Ransomware: A New Security Threat to Your Site

IMPORTANT ALERT ABOUT RANSOMWARE AND YOUR SITE
Ransomware, once a menace mainly for consumers, has recently become a significant threat to business websites, even small ones. Please read the following important notice about this new risk and our recommendations for mitigating it.

WHAT EXACTLY IS RANSOMWARE?
Ransomware is a form of malware that encrypts or hides a victim’s files. The attacker then demands a ransom from the victim to restore access to the data, usually via bitcoin payment so the attacker can remain anonymous.

HOW RANSOMWARE WORKS
Hackers, employed by sophisticated criminal enterprises and governments like China and Russia, continually attack websites until they gain access. Once inside a website’s administration panel, they kidnap the site’s data files (by moving them or encrypting them) until a ransom is paid to release them.

In the case of most Desktop Solutions clients, the files affected could be a database of items in inventory system, or simply pages in a WordPress website. But the most important thing to know is that at the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker. The user is presented with a message explaining that their files are now are now inaccessible and will only be decrypted if the victim sends an untraceable Bitcoin payment to the attacker. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.

THOUSANDS OF ATTEMPTED ATTACKS IN THE LAST TWO WEEKS
Unfortunately, we have experienced thousands of attempted attacks in the last two weeks. Through diligent monitoring and mitigation tactics, we have been able to thwart all the attacks to date and keep our clients’ sites protected. Part of this Since attacking small business websites is a very new phenomenon, we have reported our findings to the OWASP and the FBI.

WHAT WE’RE DOING TO PROTECT YOUR SITE
In an effort to protect our clients’ data, we have made significant changes to our data back-up systems. We are now storing all site back-up materials on a separate server, so your data is better protected in the event of an attack.

ADDITIONAL SECURITY MEASURES WE RECOMMEND
Although we have taken measures to protect our data servers from these attacks, we strongly advise that all clients take the following actions:

Improve passwords and update them monthly:

  1. Make sure your password is a combination of alphanumeric characters, symbols, upper and lower case characters and is at least 12 characters long.
  2. Do not use the same password for all your different website logins.
  3. Change your passwords monthly to keep them doubly secure.
  4. Store users’ passwords in encrypted form. This ensures that even if there is a security breach, attackers do not get their hands on actual user passwords.
    Upgrade to two-factor authentication
    We recommend that all client sites implement two-factor authentication for all logins. That means we’ll install an additional security feature on your site, that requires you to enter an additional code to login to the site, usually sent to your cell phone via text message.

More frequent back-ups
We currently back-up all sites daily. If you’d like us to increase the frequency of back-ups, we can prepare an estimate to accommodate the frequency of your changes.

Add a web application firewall to your hosting package
A Web Application Firewall (WAF) inspects incoming traffic and weeds out malicious requests –- before a hacker gets to your site. These could-based systems are available to add to your site for a small monthly fee added to your hosting.

WHAT HAPPENS IF YOU DON’T IMPLEMENT THESE RECOMMENDATIONS?
Implementing these recommendations can allow you to avoid or mitigate the effect of a ransomware attack. Without them, should an attack occur, your site could experience prolonged downtime (24 hours or more) while we work to restore your data. And, without a recent back-up, some of your data could be lost forever. We also reserve the right to charge standard hourly labor rates for restoration of your data.

To learn more, please consult the following article, courtesy of ZDNet.

To discuss options for your site, please contact Lyn Nielsen at [email protected] or 631.428.4654.

Working at Home: Tips on Maximizing Your Productivity

We’ve been working remotely since 2007, so we’d like to share some tips on making your work-at-home experience as productive as possible.

Hardware: Most people have a laptop that they can use in any room of the house, but some people will need additional hardware like pcs, printers and scanners for team members to work effectively from home. Companies like Xerox are offering surprisingly inexpensive work-at-home packages to get you up and running quickly.

Online Meeting Software: Most people are using Microsoft Office at this point, but not everyone uses the Teams tool. For internal meetings especially, this tool is great for group chats, group voice calls and screen sharing. The old saying, “A picture paints a thousand words”, holds true. Sometimes there is no substitute for seeing someone else’s screen when trying to explain something.

Another great tool is Slack. It has some additional tools for classifying projects, organizing conversations and storing information and files in a searchable archive.

For outside clients, online meeting tools are a great way to do make presentations, address technical support issues, do product demonstrations, and present proposals. I have used almost every tool out there including Gotomeeting, Skype, and Zoom. I prefer Gotomeeting personally, as I like its ability to switch back and forth between presenters, draw on the screen, and record important meetings. I rarely use the webcam feature on any of these systems, as I feel they are a bit jumpy and distract from the meeting content.

