security Archives - Page 2 of 4

Are you ready for the upcoming SSL/HTTPS changes?

cyberguru Design June 12, 2018November 26, 2018Google, HTTPS, security, SSL, SSL Certificate, website, website security

It’s been confirmed, Google has announced that in July 2018 they will begin to identify all websites that do not have SSL certificates as “not secure”. Have you checked whether your website is displaying as secure?

You can check whether your website by seeing if your website if your website address bar contains HTTPS. As per Google’s Blog posts, “A secure web is here to stay” and “Evolving Chrome’s security indicators”, Google Chrome will be identifying websites without HTTPS in their website address as “not secure” in version 68 due out in the next month. It is expected that the other browsers, Mozilla Firefox and Microsoft Edge, will also follow suit in due course.

With only a few weeks until these changes occur, we strongly suggest you ensure that your website has an SSL certificate so it will continue to be displayed as secure. If your website address doesn’t contain HTTPS then your website server will require the installation of an SSL certificate and changes will need to be made to the website itself.

CyberGuru’s newer website hosting plans can take advantage of an AutoSSL certificate at no cost, however we will need to make some changes to the internal workings of your website for it be compliant. This includes enabling the SSL certificate, updating your website’s internal links to ensure they go to the HTTPS version of the website and testing to making sure your website works as it is intended to.

We are providing a service for both CyberGuru clients and non-CyberGuru clients to perform the required changes on your behalf. In order to do this, we will require access to your website’s cPanel account as well as WordPress account. We will be aiming to complete all SSL/HTTPS website changes before July, however we will be working on a “first come, first served” basis depending on popularity of this service.

Please contact us for a quote on how we can make your website SSL/HTTPS compliant.

How can I protect my website from being hacked?

cyberguru Design May 29, 2018July 24, 2018maintenance, security, updates, updating, website, website maintenance service

Having a website is like having a virtual shop front to your business and provides the ability for your visitors to come and browse you and identify possible products and services they may like to buy. However, like a physical shop front, you should ensure you have security measures in place to protect the information that is stored on your website.

1. Perform regular backups of your website.

Having a regular backup of your website providing you with the ability to have a copy of your website to restore if required. Whilst website hosting providers will often perform nightly backups, there is often a cost to restore these. We suggest at least taking a backup once a month to ensure you have a copy of it at a point in time to restore to if required.

2. Remove any users no longer required and change passwords.

Depending on how your website was designed, you may have had a previous designer or developer or staff who have had access to your website to maintain it on your behalf. If these users no longer require access to do this, we suggest you remove or change the level of access to not allow them to make changes. Similarly, change your passwords on a regular basis. Passwords that have not been changed for some time may be likely to be compromised especially if they are simple.

3. Install updates on a regular basis.

Most of the common website content management systems, including WordPress, Joomla and Drupal, all require regular updates, along with any associated third-party plugins, themes and translations. These improve the features, performance and security of the website.

4. Disable or remove unnecessary plugins.

You may have plugins for your website that you are not using. If you have upgraded your website in the past, you may have plugins installed that were from your older website, or are no longer in use. If you are not sure if you are using them, you may decide to disable these until you determine that they are not needed. However, if you are certain you are not using them, then you could remove these.

5. Install a security plugin to report security issues.

There are various security plugins available that can notify you when an administrator logs on to your website, users have been blocked (through incorrect passwords when attempting to login or malicious attacks), when files are modified, and when updates are needed.

6. Consider a website maintenance service.

You may wish to consider a website maintenance service, such as CyberGuru’s to perform the review and maintenance for you, including backups, updates and test your website on a monthly basis. For further details, please see the Website Mainternance Service page on the CyberGuru website.

If you would like to know more how you can protect your website from being hacked, please contact us today.

CyberGuru proudly supporting 2018 Privacy Awareness Week

cyberguru Announcements May 17, 2018June 4, 20182018PAW, privacy, Privacy Awareness Week, security

CyberGuru is proud to be again a supporter of this year’s Privacy Awareness Week (PAW). This PAW is all about promoting privacy as part of everyday business. Running from 13 to 19 May, the theme “Privacy: from principles to practice’ focuses on the need for organisations to develop and reassess systems, processes, culture, and practice to make sure the protection of customers” personal information comes first.

Your privacy and personal information is valuable to us, which is why we are a PAW 2018 supporter. To help you understand how we handle personal information, we:

Having our displayed privacy policy informing you how we handle your personal information, including collecting only required information necessary to provide our products and services to you and not sharing your information with third-parties unless consent is provided.
Ensuring our website and email communications are secure and protected using HTTPS, SSL and encryption technologies.

You can get involved in PAW by discussing privacy with your customers and staff and taking steps to handle your personal information with care. Here are a few quick tips you can use today:

Review the privacy policy of any new app or website where you enter personal information.
Use passwords with a combination of letters and numbers, which aren’t easy to guess that are over eight characters.
Check the privacy settings on your social media profiles and change them to your preferences.
Respect other people’s privacy – ask for permission to post images or videos where they are Identifiable.
Check for the padlock symbol and “https” at the start of a URL – this indicates that the website is secure.

If you would like to find out more about PAW and how your organisation can protect your customers’ personal information, we encourage you visit the PAW website. If CyberGuru can assist you in implementing the suggested practices, please contact us.

Ask CyberGuru: Do I need to update my modem router’s firmware?

cyberguru Support April 24, 2018April 22, 2018Ask CyberGuru, drivers, firmware, hardware, modem, operating system, router, security, software, update, updates

CyberGuru was recently asked, “I saw in magazine recently that it suggested that you should ‘update your [modem] router’s firmware to fix security defects as well as provide optimum speed and performance’. Is this the case and how do you do this?”

Yes, it is important to be looking to update your modem router, along with your computer’s operating system, hardware and software on a regular basis. As you have noted, it is important for security updates and ensuring your devices are running at the most optimal level.

Generally, if you have bought the modem router yourself, you can do this by accessing your modem router’s firmware or settings and choosing the appropriate link to update, which can take between 5-10 minutes to do. If you are unsure how to access the settings, details can be found by reviewing your modem router’s user guide. If you can’t find this, please consult your modem router manufacturers’ website.

However, in the case that your the modem router that has been provided by your internet service provider as part of your plan, you may not be able to install updates are these are likely to be managed by them. They will often release the updates on their own schedule to ensure support and compatibility with the devices on their end. Again, if you are unsure, please consult your internet service provider who can advise you accordingly.

Depending on the device, we also suggest that you perform backup of any contents, and settings prior to installing any updates. Should the updates cause any issues, the settings and contents can be restored easily.

If you have any questions you would like to ask CyberGuru, please contact us.

Be wary of fake Microsoft Office 365 emails

cyberguru Support March 13, 2018March 26, 2018fake, malicious, Microsoft Office 365;, phishing, security

Over the past few weeks, we have seen an increasing number of fake Microsoft Office 365 emails being received by clients. These email messages, whilst appearing to be genuine, are malicious emails sent by unauthorised third-parties.

The third-party is attempting to gain access to your email account through the use of your account details (username and password) and possibly also infect your computer or network with malware. Should they gain access to your account, they will access your emails and send messages to your contacts in your address book requesting they make payment to a specified bank account.

If you receive an email requesting that you login to Office 365 to access an invoice sent from a customer or supplier, or Microsoft advising your mailbox storage is full, or that your password is about to expire, then we strongly suggest you do not provide any information or click on any links, simply delete the email.

An example of such an email is shown below:

If you find you are unsure of the legitimacy of the email then please contact us and we can advise.