May 222015
 

In the last few months Google has started penalizing for website mobility issues which will affect your search engine rankings. If you have Webmaster Tools, you can view the errors by logging into your account. Depending on the type of website you have, the problems can range from being very easy to fix to being numerous and difficult. In this blog post, I will cover how to correct mobility issues with WordPress which fortunately is fairly easy.

Google Mobility Issues

Google Mobility Issues

The first thing you will want to do is make sure your WordPress version is updated along with your theme and plugins. As a side note you should be doing this anyway for security reasons. Many WordPress themes will be mobile friendly, but not all of them, so once you’ve updated your version, you’ll want to login to Webmaster Tools and check some specific pages.

Under Search Traffic click on Mobile Usability. Next click on one of the error(s) from the list, and then click on a specific url. On the popup click number 1 (Check live version). Hopefully you’ll receive the following message that your page is now mobile friendly.

Mobile Friendly Test

Mobile Friendly Test

If your page(s) is still having mobile issues, then the next step would be to add a mobile theme plugin like WP Touch or Jetpack. You’ll probably end up adding a mobile plugin anyway, but it’s good practice to go ahead and update everything anyway. Once you’ve added a mobile plugin theme, check in Webmaster Tools, and you’ll most likely find the page is now mobile friendly.

And that’s it. Follow these easy steps to fix any WordPress mobility issues so you don’t have to worry about search engine ranking penalties.

Apr 212015
 

I offer a ton of tips and advice on how to protect your small business from a data security issue. But let’s face it, no matter how well we protect our data, the hackers are always going to be ahead of us. So there is always the potential of having a data security issue, and one of the most common problems small businesses face is website hacking.

If you are running a content management system like WordPress or if you have an e-commerce shopping cart, it is crucial that you keep it updated with the latest security updates, back it up regularly, and take steps to protect it such as utilizing a firewall, malware/virus detector, etc. Most hosting companies will offer these products for a small monthly fee, you can buy them yourself, and/or WordPress has many security plugin offerings for free.

Of course we all get busy, especially in a small business, and sometimes we just let things slip. So what do you do in the event your website is hacked?

I recently ran a test with WordPress, and based on my experience, it should take you 24 – 48 hours to get your website clean and up and running again – if you have a cooperative hosting company. Here are the steps you should take.

Step 1 – How do you know you’ve been hacked?
You need a way to be notified your website has been hacked. Many hosting companies will notify you, but you are on their timeline. So to ensure you are covered, you should also make sure your website is setup with a Webmaster Tools program like Google. Google will notify you when your website is hacked, and they do it fairly quickly. In fact they will even mark in the search engine results that your website may have been hacked so you want to fix the issue asap.

Step 2 – Contact your hosting company
Don’t panic! If your hosting company didn’t notify you, then you need to notify them as quickly as possible. If you are setup with a Webmaster Tools program, you should have some information on the type of hack, a list of the website pages affected, and when it occurred. Most hacks are going to be one or a combination of all the following types: install of virus/malware on your website, redirect links to spam websites, and/or an attempt to access/steal information.

Step 3 – Remove it
In most cases if you didn’t already have some type of protective service installed on your website, your hosting company can either install one and clean it for you or they can provide you with a list of the affected files for you to manually delete via FTP. Once you think everything has been removed, either run the scan or have your hosting company run another scan to verify.

One thing to consider – Ideally you would have had a backup, and you might just be tempted to delete everything from the beginning and start all over. This can be a lot of work so I wouldn’t necessarily just jump to taking this step. Let’s say you had 100 files affected on your website. In reality with an FTP program, it will only take you about an hour to delete those files, and hopefully the damage will be minimal. In my test with WordPress, I had 78 infected files. Once I deleted those files, I only needed to reload my WordPress theme, and I was back the way I started. Either way though make sure you have a backup in the first place, and back it up on a regular basis.

Step 4 – Fix it
Once you remove all of the hack instances, you’ll then need to go about fixing the issues that allowed the hack in the first place. The first thing you want to do is upgrade since this was the most likely issue allowing the hacker to access your website. Using WordPress again as example, you’ll need to update the WordPress version, all plugins, and the theme. Once you’ve upgraded everything, if you didn’t have any type of website firewall/virus/malware scanner, then get one. It’ll go a long way towards preventing you from ever having to endure this headache again.

And that’s it. Remember don’t panic. It may look daunting at first, but in reality if you have a good hosting company and you are backed up, you can actually fix a website hacking issue fairly quickly.

May 162014
 

Heartbleed

In addition to affecting websites, many mobile apps were also affected by the Heartbleed bug.  You can view an updated list of affected mobile apps here or download a Heartbleed Android mobile app scanner here.  As always make sure your mobile apps are updated regularly and change the password on a routine schedule.

IE Security Issues

There are vulnerabilities in certain versions of Internet Explorer that could allow remote code execution.  Visit the Microsoft website to get the update, and please note this update will also work for Windows XP users .

