The recent DDOS scare that affected a large number of websites brought to light how important it is to put whatever precautions we can into place to keep our websites secure. Anyone that owns a website right now should be thinking about security, but for those for whom your website is your business, you need to treat it as a priority.

That’s doubly true if you accept payment through your website. Whenever someone provides you with their credit card information, they’re putting trust in you and your brand. If a hacker gets access to that information because you didn’t take the necessary steps to make your website secure, then you betray that trust.

Cyber security is complicated stuff and you may not be able to ward off every threat – hackers are often savvy and always working to outsmart every new security update. Nonetheless, you can vastly reduce the risk of having your website be the next to be victimized by taking a few key precautions.

 

1. Keep all your software up to date.

The first step is one of the easiest, but one that makes a big difference. A lot of software updates are designed specifically to reduce security vulnerabilities. Software designers and cyber security experts are in a constant battle with hackers to thwart every new effort they come up with.

Most of those software updates you seem to get constant reminders for are part of that battle. Even if it feels like an annoyance, don’t dilly-dally on completing those updates. Regularly check for updates to your plug-ins, your CMS, your ecommerce software, and any other software related to how your website runs. Taking this simple step will immediately reduce your vulnerability.

 

2. Use secure passwords and update frequently.

A surprising number of people still use basic passwords like “password” or “123456.”  Don’t be one of those people.

Make sure the password you use to access your website has a mix of numbers, letters, and special characters. Also avoid using something an acquaintance could guess at in your password – your kid’s name or year of birth is too easy for someone to figure out. Get creative, make sure you use something different for your website than you use for your other logins, and make sure anyone else in the company that has access to the website does the same.

And then do it all over again in six months. Set a reminder on your calendar so you remember to update your password with some frequency.

With HostGator’s Password Generator tool, simply click and drag Snappy’s head to generate a new password. Creating a secure password has never been so fun!

 

3. Backup regularly.

In the case that anything does happen, you don’t want to be stuck building your website over again from scratch. Make sure you back it up regularly, just like you do your own computer (you do backup your computer regularly, right?).

If you use HostGator for your web hosting, then setting up automatic backups for your website is as easy as adding CodeGuard to your subscription. It not only makes backing up completely effortless since everything is automated, but restoring your site if the need ever arises is a simple process as well.

 

4. Invest in a malware detector.

Malware’s extremely common, and not just on the website’s you’d expect. Hackers have an interest in infecting any website that people are likely to visit. That means your website could be felled by malware, or (arguably) worse, it could be the means by which malware infects your customers’ computers.

Your best move to avoid both scenarios is a strong malware detector. Anti-malware programs can spot malware fast and help you get rid of it before it has the chance to do much damage. They’re relatively inexpensive when you consider the risks malware poses, and they’re not all that difficult to implement. Your web hosting platform might even offer one (like HostGator does), which makes adding it to your web hosting plan and activating it especially easy to do.

 

5. Be careful about your permissions.

How many people have access to your website? Most businesses, even many on the smaller side, need to provide at least a couple of people with the means to access the website to make changes. Medium-sized and larger businesses will often have far more people accessing the website on a regular basis.

The more people you have in there making changes to the website, the more vulnerabilities you have. Chances are, not every person using your website needs the same level of access. By using your permissions wisely, you can limit the potential damage a thoughtless or malicious act by one of your employees or contractors can have.

 

6. Set up SSL.

If you have an ecommerce websites, purchasing an SSL certificate is not optional. Your customers need to know that your website is secure before they hand over sensitive information. An SSL certificate is the way you provide them that security.

An SSL certificate isn’t terribly expensive and ensures your websites shows a green HTTPS in the browser bar, which is what consumers look for to see that a website can be trusted. It adds an extra level of protection to ensure the details customers share with you are properly encrypted and can’t be easily snatched up by cyber thieves.

7. Use AVS and CVV.

When you add an address verification system (AVS) and credit card verification value (CVV) field for all credit card checkouts, fraud attempts are far less likely to slip through. You have a chance to check the information a customer provides against the information their credit card company knows so people that have stolen credit card numbers alone won’t get past your confirmation process.

 

8. Reduce XSS vulnerabilities.

This step gets really technical and you may want to consult with your webmaster or a cyber security consultant rather than try to handle this one on your own. XSS (cross site scripting) vulnerabilities are weaknesses in the code you write that allow hackers to add code to your website that infects your visitors’ devices.

To reduce XSS vulnerabilities, you need to validate and sanitize your data as described at the link above. You may also be able to insert this string onto your webpages to reduce your vulnerability:

echo htmlentities($string, ENT_QUOTES | ENT_HTML5, ‘UTF-8’);

But that will only work for you if you’re not using HTML. If you are using HTML, running your code through the HTML purifier is your best alternative.

 

9. Reduce SQL injection vulnerabilities.

As with step 8, this step is probably more the job of a webmaster than a business owner, so ask for help if you find the suggestions confusing.

