Based on our support logs from clients regarding their email and web site access support requests, every month should be Nation Cyber Security Awareness Month. Some folks still don’t understand that you cannot use simple passwords anymore. Most good programs will not allow you to do that. They are now asking you to include upper case as well as lower case letters, numbers and symbols.
Here are some quick tips:
- Use a password generator – There are very good free programs that will add good passwords and store them for you
- Change your password regularly – Many programs are now requiring this. Another good reason to getting a password program.
- Do not Keep Using the same few passwords
- Do not write passwords down in a file
- Do not let browsers keep your passwords – This is a very easy hack for experienced tech people
- Be very careful with secret questions – Do not pick easy questions then you are asking for trouble.
- Do not use public terminals – a major mistake this where spying is always happening
- Always shut your browsers when left idle. Shut down your PC when not active.
This may seem like an inconvenience but avoiding that first major hack is pretty important and can be very costly.
I am asked this question almost every week. It is really small business data breach insurance. All the publicity regarding hacked servers in the news media has spooked a lot of people. It seems just about everyone in this day and age uses the internet to promote their business and or products and services. That alone will not require any insurance. But if you are collecting client information and storing it on a PC or server in your office that has a vulnerability issues written all over it.
You might think that most data breaches are caused by hackers or malicious attacks. But more than half of data breaches are caused by system glitches and human error.
- An employee mistakenly sends a batch of personnel files to the wrong email address.
- A credit card company calls to inform you that credit cards used at your business were compromised through your point of sale system.
- While on business travel you lose your cell phone, which has sensitive customer information stored in your email’s Inbox.
Data that is maintained in a cloud environment is somewhat safer. You are relying on that vendor to have the correct security. Once again, this should not be taken for grant it. You should be discussing the software you have or are about to invest in with an internet specialist or your IT professional.
Here are some of issues that you must consider if a breach occurs:
- Breach notification to customers
- Credit card monitoring services
- Costs to retain a public relations consultant to help restore your reputation
- Consulting and forensic fees to identify and resolve the cause of a data breach
- Defense and settlement costs if you are sued for alleged failure to prevent unauthorized access to, or use of, personal information
You can probably get a get an “add on” to your business liability policy that will cover the above actions.
So my answer to the questions regarding a small business needing Cyber Insurance is most likely “yes” if you fit into the above description. If you are having a vendor handle one of these areas for you, I would discuss their plan of action for stopping problems and if a breach does happen what is their response.
It is only going to get more complicated and your business is going to more involved with data type tools and software.
I was amazed how many people never heard of the dark side of the internet when asked by a State of NJ Security officer at a recent seminar for small businesses on internet security. Going there is not advised but being aware of it and what it is is imperative. It is interesting to hear what people say or think when you mention this area of the internet. It is not dark but it is pretty scary to see what can be purchased and done there. I am especially talking to parents with kids in high school and beyond. The danger does not seem to disturb them the same way, so surfing around seems OK to them.
All it requires to get there is to go to torproject.org. It looks innocent enough. According to the home page everyone uses it. It was started by our government a few years ago to help people in suppressed countries view what the rest of the world saw on the internet. The problem is it not only hides those people but it hides terrorists, drug dealers, gun smugglers and pedophiles to name a few. Buying ransom wear to attack some business is a snap. Buy it there for $3 or 4 and you can even get someone, for part of the proceeds, who will set up the product to try and infest whoever you are after. They even have a rating system for every different malware that is offered. Comments about how good the software is, with rating system.
Would like to know where to buy a semiautomatic weapon? Not a problem. How about a great deal on legal and or illegal drugs. Paying too much for a prescription? They have the deals. They showed us one site that sold pot and guns. The main reason they cannot bust these sites very easily is the fact that they are up and then gone in a few days. Shipping is never a problem. Everything is shipped by the regulars like; UPS, Fed Ex and US Mail. Things are just packed in regular consumer boxes. Maybe a few boxes of laundry detergent that contain a broken down weapon are delivered to a person’s door.
We saw one search engine result that had 234 pedophile web sites available.
Dark, no, Scary, yes.
