Blog

17 May 2017

SECURITY NEWS - Your Website, IT Systems and Keeping Step with 2017

Posted in Blog

www.websitesforsmallbusiness.com.au Ranked #1 In Google.com.au for ‘Website Design’ 17th May 2017

SECURITY NEWS - Your Website, IT Systems and Keeping Step with 2017

SSL – The Golden Padlock in Web Browsers
We have been rolling out upgrades to to the servers and applying SSL certificates to all hosting accounts, you may have noticed that your website now begins with a https://www  Why?
Sometime ago Google indicated that website owners needed to improve the security of their website to provide a safer browser experience for their visitors, and announced they would be penalising websites that did not demonstrate a SSL or HTTPS connection on contact us pages etc.
We have improved our hosting environment to allow easy installation of SSL certificates that can be used for both Website and Mailserver connections via our Cpanel.  Once enabled on your account you can begin using immediately, and change your mail client (Outlook) to use SSL secure connections.  Accounts have been checked and SSL installed on renewals for some time now.  It’s just part of our proactive service.  SSL can be installed via Cpanel > Security > Lets Encrypt SSL.  Click issue for the domain you want protected.  Ask us if if you need help.

Keeping on Top of Security Patches
Ongoing rollouts of Joomla and Wordpress security updates continue.  With recent hacking events globally, it is a reminder that as business owners we need to be aware of the implications of out of date computer systems, and websites that can easily be targeted by hackers.  No business owner with an online presence should be ignorant of the implications of not applying the latest security patches, on your computer, on your phone, tablet or website.
All of our websites have additional firewalls installed, For Joomla it is located in the Components > RS Firewall.  This is very effective in preventing real time attacks from outsiders and it has been over two years since any of our Joomla based websites have been taken down by hackers! This is why security is so important for you and us as your hosts.  

Two Factor Authentication aka Two Step Verification
What is it?  Those familiar with banking, security dongles, and the SMS’s the bank send you when you attempt to make a new EFT payment may already know what Two Factor Authentication is.  Ultimately, it is the next level of security to ensure your account is not accessed by anyone else but you as it requires to enter in a code that expires after a short time, then refreshed, only the current one will authenticate and allow you in.  Google have an app called Google Authenticator, our hosting server is now enabled with TFA.  To enable it for free on your hosting server, In Cpanel go to Security > Two-Factor Authentication.  Press setup TFA and follow the prompts.  You will be asked to scan a square barcode, with the app and it adds the server details to your smart phone.  So next time you log in with your Cpanel login and password, you will be prompted for your TFA code.  Again this is no extra cost and we think it is important that you become familiar with this technology and use it to protect your business, your privacy and your clients information.  You should be using it!

Re-Designs - Modernise your website now!
Our newest software used for designs allows for on the fly updates across Joomla, Wordpress and Magento versions.  This means that as we apply security updates we can follow-up with a design update without needing to completely redesign from scratch.
What does this mean?  Well if you need to freshen up the look of the website we can do it now alot quicker and provide a greater level of customisation than before.  Easily add high resolution images with parallax effects etc.  Check out our portfolio for some recent work.

Given that it is nearly the end of financial year, it is going to get busy again and carry on until October with new businesses starting up that need websites.  
I encourage anyone looking for a freshen up, lets make that website of yours look 2017 and not 2015! Drop me a line and I can review your site.

Charlie Server - Scheduled Server Maintenance
All accounts on the Charlie Server will be migrated to faster server infrastructure at 12am Monday 22nd 2017.  This work is being undertaken by our upstream providers and we expect a downtime of 15 mins while the file system is synchronised and the server is rebooted. 

Need to upgrade your Office IT equipment before the end of year?
We are LEADER Dealers and can have the latest in IT computers, laptops and printers delivered Australia Wide.  We can source the technology to suit your application or budget.  FREE Shipping on orders over $500.
Missed the FREE upgrade from Windows 7 and 8 to 10?  For a small fee I can remotely upgrade your computer to windows 10 as it is still available, just hard to discover.  Let me know if you are interested, given recent hacking events globally you MUST be using the latest Operating System and applying security patches as they are released!  No excuses!

We will continue to be on top of security - you are in safe hands with us....

Kind Regards,

Jason Keys
Websites For Small Business
Creative Director & Owner

28 May 2014

Watch Out Online

Posted in Blog

watchout
In years gone by, traditional door to door hawkers would take up your time selling unwanted goods, now that you have an online presence, anyone can contact you but there are some things to be on the look out for.
These not only are threats to loosing money online, but also threats to your privacy and identity.
 
Clever marketing or social engineering? There are plenty of ways you can be exploited online with technology... Here are a list of a few common methods to WATCH OUT for!
 