SQL injection vulnerabilities aren’t as common as XSS vulnerabilities, but they’re still cause for concern. They allow hackers to get ahold of the sensitive data stored in your database – which often includes information like your customers’ credit card numbers.

All of the best methods for prevention here are pretty technical and you can check out the SQL Injection Cheat Sheet for more detail on what each defense means. The main five defenses against SQL injections are:

• Using parameterized queries to help your database distinguish the difference between code and data.
• Using stored procedures that are clearly defined within the database and provided to users, rather than letting them enter their own.
• Escaping user supplied input (which is only recommended in some cases), so the database knows to recognize any information users supply as different from SQL code written by the developer.
• Enacting least privilege – which relates back to step 5 – to make sure users only have as much permission as they need and no more.
• Employ white list input validation, which allows the database to detect any unauthorized input before processing it.

If your eyes just glazed over, you’re not alone. If you don’t understand this stuff, it’s better to bring in someone who does so it gets done right.

 

10. Use a DDoS mitigation service.

Distributed denial of service (DDoS) attacks occur when a hacker sets a large number of compromised systems to flood the bandwidth of a website all at once. The server gets overwhelmed and starts to reject all visitors.

Having a web hosting provider that’s put protective measures into place is the first line of defense, but with how common DDoS attacks have become, making an additional investment in a DDoS mitigation service can further reduce your risk.

 

Hackers are constantly working to create new methods to get around these protections. In addition to putting these ten tips into effect, take some time throughout the year to read up on new security threats and best practices.

The stakes here are high – you need your customers to trust you and your website to consistently do its job. Make sure you treat website security as the priority it should be.

New Apple “iCu” Virus Affects iPad and iPhone Users, Causing Seizures.

A new smart phone virus is spreading across mobile networks causing users phones to post personal photos and text messages online. However, new reports have indicated that the virus also has the capability to infect the individual using the device. According to researchers at Palo Alto ComTech, the “iCu” virus affects your iPhone and iPad device simply by opening an iMessage.

Hundreds of thousands of iPhone users have already been infected according to researchers. The “iCu” text message virus struck iPhone users in China and parts of Russia this past weekend spreading across all mobile networks. Officials believe the virus originated in Beijing. The “iCu” virus revolves around infecting iOS devices which secretly collects call logs, phone book contacts, photos and text messages. Once the virus attacks these elements of the iPhone, the virus sends out mass text messages to every available number in the phone book. The message is sent from the user’s iPhone and is received as originating from the recipient to the uninfected device. The virus sends a message reading, “Hi” and once the user responds, the virus replies with “iCu”. Once the virus detects the user has read the message, the iPhone becomes instantly infected.

“Once the “iCu” virus infects the iPhone, it copies all phone data, including photos and text messages to an anonymous server which then uploads to various websites. The virus also send all text messages and photos to everyone in the infected iPhone’s phone book,” according to researchers at Palo Alto ComTech. Further reports reveal that a few thousand people have displayed signs of being ill after their phone was infected.

According to medical officials at Peking Union Medical College Hospital, “iPhone users with infected devices have symptoms of epilepsy after reading the infect “iCu” text message. We have admitted over 1100 people over the weekend as a result of the iPhone virus. We are monitoring systems and advising patients and staff with iPhones to turn off their data until we gather more information.” Researchers are attempting to work with Apple to find a quick resolution for the issue until permanent fix is available.

For now, researches advise all iPhone users to do the following to avoid infection:

Keep the iOS version on your device up-to-date
Do not open any text message from unknown users or any messages containing “iCu”
Turn off Read Receipts
Do not pair your iOS device with untrusted or unknown computers
Avoid powering your iOS device through untrusted chargers or unofficial Apple Products
Avoid jailbreaking your iPhone however if you do, only use credible Cydia community sources
Apple has not released an official statement regarding the issue.

Forget the cloud — it’s all about “the edge” New trends like the Internet of Things are forcing internet infrastructure to change again

For years, we heard about “the cloud” — the magical place where all of our photos, emails, and Facebook posts are stored, ready to be accessed by us at any time.

The term was always deceptive: It sounds like a clean, intangible place, when it fact it refers to megaplexes in low-population areas in Virginia and the Pacific Northwest filled with computers that are always on, churning through electricity. “The cloud is just someone else’s computer” is now a popular laptop sticker among tech nerds.
But just as you were adjusting your mental impression of what the cloud is, the cloud is changing. It’s all about “the edge” now..

The edge refers to internet infrastructure that is physically close to the user. Edge computing means putting smaller, more specific data centers in the field in order to reduce the amount of data that needs to be transmitted to a central data warehouse.

The cloud was efficient, but it had limitations. Customers were starting to notice latency because of the distance data had to travel. It’s ill-designed for applications that constantly generate small amounts of data, like the software that runs Wi-Fi-enabled smart home devices, traffic lights, electrical grids, and other objects collectively referred to as the Internet of Things.

For years, we heard about “the cloud” — the magical place where all of our photos, emails, and Facebook posts are stored, ready to be accessed by us at any time.

