Security on My Mind: How To Successfully Evaluate and Protect Your Online Technology Assets

by Vernessa Taylor on October 3, 2014

Share Button

Website Owners Unite! It’s time to take up an offensive position that keeps our online technology assets in tip-top shape.

It's Time to Protect Your Website Technology Assets by Vernessa Taylor on KeepUpWithTheWeb.com

It’s Time to Protect Your Website Technology Assets by Vernessa Taylor on KeepUpWithTheWeb.com

Security on My Mind

I’ll be listening to what you have to say and I’ll try to gear my posts to what you want/need to hear.” — Sherryl Perry, from her About Me page

I enjoy interacting with the community here at Keep Up With The Web. When I re-visited Sherryl’s about page, the quote above struck me as appropos to what I wanted to write about and share with fellow entrepreneurs here, mainly because it falls into the “what you want/need to hear” to keep your hard work and hard-earned dollars from being taken from you by nefarious, badly behaving others out on the world wide web. The focus today is to help you evaluate and protect your online technology assets, especially those that impact your internet business activities.

Bird’s-Eye View: Website Security

Taking a bird’s-eye view, website security is a big problem. The evil surrounding us is baffling and seemingly indiscriminate. It appears we can do little about it except wait and hope it doesn’t happen to us. Unfortunately, if it happens, most of us are ill equipped to mitigate the circumstances. We can truthfully admit we don’t know where to start to be proactive or how to not be reactionary.

Industry Stats

You might not know you already have a problem: StopBadware and Commtouch jointly surveyed over 600 website owners and administrators whose websites had been compromised. “It turns out that in nearly half of the cases, owners were alerted by a browser, search engine or other warning when they tried to visit their own sites. Colleagues, friends, web hosting providers, or security organizations (such as StopBadware) let the owner know there was something amiss. Only 6% of website owners were able to detect an issue based on strange or increased activity within their sites.”(Compromised Websites: An Owner’s Perspective, February 2012, p. 8)

Who you hire can affect your security: Another alarming set of facts and statistics reveal that teachers aren’t well prepared to teach anything about protecting personal information online, basic computer security, online safety or online ethics (respecting privacy). According to research by NCSA, almost half of 18-24 year olds use file-sharing apps that give others access to their PCs and files and a horrific 30% of 18-24 year-olds admit to trying to guess another person’s password. (State of U.S. Cyber Education (Infographic), StaySafeOnline.org, National Cyber Security Alliance (NCSA))

(Note: Clicking on the “teachers aren’t well prepared” link above will open a pop-up box asking you to either open or save the PDF. As long as you have Adobe Acrobat Reader installed on your computer, you should be able to simply click on the “Open with” button without having to browse to the program.)

As you can see in the image below, these stats are borne out by the results of the risky behavior section of The Raytheon Millennial Cybersecurity Survey which included responses from 1,000 adults in the U.S. aged 18 to 26.

"Risky Behavior" from The Raytheon Millennial Cybersecurity Survey Infographic for the National Cyber Security Awareness Month, sponsored by the Department of Homeland Security

“Risky Behavior” from The Raytheon Millennial Cybersecurity Survey Infographic
for the National Cyber Security Awareness Month, sponsored by the Department of Homeland Security

That extra pair of hands, that virtual assistant, that super-savvy PC tech . . . In some cases, We are hiring young people whose open way of digital life runs counter to our increasing need for cyber-security. And whose habits carry over from internet to PC to cell phone to tablet to iPad … and ultimately, to your business if that’s who maintains any of your technology assets. The good news is that the Ratheon survey also showed Millennials are taking some steps to combat their own risky behaviors; furthermore, a healthy percentage expressed interest in pursuing cybersecurity jobs (even if their Guidance Counselors never mentioned the cybersecurity field).

Not just websites, but digital devices, too: Website security firm Fireblade reminds small business owners that “website security has to keep up pace or even think two steps further.” That thinking has to encompass even the digital devices used by business owners in their day-to-day operations, as shown by research from CYREN’s Internet Threat Trends Report (July 2014) in the high percentage of attacks on smartphones, specifically Android phones.

Evil Bots Surrounding Us … Baffling and Indiscriminate

As if those threats aren’t enough, here come the networks of automated miscreants which are harder to combat by virtue of their work behind the scenes.

What does a DDoS attack look like? Compromised computers being used to attack one computer.

What does a DDOS attack look like?
Like this:
Compromised computers
being used to attack
one computer (or network).

Finally, let’s demystify DDoS (distributed denial of service) and BOTS, because the better you understand, the easier you will know how to innoculate your business website against rampant infection.

During the past summer, our friend and colleague Adrienne Smith sent out a heart-rending plea: “HELP: My Blog Is Being Attacked By Bots, who said her hosting company “ran a report and found I had been visited by 3,152 known bots.” (For the record, this didn’t appear so much to be a “DDoS attack” but rather the usual legion of bots doing their thing, whatever that might have been.)

Stay Safe Online’s Botnet Fact Sheet explains bots and botnets this way:

  • Botnets are generally networks of computers infected by malware (computer virus, key loggers and other malicious software) and controlled remotely by cybercriminals, usually for financial gain or to launch attacks on website or networks.
  • Botnets may infect and use laptops, desktops, servers, routers, smartphones, or any other network equipment to conduct malicious activity.
  • Many botnets are designed to harvest data, such as passwords, social security numbers, credit card numbers, addresses, telephone numbers, and other personal information.
  • The data is then used for nefarious purposes, such as identity theft, credit card fraud, spamming, and malware distribution.
  • Bots can also be used to launch attacks on websites and networks, which as are sometimes referred to as Distributed Denial of Service Attacks or DDoS.

Just to be clear, not all bots are evil but their excessive activity on your site amounts to evil outcomes for you and your business website.

Have you ever experienced a chock-full of misbehaved, hyper-aggressive spiders hitting your servers with request rates to the tune of several thousand per second? … Much as we may wish for all the world’s search engines to take notice of our Web equity — when they’ve actually managed to crash your system a few times you may be pardoned for having second thoughts. — Bye-bye, Crawler: Blocking the Parasites, Ralph Tegtmeier, Search Engine Watch, August 4, 2010

Tegtmeier goes on to name other types of crawlers, bots, and spiders that might be tying up your bandwidth as they gather information: SEO link snoopers, the CopyScape anti-plagiarism engine, among others.

Protect Online Technology Assets

Empower Yourself

Remember the huge DDoS attacks last year and earlier this year against WordPress, Hostgator and many of the big-name webhosting companies? Some of our sites were taken down for days at a time, costing time and money, credibility and jeopardizing client relationships (especially for those of us who maintain another business’ web assets).

What we saw during those times was an attitude of helplessness on the part of website owners. And a lack of understanding of what, if anything, we could do to protect our own technology assets. We found ourselves thinking:

  • we can do little about it except wait and hope it doesn’t affect or happen to us
  • if it happens we’re ill equipped to mitigate the circumstances
  • we don’t know where to start to be proactive and not reactionary

Don’t Be A Sideline Victim

“Today’s Internet threat space is very dynamic. Globally there are thousands of malevolent actors disseminating hundreds of millions of threats each day. Companies that are unprepared for these threats can suffer serious repercussions.” — CYREN, Webite Security at the Front Lines of Cyber Defense

The numbers above show how dire the consequences can be for businesses that fail to put preventive measures in place. And fatalistic thinking is a recipe for disaster. But you don’t have to be a sideline victim. You can be proactive. Come off the sideline and take a few steps.