One thing that people use who go on this level of the internet is a flash drive with the programming and bit coin wallet on it. This way it is plugged in and no one knows you are using it. Nothing visible on your computer and they showed us a variety of flash drives that did not look like flash drives. One looked like a chap stick.
The US government started it and continues to support it as well as other countries and individuals. Be alert.
I get this question asked quite a bit. The answer to this question has changed over the years. I use to say that it depended on the type of business. Now I cannot think of any business that would not prosper from using a You Tube channel to increase their visibility. You Tube, which is owned by Google, is the second most active search engine after Google’s search. People like the stickiness of videos. Now that mobile is taking over the internet presence of most users, videos make perfect sense. A lot folks would rather view something then read it.
So what does the average business have to offer in a video? Meeting the owner is a good start. Testimonials are always great. One of my client, Joel Braun Construction, used his smart phone to show the before and after of a bathroom reconstruction and then interviewed the owner. He captured all the important aspects in three minutes. Added the video to Facebook as well as his You Tube channel and web site. We made sure to add some descriptive keywords to You Tube’s description.
Another client of ours, Lang Smoker Cookers, has been very successful using video. I was at his farm in Georgia when I mentioned to him that we had several request regarding starting a fire in the Lang Smoker Cooker. Ben Lang added wood to a smoker; I pulled out my smartphone and videotaped him starting a fire. I added it to his new You Tube channel and imbedded it in his site and newsletter. Within 3 months we had over 60,000 views. We realized that we had hit on a great way to stay in front of both prospective and current clients. We then added channels for user testimonials, tips and cooking school. In the three years, that we have been using these channels, we have had over 1.5 million views.
The point is that anyone can do the same thing using a smart phone or doing something a little more professional with a videotographer. Think about your clients or someone you would like to have as a client. Talk to them on the video as if they were there
The last point I will add is, if you have a business that can offer tips on how to fix or install something, these are great. I used this type of video to fix my storm door to learning how to add a chart to Excel.
Very Powerful Suff.
Here it comes and you don’t even know what it is or what it is doing to you and your internet habits. Big Data is the culmination of all your movements on the internet. Congress gave companies permission to track and sell this information to any customer that can afford it both in price and volume. It allowed UPS to figure out the best route to take with their trucks to reach your house or office. It lets Dell Computers decide what you, the consumer, wants.
One of the programs that came out of this is called Programmatic Buying. It allows brands to use audience insights and technology to tailor messages to the right person, at the right moment, in the right context. It helps brands respond to real-time signals on an impression-by-impression basis across screens and across channels. For example, if a mom’s online shopping gets interrupted with errands, programmatic buying can help the retailer she was visiting reach the mom on her smartphone as she shifts to shopping on-the-go. That’s just one of an unlimited number of scenarios brands can use to engage audiences with programmatic buying. Does this sound familiar? It is sometimes called “remarketing”. You may have looked on an ecommerce site at a product and all of a sudden after you left, it seems to be following you on ever commercial site you visit.
It is now being formulated for the smaller merchant. Companies like Double Click, owned by Google, will be leading the technology. They feel today’s consumer is connected, interested and engaged. Think about all the people that sit there and stare at their smart phone. That is the market.
Example: Nike’s Phenomenal Shot pushed the boundaries of real-time advertising to capture the energy and excitement of the World Cup. Within seconds of a memorable match, or shot, Nike delivered immersive 3D display ads across sites and apps in 15 countries. Fans were then able to interact with these moments, making them their own, and share them on social networks. Real-time buying made it possible for Nike to deliver a beautiful, mobile-rich media experience with over 2 million engagements.
Like it or not, if you are a businessman who sells a product or service and wants to engage the younger generations, you better start studying or get someone that can guide you through it.
Generally when you shop on line, you will notice that the web address uses a SSL certificate. You will see a lock before the address that shows something like https://www.shoponline.com. What does this actually do for you and the web site? It protects where you go and what you do on that web site. The main reason for it on eCommerce sites is to protect your credit card and billing information.