Verification Emails
Emails will also come to you asking to confirm your email address password.  This is very common for businesses who have websites that can have their email address harvested, it just needs to be on your website.  The email will appear to be from a technician with a link to say “click here to confirm your details”..  Note that we never ask you for your email passwords, we actually do not keep a record of them as access to your emails should and must be private!  When you click the link it will be to a site that will store you login details and with 100% certainty then hijack your email account to send massive amounts of authenticated emails and will result in our server being blacklisted.  They can also create accounts on other websites such as ebay without you knowing.  A new one that arrived today was from “Microsoft Digital Crimes Unit” providing a “Validation Link” to verify your details, by hovering over the link the URL will appear, it is clearly not from microsoft and the domain it goes to is www.micosoft.com , its missing the r!  Other variations include your ebay account, bank accounts, hosting accounts, paypal, etc WATCH OUT
 
Domain Scams
An email will come to you from a legal department or “lawyer” stating that a company they represent is registering a trademark that conflicts with your domain name.  One thing to know is that there is NO trademarks or INtellectual Property Rights on domain name, it is first come first served and never the ownership of the registrant, it is “hired” so to speak as long as you have the renewals paid it is yours to use.  The email will say that they have other domains close to yours and say that they will register it if you dont, this is just a cleaver way to sell you a domain name at an inflated price.  Fear of loss is why insurance companies make lots of money, a powerful call to action.  WATCH OUT
 
Domain Renewal Scams
This usually comes in the letter box, an official envelope with a logo similar to Domain Registry containing an invoice for payment for your domain name.  They vary differently, however the business name tricks you in two ways, they look like an authority to register or renew your domain.  Look closer and the domain actually is similar to yours not not the same but at an inflated price. People often pay the invoice for $249! Again this targets busy companies that pay their invoices without checking.  The ACCC has targeted one particular business based in Australia and New Zealand and they continue to use this direct marketing ploy freely as in a way it is not illegal.  We are asked almost weekly about these “invoices”, no they are not from us, throw them in the bin!  WATCH OUT
 
Selling Online – Phishing – (Like Fishing for a sucker)
1.  This happens regularly to people who have listed cars for sale, an interested person will say they are happy to buy the car and arrange for their own transport company.  What happens next is the transport company asks for an upfront payment to clear customs or for unexpected costs, you pay and you never hear from either the transport company or the buyer again.  WATCH OUT
 
2.  If you have an ecommerce website, you may be approached with a similar scheme to the one above, or to ship products to some obscure location, don't be tempted to trade outside of your website or outside familiar payment gateways, direct them to your website to order and pay for the goods.  WATCH OUT
 
3.  Another tactic is via phone to sign up to directories/calendar/advertising your business – often the directories do not exist or have very little value – watch out when they say “you business participated last year we are calling you back to do it again”.  Here they are using social engineering to exploit busy companies where people change jobs or leave.  WATCH OUT
 
Technical Support
Via Phone, you may have received a call from someone claiming to be from “Microsoft Technical Support”.  You should know that microsoft publically have stated they never call customers, this should be your first alarm bell.  The caller will state that your computer is sending error messages.  What the caller will want you to do is with their direction download and install a piece of software called AMY or similar, it will do several things apart from slow down your computer, it will also log your keystrokes and convert screen shots to files so they can capture you entering in your banking passwords etc.  They often will tell you that they can make all of this go away if you give them $$$$ and take your credit card.  The interesting thing about this scheme is that legally you are installing the software not them, so they get around the legalities of infecting your computer.  WATCH OUT
 
Browser Infections
Your computer is running very slow, slow internet is enough to make you shake your fist at the screen, and the browser is doing funny things and.  Often your anti-virus program will not pick up a browser infection because the infection has come through a link clicked on at a vicious website.  Unsupervised children are notorious for wildly clicking on websites that offer online browser games, a link is not always a link.  Apart from being slow, you will also notice lots of pop-ups, changes to the appearance of your website like SnapDo does, toolbars appear etc.  Often other applications will pop up claiming that your computer is slow and can be fixed – just click here and pay $29.99 and make your computer faster.  Sound familiar?  These often come through in via the browser, clicking on suspicious popups, even to close them can actually make it worse, just ALT-CRL – Del, go to task manager and close your browser program, hitting F4 can also close the window. WATCH OUT
 
 
How to protect yourself
 
1.  Ensure you do not give out information easily.
2.  Ensure you do not use easy to guess passwords.
3.  Do not use the same password on all websites, if they can access one, they can access them all!  Same goes for your email address, anyone can login and read or send emails without you even knowing!
4.  Change your passwords regularly and use capitals and symbols.
5.  Never click a link in an email without thinking of where it will take you, particularly if it asks for your information.
6.  Ensure your modem at the office is password protected and not an easy to guess passkey, anyone who can connect to your WIFI can snoop on you and gain access to your files.
 
We will never ask for your personal information via email.  Have you been caught out?  Tell us your experience This email address is being protected from spambots. You need JavaScript enabled to view it.