Attitude adjustment: stop being afraid, wishful, or hoping somebody else will handle the problem before it reaches your doorstep

Arm yourself with information: that means taking time to actually read some of the warnings and reports about cyber-security, computer safety and website security measures. Yes, it might boggle your brain, but that just means you’re stretching that muscle and strengthening your understanding.

Evaluate your current protection: Think of your website like an apartment within a complex and your webhost as the entire complex. Find out what the webhost has done to protect the residents (gates, sentry, keycard for access) then determine what extra steps have been taken inside your website abode (alarm system, deadbolts, doors and windows locked, patio secured). Have your tech person explain it, in simple terms, so you grasp it enough to know if any vulnerabilities exist.

Make a disaster plan: Such a plan should encompass both your online and offline technology assets. And just like the magnets on fridge for the plumber and electrician, keep numbers of a local PC shop nearby, write down the URLs of legit website scanners, and develop relationships some trustworthy online techie types (like Sherryl).

Take some proactive steps: Armed with solid information and a lay of the land, get moving! These steps include asking the right questions (see below), implementing the best of the abundant free solutions, and when necessary, investing real dollars into solutions that actually work (for example, subscribing to Securi’s on-demand malware cleanup service or adding Fireblade’s anti-DDoS protection).

Stop waiting to exhale … yeah, go ahead and breathe!

Ask The Right Questions

We don’t know, or even want to know, what is under the hood or how the web server works. Okay, fair enough. But in order to protect online technology assets you should know this:

  • It is not enough to add a security plugin to your blog
  • It is negligent to rely upon your hosting company for backups
  • It is courting danger to not have a server-level firewall in place
  • You are asking for trouble if your “maintenance plan” does not include periodic virus and malware scans
  • The risks are yours alone if you have an un-managed dedicated server or VPS

Just knowing the importance of those few items concerning your website is enough for you to ask the right questions and put preventive measures in place.

Ask your webhost these questions:

  • Is there a server-level firewall in place? Does it block known bad botnets?
  • Do you monitor websites for bad behavior, like using your servers for spamming, running botnets, and similar?
  • Are the webservers, database servers and email servers scanned periodically for viruses and malware?
  • How do you handle DDoS attacks hitting your servers? Individual websites?
  • Do you have an external layer of DDoS protection? Is my website covered, too?

If your webhost does not offer you any type of DDoS protection, you can affordably protect your business website from cyber bullies on your own. For example, Fireblade has an Anti DDoS service that goes beyond the usual firewall blocking, incorporating reputational and behavioral technologies.

And ask your webmaster or site manager these questions:

– Has there been any unusual activity on my site lately (from viewing server logs)
– Are my backups stored offsite?
– What security measures are in place?
– Is my site being scanned consistently for viruses and malware?
– Are there a lot of attempts to break into my site?
Are you using strong, secure passwords to access my site?
– Are you managing my site from insecure wifi networks?

If you have a VPS or dedicated server:
Ask …
– are iptables or some other firewall turned on and tuned up?
– anonymous FTP users disabled?
email virus scanning installed and active (like ClamAV)?
– database access (especially phpMyAdmin) locked down?

The Ball is in Your Court

Without the assurance that your website is safe and clean, you run the risk of infecting your precious visitors and customers. Equally disturbing, you risk being penalized and ending up on a blacklist by search engines (like Google) that tag your site as being “unsafe.” (That throws up a nasty, scary warning to your site visitors, who promptly close their browser tab and never even visit your website.)

The cascading effects of unsecured online technology assets eventually affect your revenue stream, more so if you depend on your website for leads or have an ecommerce component or offer free publications. To mitigate negative impacts, let’s do our best to meet the challenges head on by taking a proactive stance. Share your thoughts, concerns and solutions with the community in the comments below.

Images: Cutaway of the “Risky Behavior” section from The Raytheon Millennial Cybersecurity Survey Infographic created for the National Cyber Security Awareness Month. ~ DDoS Stacheldraht attack diagram by Everaldo Coelho, licensed under LGPL via Wikimedia Commons.

Share Button
Susan Cooper
Twitter:
October 18, 2014 at 11:51 pm

It is so important to be conscious and aware of the importance of online security, especially when it comes to unsecured WiFi spots. They can be very risky if not use the way they are intended. I carry a personal hotspot so that I don’t have to worry about that.

Regardless we all need to be more aware of the risks. it’s an important subject and worthy of the attention you’ve given it… great post. 🙂
Susan Cooper recently posted..Not Too Late to Say No, Even for Baby BoomersMy Profile

Vernessa Taylor
Twitter:
October 19, 2014 at 10:42 am

Hey Susan,

That’s smart, carrying your own personal hotspot around. These days, that’s the safest bet unless you’re using encryption on your laptop or connecting up through a VPN as Tracy mentioned below.

And thanks for your kind words. Security is on all our minds. If this increases our vigilance and spurs some to action, I’m happy.

Carol Amato October 16, 2014 at 4:31 pm

Hi, Vernessa and Sherryl,

What an awesome article, so glad I stopped by! 🙂

I couldn’t agree more. 🙂 So many people leave this all important topic/task off their To-Do list until it’s too late!

I have regularly scheduled backups with my web hosting company (daily), and then I back up my own blog each and every night and keep that backup on my own personal computer, which is backed up on an external hard drive. I’ve learned to be proactive, my friends.

This is a very important topic, and you’ve covered so many great points, I will be sharing with all my friends…

Thanks for doing such a great job and making it share-worthy. 🙂

Talk soon,
– Carol
Carol Amato recently posted..How to Be Proactive and Grow Your Blog (Exponentially)My Profile

Vernessa Taylor
Twitter:
October 17, 2014 at 12:06 pm

Hi Carol,

How nice to see you here!

Everybody’s To-Do list is as long as they are tall, but some of these tasks need to become “stickies” at the top. You are indeed proactive — we can take a lesson out of your Backup Playbook.

Thanks for the kind words and sharing with your friends. We’re all in this together! 🙂

Michael Lucy
Twitter:
October 15, 2014 at 9:36 am

Hi Sheryl and Vernessa,

Nice article, we just got hooked up on Twitter and I clicked through to this article … I recently wrote about protecting digital assets (I will not spam your blog with a link, at least yet 🙂 … The spin I wrote about was more aligned with legal risk than security risk … Our small agency has had a TON of horrible experiences with out-going vendors not returning digital assets (i.e. media, content, copy, software and even domain names) … Do you have any articles on that topic or anything to contribute on that conversation?

Thanks, Mike!!!
Michael Lucy recently posted..10 Ways Native Apps Can Help Small BusinessMy Profile

Vernessa Taylor
Twitter:
October 17, 2014 at 11:59 am

Hi Michael,

I read your article on digital assets and thoroughly agree with you. So far, I haven’t written about digital assets from the legal standpoint but did share thoughts on personal computer security (see my CommentLuv sig).

Shared your article in the Cyber-Security group on LinkedIn also.