Recently, congress has decided to allow vendors to sell your surfing patterns and demographics. This is called “big data” and it is very important information for larger companies. Big data allows business to figure out what you do online and how to sell you products and services and other things by tracking you on the internet. Google has responded to this ruling by making a ruling of their own. As we all know, once Google determined that the majority of people viewing the internet were using smart phones, they then required web sites to be responsive to all size screens in order to be found in their search. Now they have announced that in the next several months that they are going to require web site owners to use a SSL to secure their site to protect their visitors. They said that when the policy goes into effect, if a web site is not secure, they will not show up in the Google search.
This means that when you have the SSL or https added to your web site, the person going to your web site cannot be tracked at all and all cookies are blocked in your site.
This is a major rule change by Google like the responsive web site to make your internet surfing a better and safer experience. The bottom line is, if you own a web site and need to be found in the Google search engine, which represents 75% of all searches, then you going to need a SSL certificate. They can be purchased yearly or up to three years from your hosting company. They vary in price BUT do not settle for a free one. These are not valid. If you have a C name domain, i.e.: shop.mydomain.com as well as a regular site with that domain name then purchase a wild card certificate. It will cover all web sites that use your main domain name.
Worth the Time & Money?
You, as the owner of a domain name, should always be the registrant (owner) and the Admin Contact. The Technical Contact should be someone you trust as a second level administrator to assist you in making changes if you cannot. Even though the registrant is the owner, they do not have the ability to make changes.
The other question that is asked quite a bit is whether the name should be privatized for an additional cost. I use to tell clients it was not necessary but in recent years this has become a source for spammers email addresses. So my answer now is to spend the couple of extra dollars and privatize the name.
Most businesses do not change domain names very often. Even if they do, the domain name can be redirected to the new one so you do not lose a possible client. This is the reason I believe that when your domain name comes up for renewal, you should consider upping it for 5 – 10 years. You can always change the information such as the address of the business, email address or any other contact information. Most registrants use email address. This can be a problem if you are trying to edit your information and you no longer use the email address included in the document. Always maintain a current email address or expect problems if you need to make changes. Not all registrants use this form of ID but the majority do.
I would recommend that you review your information now even if you do not intend to make any changes just to be sure it is correct. There are two quick steps to this process if you do not know who your registrant is. The first thing to do is go to: www.internic.net and fill in their “whois” with your domain name. This will tell you who the registrant that controls the domain is. The second step is to go to that registrant and look for their “whois” link. Add your domain here as well and it will tell you all the important information. If you cannot see the information then contact their support team.
It will be well worth the time. Some clients lose control of their domain names when they have incorrect information and do not receive the notice that it is going to expire. Unfortunately, we get calls about this every month.
There are two excellent events happening in the next few weeks that I strongly recommend you attend one of them or send someone in your office. One wrong move could cost you thousands of dollars and or loss of data as well as the man hours or cost that were put in to develop your work.
1) Cyber Security & Big Data Analytics Symposium by SBA- $40.00
Friday, March 31, 2017 – William Paterson College, Wayne, NJ 9:30 to 2:30 PM
2) Cybersecurity Summit – NJBIA -$129 Member $149 Non-Member
Friday, April 21, 2017 – APA Hotel Woodbridge, NJ 8:30 AM – 1:00 PM
Of course it is. Most web sites are under attack by many different forms of spiders and bots. You should maintain a good relationship with your provider. Check all your monitor specs either directly or question support to discover if there are any weaknesses. Forms are a favorite target to spam through. Make sure you have a Captura button or some kind of human interaction required.
If you are using a WordPress site, make sure you have one good security plug-in like WP All in One set up and running correctly. ALWAYS update your plugins to the latest versions. Some are for security and some are for better performance.
Always remove email addresses and their mailbox if you have not used them in a while. This is a favorite way for spammers to send tons of spam out and then your good email address will be black listed if it is the same domain name.
Some people will use FTP permissions to make changes. When dormant for too long be sure to remove or make the password very difficult.
These are all the basic things you need to monitor regularly to protect your site, business and reputation as well as your fellow internet users.
Jim Mahlmann, chief operating officer of Netcetra has been selected to receive the “Main Street Award” at the 2016 New Jersey Business & Industry Association (NJBIA) – Impact Symposium, December 9, 2016, at the Bridgewater Marriott, Bridgewater, NJ. Continue reading