The term was always deceptive: It sounds like a clean, intangible place, when it fact it refers to megaplexes in low-population areas in Virginia and the Pacific Northwest filled with computers that are always on, churning through electricity. “The cloud is just someone else’s computer” is now a popular laptop sticker among tech nerds.

But just as you were adjusting your mental impression of what the cloud is, the cloud is changing. It’s all about “the edge” now.
The edge refers to internet infrastructure that is physically close to the user. Edge computing means putting smaller, more specific data centers in the field in order to reduce the amount of data that needs to be transmitted to a central data warehouse.

The cloud was efficient, but it had limitations. Customers were starting to notice latency because of the distance data had to travel. It’s ill-designed for applications that constantly generate small amounts of data, like the software that runs Wi-Fi-enabled smart home devices, traffic lights, electrical grids, and other objects collectively referred to as the Internet of Things.

So what does this mean? The cloud — centralized, efficient, large data centers located in remote areas —will still exist. However, smaller, supplemental data centers will move closer to population centers.
But I’m an ordinary human, you say. Why would I care about that?
First, you might notice that things are a bit faster. Second, there are consequences for power usage.

Data centers use a lot of electricity, but they have made big efficiency gains in the past decade. A lot of that is dependent on centralization, however. Fragmenting the industry means at least a temporary setback in efficiency. That has consequences for the environment (more emissions) and potentially prices (higher electricity costs could be passed on to the user).

The biggest difference, however, is that you must now start saying “the edge” in addition to “the cloud.”

Mac OS

Writing apps: BBEdit, Marked 2, Highland 2

I spend a good portion of my work week writing and I’ve taken a shine to apps that let me write in plain text with a little Markdown thrown in for formatting. My go-to text editor has been BareBones Software’s BBEdit ($50) (or its free and also excellent sibling TextWrangler, which is available on the App Store) with a little bit of Brett Terpstra’s Marked 2 ($14, available on the App Store) for a pretty preview of my formatted text.

Screenshots/Image editing: SnapzPro X, Acorn

Maybe I’m old school. Maybe old dogs can’t be taught new tricks. But my favorite screen capture tool is Ambrosia Software’s Snapz Pro X ($69). It’s versatile, powerful, still suits all my needs, and remains the smartest screen capture tool I’ve used. (Although, be warned, Ambrosia Software seems to be limping along, so no guarantees how long they’ll be around.)

Calendar: Fantastical 2

Not even a question. You won’t find a better Calendar for your Mac than FlexiBits’ Fantastical 2 ($30, available on the App Store). It’s great. It’s better than great. It’s the best calendar app I’ve ever used.

Notes: Apple Notes, OneNote

Hard to believe I’m saying this, but I love Apple’s built-in Notes app. Locked notes, formatted text, images, maps, handwritten notes, embedded files, and shared notes for collaborative work, all of which sync to all your devices. (Notes.png)

Network troubleshooting: iNet Network Scanner

I spend a lot of time on other’s people’s networks figuring out what’s where, whether I can see devices on the network, and discovering which ports are open on those devices. My favorite network scanning app is BananaGlue’s iNet Network Scanner ($12, available on the App Store), which allows me to take instant inventories of everything on my client’s networks.

iOS

Writing: 1Writer, Smart Keyboard

I don’t always write on a Mac and when I don’t I love using my 9.7-inch iPad Pro, 1Writer ($5 on the iTunes Store), and Apple’s Smart Keyboard. I confess, I never liked writing on an iPad until I found this combination, but Apple’s keyboard and 1Writer’s excellent Markdown tools make writing on an iPad as easy as writing on a Mac.

Calendar: Fantastical
Fantastical for iOS

Yup! Love this here too for all the reasons that I stated about the macOS version. You won’t find a better calendar app for your iOS device. So, go! Get it! Just 5 bucks!

Email: Microsoft Outlook

I do not, do not, do not use Apple’s built-in Mail app on my iOS devices. I do on my Mac and I love it. But on my iPhone and iPad I use Microsoft’s free Outlook app. Why? It’s better. Much better. Easily connects to any mail service and calendar, keeps track of attachments, connects to Dropbox, Box, Google Drive, and OneDrive, and makes managing mail a snap. Perfect.

Social media: Tweetbot

I’ve pretty much stepped off of every social media platform with one exception: Twitter. I’d probably step off of that too if Tweetbot ($10 on the iTunes Store) wasn’t as great as it is. Beautifully designed, Tweetbot makes scanning my Twitter timeline an enjoyable experience. Without it I might be off of social media altogether.

Podcasts: Overcast
Overcast for iOS

I drive around a lot and I listen to a ton of podcasts. Tons, I tell you. And I listen to every single one of those using Overcast. (Free with ads, $10 without) There are dozens of things that make Overcast great, but what makes it tops for me is how simple it is to subscribe to new podcasts and share episodes I love with others. It is simply the most beautifully designed podcast app you’ll ever use.