Michael Lucy
Twitter:
October 17, 2014 at 12:29 pm

Thank you, Thank you, Thank you (3 times is a charm) ~~~ Have a great weekend!
Michael Lucy recently posted..The Funniest of Facebook and Twitter: Part VIMy Profile

Vernessa Taylor
Twitter:
October 14, 2014 at 2:32 pm

Hey everyone, since security is at the top of our lists, I’m sharing this update:

Dropbox has reportedly been compromised. Please change your passwords, change the password on any service where you have used the SAME password as your Dropbox account, and please don’t use the same password on any CRITICAL services.

http://www.neowin.net/news/dropbox-has-been-hacked-change-your-password-immediately

Tell your family, friends and colleagues. Thanks.

John Hunter
Twitter:
October 14, 2014 at 9:44 am

Good advice and sadly this is very necessary given the risks.

One thing to note is how valuable browser notification are. It is surprising how often that is what it takes to notify people, but it is also great that such measures have been taken. It greatly reduces the impact of malware (as you can avoid the site) and lets site owners see there is a problem they have to fix.
John Hunter recently posted..Buddhist Temple Adjacent to Bayon TempleMy Profile

Vernessa Taylor
Twitter:
October 14, 2014 at 2:42 pm

Hi John,

Browser notifications are indeed valuable. The major anti-virus and anti-malware products include this feature as standard (though I would caution everyone to make sure it is their AV software that is asking to “be installed” as they usually provide this service as an add-on or extension to the browser).

Thanks for your comment!

Andrew M. Warner
Twitter:
October 11, 2014 at 9:09 am

Hi Vernessa,

This is an important post because online security is something that people take advantage of … meaning most people don’t even bother with it because they believe they’re “too small” and not important. Completely wrong mentality because it can truly happen to anyone. Happened to me on another site I operated a few years ago so I know it can truly happen to anyone.

One of the things I do with my new site, or that I started to do, is backup every other day. I want to make sure that in case anything happens, I’m protected and I save my backup files at various locations, not just the location it’s backed up at.

But one thing I found interesting are the questions you said to ask your hosting company. I’ll admit that I haven’t been asking these types of questions but it’s something I’ll look into.

I’ve heard of people having DDos attacks and from the sounds of it, it sounds brutal and is something I hope I never have to go through. Makes you really wonder about the people that create these attacks and why they want to do these things.

Thanks for this great post here on Sherrly’s site. Have an awesome weekend.

– Andrew
Andrew M. Warner recently posted..5 Disturbing Truths Readers Won’t Tell You About Why They Leave Your SiteMy Profile

Vernessa Taylor
Twitter:
October 12, 2014 at 2:18 pm

Hi Andrew,

You’re already ahead of the game by instituting multiple backups and placing them in various locations, instead of depending on your host to have your back if anything goes wrong.

Mindset is key. In fact, the impact of mindset on all of our business processes (and in our personal lives) is so important that I’m seeing it mentioned more and more in all kinds of articles lately. Certainly it has always been important, but maybe the masses are beginning to get the message?

Appreciate your comment, Andrew. I read one of your articles yesterday (I’ll go back and comment today). Something you said in it was so enlightening, I plan to quote you in an upcoming post. 🙂

Akaahan Terungwa October 11, 2014 at 12:09 am

Hello Vernessa,

Cyber security is a big challenge: thanks to the fact that many persons actually working online understand these challenges very little or simply do not give a damn!

You see, being aware – and consciously taking efforts to make sure you are safe is key. As a rule, I hardly hire anyone to work for me online wherever sensitive info is involved. If I must, I set all security checks to ‘neutral’ and immediately restore them uptight once the job is completed.

Great work you have here!

Do have a supercharged weekend!

Always,
Terungwa
Akaahan Terungwa recently posted..HILARIOUS MISTAKES WE ALL COMMIT WHEN STARTING OUT ONLINE (AND GREAT LESSONS FOR NEWBIES)My Profile

Vernessa Taylor
Twitter:
October 11, 2014 at 1:17 am

Hi Akaahan,

That’s a smart way to handle access to your website or blog. I’ve cautioned clients and colleagues not to indiscriminately give “administrator” access to those working on their blogs as it is not usually necessary for the work being done.

Thank you, have a wonderful weekend yourself! 🙂

Sherryl Perry
Twitter:
October 11, 2014 at 11:38 pm

Hi Terungwa,

I agree with Vernessa. That is a smart way to handle access to your site. Granting someone administrative rights to your site can be risky.

Thanks so much for dropping by and sharing your insight with us. I hope you’re enjoying the weekend!
Sherryl Perry recently posted..How to Secure Your WordPress Site and Add Functionality #FridayFindsMy Profile

Angela
Twitter:
October 10, 2014 at 7:12 pm

Wow Vernessa! That’s terrifying stuff. You’ve provided a great to-do. I have a lot of work to do. Thanks for making this a higher priority for me.

Vernessa Taylor
Twitter:
October 11, 2014 at 12:55 am

Hi Angela,

You’re welcome!

Terrifying is an apt description. I hope this article helps bring down the panic levels and more people will heed your words — making security online and offline a priority.

Sherryl Perry
Twitter:
October 11, 2014 at 11:31 pm

Hi Angela,

I am really happy to hear that Vernessa’s article struck home with you. It is so much easier to learn how to protect yourself now than to deal with the aftermath later.

Thanks so much for letting us know that security is a high priority for you now.
Sherryl Perry recently posted..20 Tips to Help Protect Your Online PrivacyMy Profile

Mi Muba
Twitter:
October 10, 2014 at 3:01 pm

Hi Vernessa and Hello Sherryl

Really a much needed post.

In terms of website security most of the people have very limited vision and just take brute force attack a threat and nothing else.

A few years ago I hired a developer to help me establish my first blog. He almost played with me for every task and kept charging me by creating various problems and then troubleshooted them on payment of fee.

That is why outsourcing is considered equally a risky decision becuase many techies are over-smart by nature.

Your first solution is the most effective one. If we keep learning about basics of website security then we can get any job done under our strict monitoring and no one can do any over-smartness with us.

Thanks a lot for sharing this amazing post of high value.
Mi Muba recently posted..12 tips to get a job as a local business bloggerMy Profile

Vernessa Taylor
Twitter:
October 10, 2014 at 7:14 pm

Hi Mi Muba,

So true, sometimes people ignore the threats looming before them.

we can get any job done under our strict monitoring and no one can do any over-smartness with us

Yes! That was a key takeaway. Armed with info is not only empowering, it helps us not be taken advantage of. Thanks for sharing your thoughts, Mi Muba.

Sherryl Perry
Twitter:
October 11, 2014 at 11:27 pm

Hi Mi,

We do need to be proactive rather than reactive when it comes to security.

I know I’ve told this story before but I used to work with a client who refused to take security seriously. He was negligent in updating his plugins and refused to update his WordPress. He saw no need in having it done either. While he paid me to add bells and whistles to his site, his logic was: “Why fix something that’s not broken?” and “No one would ever bother hacking my little site.”

I couldn’t reason with him. I explained to him that by not updating his software, he was putting others on his shared hosting plan at risk. I also told him that when there is an update to WP, there is also a published list of vulnerabilities that can be exploited by hackers. It was to no avail.

Thanks so much for weighing in on this. I’m glad you found Vernessa’s post valuable.
Sherryl Perry recently posted..Are You Confused by Google Semantics? SEO Tips You Need.My Profile

Philip Verghese Ariel
Twitter:
October 9, 2014 at 2:15 am

Hi Vernessa And Sherryl,

Thank you so much for this informative and educative piece.
These days many of the major sites are attacked and this is indeed a great Alert and good guide to check and fix. OM G, can’t even imagine our hard works going in vain one day.