About the author

 Posted by at 10:42 am
Apr 112014
 

The Heartbleed Bug can exploit some websites running SSL encryption (Apache and Nginx), and it can expose private information such as passwords.  This means the bug could affect your website if you are running SSL, social media websites, financial institutions, email, and many more websites.  So here are some immediate steps you should take to protect your business.

  1. If your business has a website, intranet, and/or extranet running SSL, it could be vulnerable.  Check with your hosting company to see if they have patched their servers.  If you host your website, visit OpenSSL to find out how to install the patch.
  2. Your social media website passwords could be compromised.  Change your passwords and see here for a list of specific sites that should be addressed immediately and here for a larger list of websites.
  3. Limit your employees from accessing social media, e-commerce, financial institutions, and other websites with SSL in the short term.  It will take some time for every business to address the bug and install the patch.
  4. And when in doubt, change your password, and make sure it meets strong password requirements.

As always if you have any questions or comments, please feel free to list them below.

About the author

 Posted by at 12:10 pm
Mar 062014
 

One of the most common ways hackers will exploit and attack a business network is through open and unsecure network ports.  By using a default or “easy to guess” user/password combination, hackers can gain access through network services and software such as mail servers, email servers, DNS servers, VOIP servers, and other network servers.  Here are a few tips to help you close and monitor your network ports to prevent these type of attacks.

  1. Install a firewall(s) and a network port filtering tool and set rules to only allow business verified network traffic and to monitor  all network traffic.
  2. Routinely check and install security patch updates.
  3. Maintain and audit these applications on a regular basis to ensure all rule, patches, and services are up to date.
  4. Routinely audit all ports and protocols, perform automated port scans, and compare results and settings to your asset management system.
  5. Ensure systems are in place to routinely and quickly alert when unauthorized ports are installed and opened.
  6. It may be necessary to maintain critical servers in isolated environments with no internet access.

Follow these simple steps to manage your network ports and prevent potential hacking exploits of your network.

About the author

Jan 102014
 

It is now looking like 70 million Target customers had their personal information, including name, address, phone number, and email address, stolen during the holiday shopping hack.  Target has already experienced a loss of sales and earnings, stock price drop, and the cost of providing one year of fee credit monitoring to all the people who shopped in their stores over the time period.  In addition they will probably face a loss of customers as well as state and federal fines.  For Target this is going to hurt their business, but they will eventually recover.  But what if this happened to your small business?  Would you be able to recover?

In many cases a small or medium sized business may not be able to recover from this type of hack.  Although hacks to larger businesses make the news, you often do not hear about security breaches at small and medium sized businesses.  A 2013 US small business survey by the Ponemon Institute showed the following results.  “55 percent of those responding have had a data breach, almost all involving electronic records, and 53 percent had multiple breaches.  Only 33 percent notified the people affected, even though 46 states require that individuals be contacted when their private information is exposed.”  That is a huge number of small businesses, and on November 3, 2010, the Privacy Rights Clearinghouse released a report that among other items showed that “80 percent of small businesses that experience a data breach either go bankrupt or have severe financial difficulties within two years.”

Small businesses still face the same potential loss of customers, sales, and fines as larger companies, but unfortunately they often do not have the money to recover.  And as the Ponemon Institute survey results show, small businesses are very easy targets.

The Target hacking is continuing to raise awareness of the huge potential of business hacking and loss of personal information. So your potential clients and customers are expecting to have their data protected.  If you have not read it already, please take a moment to read my 5 Step Data Security Plan for Small Businesses article.  And as always if you have any questions, please feel free to list them below in the comments section.

About the author

 Posted by at 4:45 pm
Dec 052013
 

The majority of data security attacks and vulnerabilities can be found in software applications and more specifically web software applications.  Major hacker attacks of online systems are becoming more and more commonplace with hackers exploiting vulnerabilities through SQL DB injection attacks, buffer overflows, cross-site scripting, and many more areas.   So it is important for you to protect your business by testing application software for vulnerabilities, and here are some examples of how you can strengthen your business against these attacks.

  1. Install and test all new software publications on devices outside of your network such as a single desktop.
  2. Use automated remote web application scanners to test for security vulnerabilities prior to software deployment within your network.
  3. If the software requires a database, test the database to ensure it has been hardened.
  4. Once testing is complete and the software is deployed in your network environment, ensure it is properly setup and configured within your network firewall to protect against potential outside threats.
  5. Turn off all automated updates except for security updates.  And depending on your network type, you may either want to test or use a third party to whitelist software security updates before introducing them into your network environment.
  6. All system error messages should be displayed internally only.
  7. If you develop and code your own in-house software, keep the development area separate from your production network environment.  Test for common vulnerabilities such as software backdoors, malware insertion, coding errors, etc., before deployment of this software.

Follow these steps to ensure you are testing for and removing any potential software application vulnerabilities prior to deployment in your network environment.  And as always if you have any questions or comments, please feel free to list them below in the comments section.

About the author