Importance of SSL Certificate

Have you ever noticed the http:// and https:// in front of a URL before and wondered what they mean, or why the variation exists? Well, that is because the S in front of the Hyper Text Transfer Protocol (http) determines whether or not the website has a Secure Sockets Layer (SSL) Certificate. Do you have an SSL Certificate in your website? Let’s look at some of the reasons for why you should consider it.

The ultimate purpose for an SSL Certificate is to secure all communication between your browser and the website, which secures the connection between clients and the server as information is being loaded. It encrypts all the data so it’s only understood and seen by those who are intended to have the information. This encrypts information by using two different keys. One key is the private, which is only known to the recipient of the data, and the second key is public.

This is important because information that is submitted to the Internet could get lost, or end up in the wrong destination since these data pass through multiple computers before reaching its target. SSL Certificates holds all types of important information, like the domain name, the owner’s name, the location of the owner, and more! Could you imagine if this type of information ended up in the wrong hands? That is why SSL is important.

If your business is a retail business or requires the exchange of money, having an SSL Certificate is a requirement. In other words, you need to have an SSL Certificate in order to accept online credit card payments. Aside from this, though, online users who know of SSL will NOT risk shopping on a non-secure site, so not having one can inhibit your business’ sales. Having this certificate can not only help you keep all important data secured but also help create a trusting relationship with your customers, which is needed in order to ensure that they will return to your site.

Keeping WordPress Secure

A new year gives you a great start to take the best measures to boost up your security. Even WordPress pros can often forget that staying on top of the simple things can lead you to a successful and safe site. Here are a few tips to keep you and your WordPress in the right direction, secured and away from being vulnerable from any sort of attack.

 

Change your password (often) and don’t use common usernames.

It is highly important to always make sure your password is being changed often and that it is fitted for security. Random strings of numbers and letters are the best way to keep your password safe from hackers. You can even use password generators such as Norton Password Generator to give you a top-notch one.

Shy away from using ‘admin’ or anything simple when creating your username for WordPress. If that’s the case, you may change it by adding /wp-login.php or /wp-admin/ at the end of your domain name.

Another great way to keep your security measure boosted is through two-step authentication. Two-step authentication (2FA) means a password is required along with an authorization code that is sent to either your phone or email, in order to get through the site. Owners decide what those two can be, whether a regular password followed with a secret question, a code or set of specific characters.

 

SSL to encrypt data

SSL, Secure Socket Layer, ensures security to data transfer between user browsers and the server, which makes it difficult for hackers to breach the connection or access your information.

For WordPress, you are able to purchase one from dedicated companies or ask your hosting firm to provide you one, often found in their hosting packages.

A bonus to using SSL, is Google ranks sites with SSL higher than those who don’t have it. In other words, more traffic for your website.

 

Securing themes and plugins

WordPress is updated frequently. Updates that are made for the purpose of fixing bugs, as well as updating vital security patches. In doing so, can cause some serious harm that you want to avoid at all cost.

In other words, update plugins, themes, everything. Regularly.

However, if you do want to use the built-in plugin and theme editor in the dashboard, you’re better off disabling it. Authorized users are given access to this editor, and, if by any chance the account is hacked, the same editor can be used to take down the entire site just by modifying the code.

Recent Major Security Hacks

There have been thousands of security breaches in the past few years. Many times, hacking accounts can be very simple to prevent by having an effective password security system. It seems, however, that not many still struggle to develop an effective password system, even successful entrepreneurs like Mark Zuckerberg.

As you may have already heard, this past Sunday Mark Zuckerberg’s Twitter and Pinterest accounts were hacked by hackers going by the name of OurMine Team. It seems that the 2012 LinkedIn breach was a great contributor to the hacking because they seemed to have gotten Zuckerberg’s password from the LinkedIn database.

A message sent from the Twitter account read, “Hey, [Mark Zuckerberg] You were in Linkedin Database with the password ‘dadada’! DM for proof..” His big mistake was reusing the same password for more than one account.

Another major hack that occurred this past Tuesday morning was the official NFL Twitter account hack. Peggle Crew (the hackers) had sent out a message that read, “We regret to inform our fans that our commissioner, Roger Goodell, has passed away. He was 57. #RIP”. This statement was quickly denied by NFL Spokesman, Brian McCarthy who sent out a tweet stating that the account had been hacked and that Roger Goodell “is alive and well.”

A Peggle Crew member told Tech Insider that they had gotten the social media information from an employee’s email where the account password was located.

Going back to the 2012 LinkedIn hack, it was recently revealed that the hack had actually compromised 117 million LinkedIn IDs as opposed to the claim of only 6.5 million IDs released at the time of the hack. It was also discovered that the IDs were up for sale in the dark market known as TheRealDeal.

With all the hacking, it is crucial for everyone to do their part in protecting their account. Here are some tips to take into consideration:

  •      DON’T reuse a password.
  •      Make your passwords long.
  •      Use upper and lower case letters with special characters.
  •      Avoid full words.
  •      Use two-factor authentication where a code is sent to you after entering your password.
  •      Choose difficult security questions and/or make up answers only you will remember.
  •      DON’T share your passwords with anyone.
  •      Use a password manager to safely keep track of your passwords.

Hackers and Viruses and Spyware Oh My!

“LastPass Sounds Breach Alert -Passwords, Reset Questions Now at Risk, Experts Warn”

“Millions More Affected by OPM Breach – Estimated Victim Count Expands to as Many as 14 Million”

– – Data Breach Today

Maybe you have seen the latest data breaches in the news. The headlines should read “Hackers and Viruses and Spyware Oh My!”  There seems to be a new attack weekly whether it is a business, government organization or media outlet.  It should not be a shock then, to learn that internet crimes are on the rise.These crimes include identity theft, credit card fraud, scams, computer crimes, spam, malicious links/viruses/codes/programs, and, of course hackers.

Statistics

  • Who is being breached?  – Information is Beautiful keeps an ongoing list of the companies that have experienced data breaches including the number of people impacted as well as the type of breach and number of files taken or compromised.  The numbers are astounding.
  • The Latest Norton Report indicates that global price tag of consumer cyber crime is a staggering $113 Billion annually, with the cost per cyber crime victim up 50 percent.
  • Cyber crime has no boundaries despite the large number of victims is concentrated in Russia (85%), China (77%), South Africa (73%), the annual number of victims has been estimated in 378 MILLION producing the major price tag of consumer cyber crime in USA ($38 BN), Europe ($13 BN) and China ($37 BN). (Source: Security Affairs)

Who is Attacking?

  • Experimenters and vandals-also called “script kitties” going after the notoriety and in it for the challenge (bragging rights)
  • Hactivists- believe they are vigilantes fighting for a cause
  • Cybercriminals- for profit (have lots of money and commission custom software and Trojans to use towards small businesses who don’t have as much protection with a lot to lose)
  • Information warriors-spies; going after Departments of Defense organizations of nations  (Source: Lawgical)

Tips for Data Security

  • In terms of thefts of data, files and hardware (like laptops, smartphones etc.) there are a couple of tips including: secure and encrypt critical data and only have a cleaning crew come while you are present and keep track of who is visiting your website.  In addition, keep domain and hosting in the owner’s name not the IT Director’s name in case of termination or that person leaves for another position.
  • To combat malicious codes and viruses use strong antivirus and malware programs on all computers and smartphones. Keep all programs and applications up-to-date in order to have the latest security installed.  Use security systems or Managed Security Services for large storage needs.