Thanks for providing these precautions. I am bookmarking it.
Thanks Sherryl for bringing Vernessa here.

I am here via Don’s notification I am not getting your note in my mail. I need to check it out. Thanks Don for the info. via G+

Great Going Sherryl

Keep informed

Best Regards

~ Phil
Philip Verghese Ariel recently posted..World’s Most Contagious Falsehood: Some of the Most Common Myths. 88 Myths Revealed!My Profile

Vernessa Taylor
Twitter:
October 9, 2014 at 3:08 am

Hi Philip,

Nice to see you here (and make your acquaintance).

I am indeed grateful to Sherryl for having me here to share with (and learn from) her loyal readers.

Yes, I’m with you: it would be awful to have our hard work eaten up by rogues, scammers and website misfortunes!

Appreciate your comment (and thanks to Don for bringing you over).

Sherryl Perry
Twitter:
October 9, 2014 at 7:35 pm

Hi Phil,

Thanks for letting me know that you found Vernessa’s post on Google+ through Don. That sort of info is always nice to know.

I’m glad you found Vernessa’s article helpful. I knew she would do an excellent job on this topic. So, when she suggested it, I agreed to it immediately.

Thanks too for weighing in on this. It shows that online security is definitely something that we need to build awareness of.
Sherryl Perry recently posted..3 Steps to Protect Your WordPress Blog from HackersMy Profile

Don Purdum
Twitter:
October 8, 2014 at 3:41 pm

Hi Vernessa,

Security is such a overreaching issue now, but as you said most people don’t have a clue.

Over the last month, my host has been experiencing a lot of DDoS attacks. Fortunately, they do a great job of controlling the filters and they auto back-up our sites and mysql databases every night.

I also back-up my site on my offline storage device once a week. You never know, right?

If anyone ever questions or gets an error message from a search engine, social media site or anywhere else for that matter about your website, you can use Securi to check your site for issues. It’s free and it will tell you and your web team everything you need to know.

You can find it at http://sitecheck.sucuri.net/.

Great post Vernessa. It’s nice to connect with you here. Thanks for introduction Sherryl!

~ Don Purdum
Don Purdum recently posted..Dare to Be Different and Reach More Prospects, Buyers, and Earn Raving FansMy Profile

Vernessa Taylor
Twitter:
October 8, 2014 at 11:06 pm

Hi Don,

Thanks for the resource. Sherryl uses Securi for her site and I have to tell you, it does a fantastic job keeping out the baddies (and even the good folk, if things don’t appear to be Kosher). Sherryl mentioned that in one of her comments further down.

Wonderful that you have a reliable host who is up on keeping DDoS attacks at bay. You’re so right, doing our own OFFSITE backups adds an extra layer of protection that’s priceless.

Glad to connect with you here, too!

Sherryl Perry
Twitter:
October 9, 2014 at 7:29 pm

Hi Don,

It sounds like you are happy with your host. Having your own backups is just one more layer of security. You do never know. In a worse case scenario, you can’t be too safe.

As Vernessa mentioned, I recently installed CloudProxy, Sucuri’s firewall. It protects my site against hackers, brute force attacks and DDOs attacks. It also eliminates the need of having a caching plugin. It’s not free but it’s providing me with peace of mind.

As Vernessa mentioned, it does keep out the good guys too. After I first installed it, I had problems with commenting and after that was straightened out, I ran into another issue with CommentLuv. (It was a matter of tweaking it.)

Another thing that I ran into was that neither Vernessa nor Jeanette Paladino (who guest blogged for me last week) could access my WP admin until I whitelisted their IP addresses. Then, I went away for an overnight trip and couldn’t approve comments on the road (again I needed to whitelist the IP). Still, I’m happy now that I understand what I need to do. It’s well worth it to me.

As always, thanks for dropping by and adding your insights to the conversation.

Ashley Faulkes
Twitter:
October 8, 2014 at 4:48 am

Hey Sherryl and Vernessa

What a topic. Now that we have so much tech in our daily lives, it is a growing issue that many people are totally not aware of.

For sure, as bloggers and website owners we need to be on the ball to protect our blogs (as you mentioned the issue Adrienne had – which baffled many, including her hosting company). But we also need to watch out with wifi hotspots, devices and all the other myriad of issues that come up.

I even heard a story a year ago about the local airport free wifi being spoofed and people logging into a hackers wifi which was then used to steal data. So it is all possible, and happening!

thanks for bringing it to people’s attention
ashley
Ashley Faulkes recently posted..Awesome Examples of Engaging Social Media CampaignsMy Profile

Vernessa Taylor
Twitter:
October 8, 2014 at 6:27 pm

Hey Ashley,

Thanks for sharing the story about the airport’s WiFi spoofing debacle. This is serious stuff! There are many traveling bloggers amongst us, living busy, hectic lives — which means every chance they get, they’re working.

Coffeeshops, Panera bread (one of MY fav places to sit down and work while I eat!), the local or university library … These are all places offering the kind community service of free internet, but they rarely add the equally kind service of protected internet.

While I don’t (yet) use a VPN, as Tracy mentioned in her comment, I plan to add that layer of protection. I hope others will consider doing so too … or take their own secured hotspot with them and connect IT to the public wifis.

Sherryl Perry
Twitter:
October 8, 2014 at 10:59 pm

Hi Ashley,

Thanks so much for stressing the importance of being cautious of unsecured WiFi spots. Those can be very risky. I had not heard an airport’s free WiFi being spoofed but I can see how it could happen.

I don’t use a VPN either but this discussion has definitely brought that need to my attention. We all need to be more aware of the risks involved. Hats off to Vernessa for a great post that has us all talking and thank you for sharing your insight with us as well.

Tracy Vides
Twitter:
October 8, 2014 at 1:36 am

You make a very valid point about people (young and old) trying to guess others’ passwords, Vernessa. I’ve found, on multiple occasions, guys trying to swipe and guess the lock screen patterns on others’ smartphones, should any be found lying around!

While bloggers need to protect their websites and servers, your security is only as strong as your weakest link – so if you use a smartphone or tablet to access your site, make sure you have strong security on these devices too.

I even use a VPN that masks my IP / routes it through other networks. You can also consider using the Tor browser which protects your privacy, unlike Chrome & Firefox. Believe me, it’s not overkill.

Vernessa Taylor
Twitter:
October 8, 2014 at 6:20 pm

Hi Tracy,

Ah, so you’ve seen this with your own eyes! It was amazing to me that the survey reported such a high percentage of young persons who admitted they tried to guess other people’s passwords.

so if you use a smartphone or tablet to access your site, make sure you have strong security on these devices too

Sage advice. Many of the top anti-virus and anti-malware providers also have versions for smartphones and tablets. And because Android is now constantly targeted, there are some special utilities to protect them.

Which VPN service do you recommend?

Tracy Vides
Twitter:
October 9, 2014 at 6:04 am

I use Hide My Ass and the experience has been quite pleasant up to now.

Vernessa Taylor
Twitter:
October 11, 2014 at 12:57 am

Thanks Tracy. I’ve taken a look at HMA a few times but didn’t know any “real” people who were using it. Will check into it again.

Sherryl Perry
Twitter:
October 8, 2014 at 10:49 pm

Hi Tracy,

I guess I don’t get out much because I really haven’t seen people trying to guess passwords on people’s smartphones. I have heard of women who have tried to guess their partners computer passwords to read their email before.