Create an agenda: Ever been on a conference call where the presenter rambles on with seemingly no point? Me too. It’s one of most people’s biggest pet peeves. Whatever technology you are using, stop to create a quick agenda of topics to cover before you begin the meeting. I will keep everyone on track and help you develop a reputation for being focused and professional.

Know when to use what tool: It’s great that we have this technology available to us, but let’s face it, sometimes it gets on the way. I often find that for quick questions, a phone call is often faster than a lengthy email or an online meeting. Most people are busy, and appreciate brevity when it’s called for.

Minimize Distractions with a Structured Day: For some people, the flexibility of working at home can also mean being distracted by kids home from school, household chores, and other day-to-day things that you don’t have to worry about in your office. To keep you focused, I recommend using what I refer to as a ‘structured day’. This simply means dividing up your day into a few different parts. How long you spend on each section depends a lot on what you do, so keep that in mind.

Part One – Responding, organizing and meetings. The couple of hours of each day, I spend my time reading and responding to emails, making phone calls, having meetings, organizing tasks, and getting things in place to move to the next part of the day, which I refer to as ‘groove time’.

Part Two – Groove time. This is the part of the day where I produce work. For me it could be writing a marketing plan, doing research, designing something, writing copy, or posting on social media. For you it may be totally different, but regardless of what you do, it is supposed to be uninterrupted time to concentrate on whatever you are working, without distractions like the answering the phone, checking email, having meetings or dealing with the kids. It can be as short or as long as necessary – whatever it takes to accomplish what you’ve set out to be done that day.

Part Three – Clean up, more meetings and planning. I usually reserve a couple of hours toward the end of the day to respond to emails and calls that came in throughout the day, have more meetings if necessary, and organize tasks and materials for the next day.

For more information about tips for working at home, NPR has a great article.

Is your website ADA compliant?

Due to some recent court decisions in California and Florida, we are advising that all clients consider making their websites ADA compliant. Although no definitive regulations exist yet, two of our clients have received letters from attorneys seeking damages on behalf of blind clients
who cannot access their websites. According to the legal experts we consulted, the combination of these court decisions in the absence of specific laws, means that these suits may have merit.

To avoid incurring costs for legal fees and damages from sight impaired visitors, we strongly recommend that you consider revising your site to be compliant with ADA guidelines before you receive a demand letter. The scope of work required for your ividual site will probably require a quotation based on its functionality and design. To get an idea of the steps required, feel free to test your site herehttp://wave.webaim.org/

To receive a complimentary estimate to make your site compliant, please contact Lyn Nielsen at [email protected] or 631.428.4654.

Why https?

Recent changes in Google Chrome might mean you should purchase a secure certificate to prevent your search engine rankings from declining.

What Is HTTPS?
The “s” at the end of the “http” part of a URL means the website is secure. When installed on a web server, an SSL certificate activates a secure protocol that allows secure connections from a web server to your browser. This ensures that a user’s activity cannot be tracked, that their information stolen, and that data files cannot be corrupted as they’re transferred. But having (or not having) an SSL certificates can also affect search engine rankings!

How does HTTPS impact SEO?
Google has encouraged webmasters to make the migration to a secure site for a while now and is now giving an increasing amount of weight in ranking boosts to websites that are HTTPS. Although only less than 1% of all websites are secure 40% of Google’s page one organic search results feature an HTTPS site.

We can convert your site to SSL for as little as $149.99, which includes the cost of an SSL certificate plus the labor to update all your page addresses. Call Lyn Nielsen at 631.493.3422 x 101 for more information.

The Power of Video Marketing

Why Video Marketing?
Because of its ability to inform, entertain, motivate and inspire, video is one of the best ways to build your brand, engage new customers and improve your search engine optimization. With approximately 500 million viewers per month, YouTube is currently the second largest search engine on the planet proving that customers like and are looking for video. Statistics show that video helps customers engage with your site more effectively and spend more time on your site once they get there.

Video Gets You Ahead of Your Competition

Multimedia content has a big impact on your company’s credibility. For instance, consumers are more likely to retain information when it’s alongside some form of visual medium. According to a recent survey by Animoto, “71 percent of consumers say that videos leave a positive impression of a company.” Cisco estimates 80 percent of consumer Internet traffic will be made up of online video by 2019.

Video Increases Customer Engagement.
Social networking sites such as Instagram, LinkedIn and Facebook (to name a few), have the ability to provide video to massive audiences and increase customer engagement because we like, comment and share on the things we find helpful, entertaining or informative. Some social networks even have the ability to target specific types of customers or industries making video an excellent way of marketing and communicating with your customers.

If you’re looking for video marketing in the New York City or Long Island area we are here to help. We can help you produce high quality, affordable videos, create and optimize your YouTube Channel, and develop a video internet marketing strategy to build your audience.

If you are interested in an affordable digital video package, please feel free to call us at 631.493.3422 x 101.