Large-scale cyber security breaches make the news more often than any of us would like, and most recently it was announced that hackers were trying to sell more than 117 million LinkedIn passwords on the dark web.
Password leaks and security breaches can have an impact on more than just your personal information – they can also play a role in SEO. In recent years, Google’s search algorithm updates have continued to put a major focus on making the web a more secure place. In August 2014, it was announced that HTTPS would become one of Google’s SEO ranking signals.
Security is important across the web, whether you are running an online business or doing personal banking on your iPhone. The number of U.S. data breaches hit a record high in 2015, and hackers are getting smarter every day. The past few years have brought us big news about major corporations like Target and Sony getting hacked, but what about the impact on small businesses and individuals?
Historically, the business sector represents the largest industry group in terms of data breaches, followed by medical and healthcare. The banking and financial industry ranks last. Which is good news if you do online banking, but where else are you sharing that same financial information online? Probably with a lot of other businesses, right?
You wouldn’t leave your home or car unlocked, yet many Internet users do not practice online safety. Luckily, the basics of cyber security do not have to be hard or time-consuming to implement. Here is what you need to know, so we can all share a safer Internet.
Passwords: The First Line of Defense
I can’t count the number of times I’ve heard a friend, family member or client say how they use the same password for all of the sites they use online everyday.
I cannot reiterate it enough… if you only take away one piece of advice from this post, let it be this: Choosing strong, unique passwords for each site you register for, and changing them regularly, is one of the best things you can do to stay safe and secure online. And please do not make your password a variation of your username, real name, or business name, or something similarly easy to guess.
[bctt tweet=”Cyber Security 101: Choose strong, unique passwords for EVERY site and change them regularly!”]
Does the thought of remembering all of those passwords make you crazy? Use a secure password manager like LastPass to make sense of the madness and help you generate unique passwords for the sites you use. (Seriously, I don’t know how I’d get by without LastPass in my life!)
Phishing: It’s Not Just For Nigerian Princes Anymore
At this point, most Internet users know they should be suspicious of an unexpected email from a so-called Nigerian prince promising millions of dollars in exchange for a little help. Which is exactly why scammers have gotten more sophisticated in their tactics.
Recently, an email slipped through my Gmail inbox (and Gmail is typically great about filtering out most spam and phishing emails). The email indicated that I owed money for driving on a toll road. Which might seem legit… if I had actually driven on a toll road recently. But what if you do drive regularly on toll roads, like so many of us do during our daily commute? It would be easy to mistake this phishing email for a legitimate one.
Luckily, I noticed a few things about this email that made it fishy. (Phishy?) First, I looked at the From: email address. Rather than appearing to be from some sort of official toll road website, the email was from a generic email address, like firstname.lastname@example.org or similar.
Next, an attachment came along with the email, which the message claimed was the invoice I could download and use to pay my bill. But I noticed that the attachment was a .exe file. A big no-no! Some versions of this toll road scam include a link to click where you can “download your invoice.” Don’t click that link! Instead, delete the email.
If ever in doubt of a suspicious email (or for that matter, a too-good-to-be-true news article you see floating around Facebook…), head to Snopes.com to verify the legitimacy.
The Dark Corners of the Internet: Stay Away!
Porn sites and illegal file sharing services are notorious havens for malware, adware, spyware, viruses and other bad stuff. If a website seems sketchy, creates a ton of pop-up windows or offers something too good to be true, stay away!
If pop-ups do appear, close the window immediately. Don’t click on the links they contain. If a dialog box unexpectedly appears asking you to run or install a program, always select “no” or “cancel” and close the box immediately.
Limit your use of open wireless networks. Free, public Wi-Fi networks, like those in coffee shops and hotels, offer easy access for would-be hackers to gain access and spy on your computer or mobile device. Check out Lifehacker’s tips for staying safe on public Wi-Fi networks, or read up on this guide to staying safe on public Wi-Fi.
Website Security for Businesses and Bloggers
Whether you are a small business or a solo blogger running your own website, security is something you need to take seriously. It’s no fun to learn about website security the hard way, as the victim of a hacking attack (believe me, I know), so take the time to educate yourself and prevent attacks before they happen.
You’ll also want to make sure you use a web-host who takes security seriously as well. Does your host provide automated backups of the files on your website? What kind of security and hacking protection do they offer? Be sure to ask these questions when considering a new web-host. What host you choose will depend on your individual needs, but Media Temple and Site Ground are two great hosting companies worth considering.
PCI DSS Compliance for E-commerce Businesses
If you manage an e-commerce business, there are a few extra precautions you’ll need to take in order to safely process other people’s payment information. If you are processing credit or debit card transactions directly through your website (or even if you only accept credit cards by phone), you are required to be PCI compliant, or risk hefty fines.
In 2006, the big credit card companies (Visa, MasterCard, American Express and others) joined forces to create the Payment Card Industry Data Security Standard (PCI DSS). As a business owner, you should familiarize yourself with the PCI Data Security Standard.
Hosted platforms like Shopify and Squarespace offer a simple way to create a PCI compliant site. Whether you host your e-commerce website yourself or use a third-party e-commerce platform to manage your online sales, at the end of the day you the business owner are responsible for ensuring your company’s PCI compliance.
Cyber Security Resources: A Recap
Practice safe passwords and use a password manager like LastPass, 1Password or Dashlane:
Check out this comparison by PC Magazine of the best password managers for 2016, or view Lifehacker’s picks for the five best password managers to learn more about each of these.
You can also search the site ‘;–have i been pwned? to see if your e-mail address has been compromised in a data breach.
Use Snopes.com to research online fraud, phishing scams and fake news stories:
Practice safe browsing, at home and in public:
- Google’s Security Center – Free Tips and Tools for Staying Safe Online
- Cyber Safety Tips from the U.S. Computer Emergency Readiness Team
- Lifehacker’s tips for staying safe on public Wi-Fi networks
- guide to staying safe on public Wi-Fi
Website security basics:
- WordPress security tips
- Everything SEOs Need to Know About Google’s New Stance on HTTPs
- Media Temple secure web hosting
- Site Ground secure web hosting
PCI compliance and e-commerce security:
- PCI Security Standards Council official website
- PCI compliance FAQ
- Top 10 misconceptions about PCI compliance
Do you have anything else to add to this list? Contact us and let us know!
Bookmark this page, and be sure to share this resource with a friend or family member to let them know you care about their online safety.