You raise a good point about needing to secure our smartphones and tablet is we’re using them to access our websites and servers. It only makes sense to apply the same level of security to those devices.

As always, thanks for joining the conversation. Vernessa wrote a valuable article that is resonating with many readers. The comments from you and others arevery valuable as well.
Sherryl Perry recently posted..Big Companies Use Neuromarketing to Influence Buyers. Can You?My Profile

Jeri
Twitter:
October 7, 2014 at 7:52 pm

Interesting stat about teachers not being well-prepared to teach about how to protect info posted on line. I touched on it in my Language Arts classes from time to time, but was surprised it’s not drilled into students in their intro computer classes.
Jeri recently posted..#CreativeWriting: Horse CrazyMy Profile

Vernessa Taylor
Twitter:
October 7, 2014 at 9:37 pm

Exactly, Jeri. I wonder why it’s not part of the curriculum. Maybe, in the near future, media specialists and computer class instructors will get wind of how this being missing from the curriculum is contributing (negatively) to Future Security of America. (There’s always a “Future ____ of America,” isn’t there?)

Maybe you could share the infographic within your school. 🙂

Sherryl Perry
Twitter:
October 8, 2014 at 10:39 pm

Hi Jeri,

The “Schools Not Preparing Kids For Digital Age” facts (in the infographic that Vernessa shared with us) are alarming. I too hope that soon protecting our identities, computer security and online safety should be incorporated as part of the curriculum.

As always, it’s great to see you here. Thanks for weighing in on this.
Sherryl Perry recently posted..Who Do You Listen to When Influential Bloggers Don’t Agree? #FridayFindsMy Profile

Mitch Mitchell
Twitter:
October 7, 2014 at 12:16 pm

Well, now that you’ve hurt my head and scared us all… lol

I haven’t thought much about security concerning my regular websites but I have as it pertains to all my blogs. Even with all my protections it turned out that one of my sites still got hacked because I hadn’t thought about removing old themes I’d tested many years ago and someone got in through a backdoor. Luckily my hosting company caught it & put everything on freeze but I had to go through a long process of getting it working again.

The interesting thing about thinking of protecting ourselves is that some of us start out with good intentions that we soon leave because of convenience. On my smartphone I started out blocking everything and only had downloaded 3 things. Then I started traveling a lot and realized how much I needed the phone’s GPS feature because I kept getting lost, and I had to turn on the bluetooth so I could use my phone and listen to my recorded books through the radio in the car, and on and on… At least I killed Facebook on the phone so those guys can’t get into my contact base but, of course, since I have an Android Google certainly can; sigh…

Good alert here Vernessa, and I believe we do what we can do and hope that others who we’re paying something to will help protect us in other ways.
Mitch Mitchell recently posted..Freedom Of Speech And Controversy On Your Business BlogMy Profile

Vernessa Taylor
Twitter:
October 7, 2014 at 12:52 pm

Hey Mitch,

Sorry that happened to you.

… removing old themes I’d tested many years ago and someone got in through a backdoor.

Wow, you’ve highlighted another area we definitely have some control over. *DELETE!* We can do that — if we remember to look around the “appearance” area every once in a while.

I’m thinking there are already some checklists out there for the every-day sort of things we can do. I’ll look around and post a link.

Yes, convenience. Whether we fall into a life of leisure concerning our personal computer, website, blog or cell phone, it amounts to letting our guard down.

Who’d ever think your cellphone, of all things, could be “hacked?” This is nuts … but Avast! and some of the other providers actually have anti-virus and anti-malware for the smartphones. Hope you’ve got some installed?

Sherryl Perry
Twitter:
October 8, 2014 at 10:00 pm

Hi Mitch,

Thanks for the reminder that old themes and plugins need updating whether or not we’re using them.

That’s great that your hosting company alerted you. Years ago, I had an old Joomla site that I wasn’t actively promoting. Actually, we weren’t running that business anymore and I was just letting the old site sit there. (We were holding onto the domain name and it was on a shared hosting account that I was paying for anyways.)

Well, it got hacked and was promoting some rather radical notions. I had no idea until a friend of mine alerted me to the problem. (The company I was using for hosting at the time, GoDaddy, never caught it.)

Like others, I had grown lax and had lost interest in it. I will never let that happen again. Not only was I putting my other sites in jeopardy, I was also potentially opening the door for other shared accounts to be targeted as well.

Good reminder about our smartphones. They’re no longer just phones and we need to protect them as well. (As Vernessa said in her reply: “Who’d ever think your cellphone, of all things, could be “hacked?” This is nuts …”)

It’s so good to see you here. I’m glad to hear that you enjoyed Vernessa’s post. Thanks so much for sharing your insight with us!

Beth Niebuhr October 7, 2014 at 4:48 am

Thank you for all the information on why and how we can be proactive in protecting ourselves. It is mind boggling that people can be so destructive for no apparent motive.
Beth Niebuhr recently posted..What’s the Problem?My Profile

Vernessa Taylor
Twitter:
October 7, 2014 at 12:10 pm

You’re welcome, Beth!

Indeed, evil intent abounds and is consummated all too often. Aside from the apparent profit motive in scams like the tech support calls and ransomware, Catarina pointed out the dude who was replacing his unemployment check (my paraphrase) and possible ties to the Russian Mafia!

There is also negative profit motive, as in DDOS attacks against big sites, which stops them from doing business for days at a time resulting in lost revenues and lost customers (who lose confidence in their ability to keep them safe). (Sherryl pointed out Securi’s ability to seriously lock-down sites and I tossed Fireblade in the mix to protect against DDOS attacks.)

I know, that’s a lot … but motives are out there. 🙂

Sherryl Perry
Twitter:
October 7, 2014 at 10:41 pm

Hi Beth,
It is mind boggling that people can be so destructive. I don’t know if you had a chance to read Vernessa’s post “Let’s Get Serious About Personal Computer Security” (on her blog).

While Vernessa focused this article on securing our assets pertaining to our websites, that article focuses on protecting our personal computers. That can be a major threat too. (In the comments I left for her, I shared a recent personal experience that a family member went through.) We need to be constantly vigilant.

Thanks so much for taking the time to weigh in on this!
Sherryl Perry recently posted..20 Tips to Help Protect Your Online PrivacyMy Profile

Adrienne
Twitter:
October 6, 2014 at 6:31 pm

Hey Vernessa,

Good to see you here at Sherryl’s blog and sorry I’m late in getting by here. My commenting is now being limited to just so many days due to a massive need to finish my product. But I so appreciate you mentioning my post here.

My situation was not a DDoS attack, just annoying bots but luckily for me I do have a VPS service and I am pretty well protected. It’s just all those hits at once can slow things down but the last hosting service I was on they were hacked so it’s never a pleasant experience I can vouch for that.

I believe I’m about as well protected as I can be. I have a lot of the security measures in place for my own blog and I’m with a great hosting service that has their stuff in order too. I back up my blog every single day and I keep the backups in three different locations so if I ever need to access any of them I can and know that they are all safe.

I’m not surprised at the statistics though about how much information is being spread around. I just don’t think a lot of people realize but I’m really weird about giving just anyone access to my blog. I only trust two people with my information and only one of them has accessed it to help me. I’ve had people try and convince me to come over to their hosting service too but I just don’t really trust them so I’m paranoid in that way. I think I have good reason, I don’t want to be another statistic. We can never be too sure.

