang up. Also note that no one can "remotely detect" viruses on your computer, and Window or Mac error messages will never require you to ring telephone numbers or email an address.

Keep calm when confronted with warnings. When you are presented with a dire message, it is only natural to want to act fast. Phishing emails and ads from scammers rely on urgent language to bypass rational thinking. Next time someone online tells you your computer has been compromised, stop and think.

If you get an email issuing urgent warnings, do not click and links or attachments. These may lead to fake web pages or contain malware. Keep an eye open for poor spelling and grammar in emails. These are obvious signs of unprofessional pretenders.

Taking a more proactive approach to protecting your computer from Malware can help you escape pitfalls. Do research into trusted anti-virus and anti-malware tools and get them set up early. These tools can detect malware planted by scammers and warn you about malicious downloads. If you know who you can turn to for help, then you can avoid suspicious characters online.

Proper training can help your staff avoid the pitfalls of tech support scams and other phishing attempt. Training programs such as CySafe can boost the vigilance of your staff and reduce the risk of them falling prey to phishing..

These kinds of scams can be easily avoided so long as you are vigilant and never take online ads at face value.

How do I Make my Site Secure?

website security

Photo by Ilya Pavlov on Unsplash

Why is it Important to Secure my Website?

Businesses operating online today face many challenges, the biggest being protecting themselves from cyber attacks. These attacks come in many forms:

  • Distributed Denial of Service (DDoS) attacks that can overload your website and force it to shut down. Your site will not be able to conduct any business while it is offline.
  • Phishing attacks being sent to your customers. These scam people into giving up their personal information.
  • Malware infections and ransomware attacks which hold your computers hostage.
  • Data breaches where the personal details of your customers are compromised.

The fallout from a cyber attack can be incredibly costly for your business. Your business even risks incurring legal action if it is found that you did not take the correct preventative measures.

Cyber attacks not only damage your finances but also to your reputation. People will be reluctant to engage with your business because they will not feel their information is safe with you.

Certain web browsers, including Google Chrome, indicate to their users when a website is unsecured by displaying a “not secured” message in the URL bar. This will ward off potential customers from using your website. Securing your website however will give you the green padlock or even the name of your business in the URL bar and assure your customers about your commitment to keeping their data safe.

Google have also confirmed that secured websites are given priority in their search engine rankings. So proper security does not just protect you and your customers, it can also boost your business’s presence.

The best course of action is to prevent cyber attacks by properly securing your website.

How do I Secure my Website?

SSL Certificates

The first way to secure your website is to make the switch over to HTTPS.

HTTPS encrypts information being sent between a website and the user, ensuring that hackers cannot read the information.

To switch to HTTPS your website needs an SSL certificate. SSL certificates come in different types depending on the scope of your website and level of trust needed.

  • Domain Validation - These can be issued in minutes and offer the encryption needed to protect user information.
  • Organisation Validation - These put your business information in the details of your certificate which ensures users about the legitimacy of your website. Obtaining this certificate requires your business to undergo a vetting process to verify your identity.
  • Extended Validation - Puts your business’s name in green text in the URL bar. These certificates also require you to complete a vetting process.
  • Wildcard Certificates - These can used to secure an unlimited number of sub-domains in one certificate.
  • Multi Domain - These can secure up to 100 domains in one certificate.

Upon installing your certificate the green padlock will appear in the URL bar and the HTTP will change to HTTPS. This indicates to your customers that your website is secure.

You can check out our range of SSL certificates to find what kind you need to satisfy your business needs.

Keep Software Updated

Keeping your software consistently updated is vital because it can prevent hackers from taking advantage of vulnerabilities. CMS developers such as WordPress and Joomla are constantly working on their platforms and regularly put out updates. Any anti-virus or anti-malware software you are using should be regularly updated as well to keep up with new viruses coming out.

You should also keep track of any plugins that your website uses for updates. If you find a plugin has had no updates in a long time you should consider finding an alternative that is still being supported.

Create Backups

Creating backups of your website and databases can provide protection from some of the worst case scenarios. For example, if you become victim of a ransomware attack, rather than giving into the hacker’s demands, you can reformat your computers and restore your data using a backup. As a result your system will be cleaned with minimal loss of time and data.

Ideally you should create multiple backups and store them separately from the rest of your system so that issues affecting your system will not invalidate your backups. Using different formats, such a cloud backup alongside storing a backup to an external hard drive, can ensure you will also have a copy of your files ready.

Web Application Firewall

A Web Application Firewall can be used to protect your website from malware attacks in real time. They work by monitoring packets of information as they travel to and from your website. It can then filter or block those packets if it detects any suspicious traffic.

Web Application Firewalls can protect your website from DDoS attacks, as well as SQL injections and cross-site scripting.

Penetration Testing

Rigorous testing can help find the vulnerabilities in your website that hackers might exploit. You will receive expert advice on where you website is weak and what changes should be made to protect it.

Penetration tests combine a range of manual and automated inspections of your IT systems, scanning the entire breadth of your infrastructure.

Strong Passwords

Using strong passwords can prevent hackers from getting into the backend of your website. Passwords should be multiple words or phrases long and contain a mix of lower and uppercase letters along with numbers. You should avoid using the same password for multiple accounts. Any default passwords you are given should also be changed as soon as possible.

A password manager, such as 1Password, can be useful in both creating strong passwords and keeping them securely stored. This helps you get around the issue of having to remember too many passwords.

Servertastic Limited is registered in England and Wales.
Registered Company Number: 04982077
VAT Number: GB125485804

Hosted by LayerShift

Mastercard Maestro Visa American Express
Diners Club JCB Discover Paypal
Sectigo Trust Seal
Reviews
Cyber Essentials