Thanks for sharing this information and great to see you again. You ladies have a great week now.

~Adrienne
Adrienne recently posted..How To Build A Popular Blog Especially If You Are NewMy Profile

Vernessa Taylor
Twitter:
October 6, 2014 at 7:52 pm

Hi Adrienne,

Your article was “in the right place, at the right time,” so to speak. I blog-hop about every 3-4 months, visiting my favorite bloggers (of which you and Sherryl are amongst). Doing research for this article coincided with my “blog hopping” phase. You can imagine my surprise when I saw your article discussing the same topic I was writing about! 🙂

I was kind of on the fence about including the Questions section, but seeing how many bloggers were discussing the issue on your article helped me decide.

Yeah, I do know how paranoid you are about your hosting and your site’s security. I’m the same way. Even when I’m sorting out answers for issues I encounter with my own site, when tech support people ask me for a login to look around, I say “No” Sometimes they get P*O’d with me, but hey, it’s my site and I don’t like knowing how lax some of them can be with other people’s security.

Thanks for sharing your thoughts, Adrienne. You have a good week, too!

Sherryl Perry
Twitter:
October 7, 2014 at 3:05 pm

Hi Adrienne,

I know how busy you are and that you’re working really hard on launching your product. So, I want you to know how much I appreciate your taking the time to drop in and comment here.

You have had your share of webhosting nightmares. Not only did you spend a lot of time dealing with hosting vendors, I know you spent a lot of time researching hosts that would fit your needs the best. (It sounds like you’re happy where you are now.)

I don’t think you’re being paranoid at all. Your backup plan is commendable and certainly is what would be expected as part of a disaster recovery plan that any business should have in place. The key takeaway here is that you recognize that your blog is an integral part of your business. Unfortunately, many bloggers don’t appreciate that fact. Then, when something goes awry, they’re not prepared.

I don’t give access to my site to anyone either unless it’s absolutely necessary and I totally trust the person. A couple of years ago, my website host kept accusing me of using too much CPU usage. Although they are a highly respected host, (and definitely not one of the cheapest), they wouldn’t help me resolve the issue. Their idea of support was to provide me with usage reports that simply pointed me to my index.php file.

Unable to resolve the issue and being faced with having to immediately move my site, I reached out to fellow blogging friends. At that point, it was Christmas and I was in panic mode. A close friend put me in touch with someone who offered to help me. I trusted this individual with an admin account and he was able to get my site to a point where my host gave me a temporary pardon.
They still weren’t happy and basically wanted to fire me as a client.

I ended up moving my site but (since I never ran into any issues with the client sites that I host there) I still have a shared hosting account with them. Meanwhile, the person who helped me insisted that I take away his admin rights. That made sense to me because he didn’t need it and having another admin account was just one more vulnerability.

Speaking of vulnerabilities, just yesterday, I came across a blog with an article that was authored by “admin”. There are still bloggers out there who have not deleted the default user named admin. (For those of you who are still blogging under the “admin” user name, please – create a new account for yourself with administrator rights. Logon with your new account and immediately DELETE the admin account on your on your blog. Keeping that account is a huge security risk.)

I hope everyone has a great week!
Sherryl Perry recently posted..3 Steps to Protect Your WordPress Blog from HackersMy Profile

Ken Dowell
Twitter:
October 6, 2014 at 3:56 pm

Appreciate all of your advice as well as your thorough dedication to getting everyone to appreciate the breadth of the problem.
Ken Dowell recently posted..On a Street Once Lined with Striking Silk WorkersMy Profile

Vernessa Taylor
Twitter:
October 6, 2014 at 6:05 pm

Hi Ken,

We can see how this issue is top of mind by looking at the WordPress forums for any security plugin. I hope business bloggers will take the time to dig a little deeper, especially if they have others maintaining their sites for them. A lot of the problems that come to me to solve are because webmasters are not all that diligent about protecting sites that have been placed in their hands.

Thanks for your comment.

Sherryl Perry
Twitter:
October 7, 2014 at 12:33 pm

Hi Ken,
Vernessa has certainly given us a lot to think about. Thanks for letting us know that you found her article helpful.
Sherryl Perry recently posted..Are You Confused by Google Semantics? SEO Tips You Need.My Profile

Tim October 6, 2014 at 1:31 pm

This is a very helpful and informative article which will hopefully save many a lot of time as the cyber bad guys get more sophisticated and we, the users, lull in a false sense of security, for the most part. Very timely, very welcome, well constructed, and we are grateful. Thanks for this post on Online Protection.
Tim recently posted..Departing the IndiesMy Profile

Vernessa Taylor
Twitter:
October 6, 2014 at 6:01 pm

Tim, thanks for the kind words. I think if we each do some small part to raise awareness, our colleagues, families, friends and clients will become more diligent about security and online safety.

I know this is on the minds of bloggers and website owners, so this is my small part.

Sherryl Perry
Twitter:
October 7, 2014 at 11:55 am

Hi Tim,
Thanks for letting us know that you found Vernessa’s article helpful. She’s obviously very knowledgeable on this topic and speaks from experience as well.

I appreciate your taking the time to join the conversation.
Sherryl Perry recently posted..How Can you Improve Your Website Blog? #FridayFindsMy Profile

Catarina
Twitter:
October 6, 2014 at 11:17 am

Excellent article about the dark side of the internet.

Personally use Wordfence on both my Wordpress sites and it has protected me so far against log-in attempts and files that have been alterered. Also block IPs that are trying to access my site manually on Wordpress. Noticed that one IP had figured out one of my usernames on one of my sites, so I simply deleted that username.

Know some nerds at university here. One of them told me about the guy who came up with the idea of the malware that blocks people from using their computers unless they pay him. It’s a normal guy from a really small town in Sweden who couldn’t get a job and hence found a source of income. He is wanted by Interpool, now lives in Russia and share half of the money he forces people to pay him with some Russians, probably the maffia.
Catarina recently posted..Yoga – an access to having it all?My Profile

Vernessa Taylor
Twitter:
October 6, 2014 at 1:07 pm

Now that’s an interesting story, Catarina. We wonder about the “evil” behind some of these attacks and now have an inkling that some of them stem from pure economics. Of course, unemployment is no excuse for stealing or extortion. Any connection with organized crime cannot be good. The implications of that are too scary to contemplate.

You’ve got your sites locked down pretty good with WordFence. Most people I’ve encountered who use it are satisfied with the results.

Thanks for your comment.

Catarina
Twitter:
October 6, 2014 at 1:25 pm

When you have super high unemployment people who normally would not resort to extortion can feel they have to. Presumably that guy wouldn’t if he had been able to get a job?

Have used Wordfence since it was released. Sherryl actually leant about it from me.
Catarina recently posted..Yoga – an access to having it all?My Profile

Sherryl Perry
Twitter:
October 6, 2014 at 10:58 pm

Hi Catarina,

That is an interesting story about the person behind the ransom ware code. That hit hard in this area. A local police department was advised to pay the ransom to get their files back. It’s amazing that they were vulnerable to it.

I still use WordFence and I’m very happy with it. They do an amazing job of keeping us up to date on risks too. I subscribe to their newsletter and I often tweet about vulnerabilities that they’ve alerted us to.

As an additional layer of security, I’ve been subscribing to Sucuri’s CloudProxy website firewall. That has my site locked down so well that both Vernessa and Jeannette had to email me their IP addresses to white-list before, they could create and edit their posts.

It even affected me when I went on an overnight trip. I would have had to go into the Sucuri control panel if I had wanted to access my WP admin from the hotel. Since it was an unsecured WiFi connection, I just took the night off from working. 🙂

As always, thanks so much for sharing your insight with us.
Sherryl Perry recently posted..Security on My Mind: How To Successfully Evaluate and Protect Your Online Technology AssetsMy Profile

Lenie
Twitter:
October 6, 2014 at 7:31 am

Hi Vernessa – I am printing off this post and then I am going to go through and take a look at all the steps you’ve outlined. I have Norton security on my computer and thought that was all I had to do. Had no idea about bots, DDoS, etc. I will for sure be making some big changes. Thanks for this post.

Vernessa Taylor
Twitter:
October 6, 2014 at 12:57 pm

Hi Lenie,

Thanks for your comment. Much of the advice here is more about protecting your website than your personal computer. (The latest article on my blog about personal computer safety helps you keep your physical computers at home and office safer. Using a good antivirus program along with malware/spyware protection, you will be reasonably covered. )

You can use the questions in this article to ask your webhost about security features for your site.

Sherryl Perry
Twitter:
October 6, 2014 at 10:43 pm

Hi Lenie,
I just read Vernessa’s reply to you and I agree that her post “Let’s Get Serious About Personal Computer Security” would be a good read for you. (I’ve already read it and left a comment for her.)

Thanks for letting us know that you learned from her guest post and for sharing your thoughts with us too.
Sherryl Perry recently posted..How Can you Improve Your Website Blog? #FridayFindsMy Profile

Ammar Zeb
Twitter:
October 6, 2014 at 4:42 am

Well, assets are assets and they are always important and precious to you whether they are offline or online and they must be protected. My brother, the way you told is just awesome and I was looking for such one trick to protect my online data but you just did it for me.

Thanks, keep writing the good stuff 🙂

Vernessa Taylor
Twitter:
October 6, 2014 at 12:47 pm

Hello Ammar,

Thanks for the kind words! “assets are assets.” How true, we have to give the same attention to their protection.

Glad you found some useful bits to help keep your assets safe.

Have a great week!

Sherryl Perry
Twitter:
October 6, 2014 at 10:37 pm

Hi Ammar,

I’m glad you liked Vernessa’s post. It certainly served as a good reminder to all of us that we need to be diligent when it comes to protecting our assets online.
Sherryl Perry recently posted..How Do You Know Which Bad Links Caused Your Google Penalty?My Profile

Ravi Chahar
Twitter:
October 6, 2014 at 12:04 am

Hi Vernessa and Sheryl,

You have pointed out an amazing stuff here Vernessa.:)

We all know that technology is increasing day by day and we should not forget that technology is also vulnerable and we all should keep our business safe.

There are many hackers seeking for poor websites with low level of security. Few months ago one of my friend got Brute attack at her website and it was really horrible seeing the drop rate of here ranking.

People should know about all the things related to digital technology too.
Thanks for sharing with us.:)

Hope you both are enjoying this weekend.:)

~Ravi
Ravi Chahar recently posted..What Are Crawl Errors And How To Remove Them Using GWT?My Profile

Vernessa Taylor
Twitter:
October 6, 2014 at 12:43 pm

Hi Ravi,

You make some good points. Thanks for sharing about your friend’s website and how the brute attack affected her website ranking. That kind of domino effect is not obvious but makes sense.

Weekend has been very busy but satisfying! (Hope yours went well.)

Sherryl Perry
Twitter:
October 6, 2014 at 6:35 pm

Hi Ravi,

That’s a shame that your friend’s site was under brute attacks. I’ve heard a couple of horror stories in the last few months where that has happened.

Examples like this are exactly why I was so happy to publish Vernessa’s article. She definitely has a thorough knowledge of this topic and did an awesome job explaining it in detail. (She presented us with some very scary facts too.)

As always, thanks so much for taking the time to add your insights to the conversation.

andleeb
Twitter:
October 5, 2014 at 8:57 pm

Thanks for a detailed post on this topic. Botnets- I have never heard about them and now came to know what is this and why it is used and how it works. Online security is very necessary, I am one in those who have never changed their bank online password. I will be going back in few minutes time and , will change all the passwords that I use. May be I will shuffle them :). For all this as you said we must have the knowledge first. This is a coincidence that I was talking to one of my students who was caught for hacking , I just asked him how he do so , he have not told me anythng but told me to change passwords regularly- I did not pay any attention , but now I will do this. Thank you Vernessa .

Vernessa Taylor
Twitter:
October 5, 2014 at 10:20 pm

Hi Anna,

Thank you for sharing this facet on security. By the time you read this, I hope you will have had time to change all of your important passwords (they’re all important, but some much more than others!).

Your comment reminds me to call attention to one of the items in the article under “Ask Your Webmaster or Site Manager These Questions.” It is the one about using secure passwords.

For you (and anyone else who needs it), this link is to a super-duper-secure password generator: https://www.grc.com/passwords.htm

The GRC site is one of my secret weapons; I’ve used other tools there as well as their password generator for well over a decade.

Thanks for weighing in!

Sherryl Perry
Twitter:
October 6, 2014 at 6:20 pm

Hi Anna,

Welcome to my blog. Thanks for letting Vernessa and I know that her article resonated with you. It’s nice to know that what she wrote has resulted in your paying attention to advice that you had been given before. 🙂 (That’s what happens when a good author connects with their readers.)

Vernessa, that’s a handy site for secure passwords! Thanks for sharing that with us.
Sherryl Perry recently posted..What Blogging Tips Are You Missing?My Profile

Vernessa Taylor
Twitter:
October 6, 2014 at 7:55 pm

No problem, Sherryl. The guy who provides that is a security specialist who has been around forever. He also does a podcast, which I listen to occasionally, but the stuff he and his guests discuss is even way over my head! 🙂

Sherryl Perry
Twitter:
October 6, 2014 at 10:06 pm

I’m sure you’re picking it up Vernessa and if it is over your head for now, you’ll learn enough to come back and teach us more. 🙂

Jacqueline Gum
Twitter:
October 5, 2014 at 7:14 pm

Vernessa, I think you came to BHB at such a perfect time. Your posts are SO super informative! Nothing is more in the forefront today than these damnable bots, malware, not to mention data mining…no matter how harmless. Finally found a plug-in (Simple Comments) to handle an unbelievable amount of spam comments and ended up hiring the developer after he helped me out of a really bad situation where my VPS server had also been attacked. The WebHost Provider failed miserably! I now know that I can’t know everything because I do NOT want a career in IT!!! LOL But your posts have sure helped me ask the right questions….I am so grateful!!!
Jacqueline Gum recently posted..Humility… Where’s The Justice?My Profile

Vernessa Taylor
Twitter:
October 5, 2014 at 10:10 pm

Hi Jacqueline,

Glad you found both a reliable spam blocker for your blog and a web developer who can help you with your VPS. I’m not surprised about your web host. Very few of them do what’s truly necessary to protect their clients. That’s unbelievable, but true.

I can’t tell you how pleased I am that you found the questions useful. 🙂

Sherryl Perry
Twitter:
October 6, 2014 at 6:02 pm

Hi Jacqueline,

It’s so nice to see you here! Vernessa is a wonderful addition to our LinkedIn Bloggers Helping Bloggers group. (I appreciate that she’s starting discussions there too.)

That’s wonderful that you found a plug-in that works for you. It’s always good to hear from readers what plugins work for them. It’s also good to hear that you rewarded the developer by hiring him.

Thanks so much for sharing your experience with us and for letting us know that you found Vernessa’s guest post valuable.
Sherryl Perry recently posted..Who Do You Listen to When Influential Bloggers Don’t Agree? #FridayFindsMy Profile

Jeannette Paladino
Twitter:
October 5, 2014 at 11:43 am

Vernessa — thanks for this comprehensive list of things you need to do to protect yourself against the bad guys. You mentioned two areas of concern: your personal computer and your host server. I feel more confident about understanding how to protect my own computer but how many of us really understand what the companies who host our websites are doing to protect them. Your post opened my eyes about the questions to ask.

For example, when I used Hostgator (a reliable host until they were sold) I turned on my computer one day and had 15,000 emails in my business email account (hosted by Hostgator) sent to me via another hijacked computer. By the time Hostgator found the problem at their end another 5,000 started to download before I closed my email. I had to manually delete them.

It’s frustrating and sad there are so many evil people in the world. If they can penetrate 75 million accounts of JPMorgan Chase then you wonder how the little guys can protect themselves.
Jeannette Paladino recently posted..How Three PR Pioneers Opened Doors for the Next GenerationMy Profile

Vernessa Taylor
Twitter:
October 5, 2014 at 2:37 pm

Hi Jeannette,

“Frustrating and sad” is the overwhelming sentiment we experience. That duo renders many of us virtually paralyzed and unable to take even the most basic steps. But as powerful as those emotions are, empowered is where we all need to be. Because after taking those few steps, and subconsciously experiencing empowerment, we are more capable, and likely, to go further.

“Power concedes nothing with a demand.” Not just a washed-up axiom, it’s a maxim that has changed our personal (and technological) landscapes, time and time again.

When “the people” who participate in their own defense, demand a heightened level of security, somebody, somewhere, will come to our aid … and interlopers will not continue to be able to break in upon us willy-nilly. (Remember, the Constitution provides for a “national defense.” I’m currently reading The Federalist Papers, so I’m definitely feeling like this is a constitutional issue.)

Sherryl Perry
Twitter:
October 6, 2014 at 5:55 pm

Wow Jeannette! This is the first time I think I’ve heard that story. I can only imagine your frustration. I was dealing with what I thought was a lot of junk mail on this site but it was “merely” in the hundreds.

This site is still on BlueHost and they had a setting that I could tweak. I still get twenty to thirty spam emails a day but they’re all flagged by the anti-spam software that I have on my PC. So, it’s easy to quickly tag and delete them. Still, it’s a tremendous waste of time.

Out of curiosity, did HostGator warn you that you were using an excessive amount of storage or resources?
Sherryl Perry recently posted..Security on My Mind: How To Successfully Evaluate and Protect Your Online Technology AssetsMy Profile

Vernessa Taylor
Twitter:
October 6, 2014 at 6:12 pm

I’d be interested to know that, too, Sherryl (how HostGator went about warning you, Jeannette).

I feel more confident about understanding how to protect my own computer but how many of us really understand what the companies who host our websites are doing to protect them.

Jeannette’s statement and question truly reflect why I wrote about this issue. Thanks Sherryl for giving me the opportunity to shed some light on the subject.

Vernessa Taylor
Twitter:
October 3, 2014 at 7:22 pm

Hi Ryan,

Thanks for letting me know you found a specific part of the article useful. I didn’t want to get too technical but I know some of us bloggers are also more savvy than usual.

Your 1-2 approach is exactly what’s needed to save some headaches and not waste our time reinventing what we’ve already worked so hard on.

Cheers!

Candice October 3, 2014 at 4:57 pm

Great article and excellent tips. I’m fortunate enough to not have had any security incidences on my site and I’m scared to death of hiring people to do an work on it. It’s my baby so I basically have been wearing all of the hats. Thank goodness I’ve been doing what you suggested in your tips.

After reading all of this, I guess my offline security makes me think twice too. Protecting hard drives and phones, those are things that I need to address to make sure I’m properly protected.

I’m also concerned about Cloud security these days. There’s so much to think about when it comes to protecting your information and content.
Candice recently posted..Urban Belle | Natural Hair Style MashUp 2014My Profile

Vernessa Taylor
Twitter:
October 3, 2014 at 7:27 pm

Hi Candice,

You are to be commended! (hat tip) Call me paranoid, but I like you: wearing all the hats. But because you are super-diligent, and you know how to vet others security-wise, you can trust yourself to get some help.

Funny how things work out, I wrote another article about personal computer safety, to go hand-in-hand with this one. As long as we keep security on our minds, we will be less likely to have some of the avoidable incidents; and, we’ll be in good shape to deal with it if anything untoward happens.

Sherryl Perry
Twitter:
October 4, 2014 at 5:21 pm

Hi Candice,

I agree with Vernessa. It is commendable that you take security seriously. It’s surprising to learn how many website owners don’t.

One of the clients that I used to work with blatantly ignored to take security seriously. I say “used to” work with because he only wants to hire me for major changes and I haven’t heard from him in months.

When I was working for this client, I installed a couple of security plugins and configured them appropriately. The problem is that he assumed responsibility for updating his site. Because I was notified of security breaches (for example unsuccessful logon attempts) I would know that his site was at risk and I would contact him in hopes of convincing him to update his site (plugins, WordPress, theme etc.).

Guess what? He refused to update his site. He would tell me things like “if it’s not broke, don’t fix it” and “why would anyone want to hack into my little site”.

As far as I know, his site is still up and he’s still at risk of being hacked. Talk about having your head in the sand. Thank goodness, he made it clear that it wasn’t my responsibility.

Thanks so much for joining the conversation and for letting us know that you found Vernessa’s post helpful
Sherryl Perry recently posted..Security on My Mind: How To Successfully Evaluate and Protect Your Online Technology AssetsMy Profile

Ryan Biddulph
Twitter:
October 3, 2014 at 2:42 pm

Hi Vernessa,

Being super aware of your current levels of security and picking up info when you need 2 are critical steps.

I never knew about the VPN info you noted above. We use one here in Fiji, and in most places on earth, to avoid red flags when logging into certain sites. Never knew, and so thankful you’ve shared this.

Educate yourself.

Don’t put your head in the sane.

This simple 1-2 approach will help you avoid so many problems online because if you’ll just be open and willing to learn, and to act, you’ll avoid nightmarish scenarios which cripple others, and their online empires.

Thanks Vernessa and Sherryl. Tweeting through Triberr.

Signing off from Savusavu, Fiji.

Ryan
Ryan Biddulph recently posted..5 of the Most Savage Thunderstorms I’ve Experienced During My World Travels (Plus a Critical Blogging Lesson that Top Earners Teach You)My Profile

Sherryl Perry
Twitter:
October 4, 2014 at 4:49 pm

Hi Ryan,

As always, it’s good to see you here. Paying attention to security is so important no matter where we are! Thanks so much for taking the time to share your thoughts with us.

Vernessa Taylor
Twitter:
October 5, 2014 at 2:39 pm

Hey Ryan – somehow my “reply” to you didn’t make it under your comment. Hope you still saw it. 🙂

Previous post:

Next post: