September 27, 2018 Security for your Websites/ Web Application.
I was at a cybersecurity summit in 2015, listening to industry professionals and the FBI talk about all the different ways bad guys could infiltrate a...
I was at a cybersecurity summit in 2015, listening to industry professionals and the FBI talk about all the different ways bad guys could infiltrate a company’s network, steal their data, wreck their business, use their website for nefarious purposes, and bring their world crashing down around their ears. Now, there’s a good reason for a website safety check. It wasn’t a fun and delightful way to spend a fall afternoon, I can tell you. But then they topped their sundae of delight with this little cherry of goodness: “It’s not a question of if your website gets hacked, it’s a question of when.” Yeah, thanks for that. I’ll go ahead and stress about this for the next three weeks and wish I had chosen to become a gym teacher. Nothing is more effective at frightening someone into action than a worst-case scenario. I took steps to protect my company’s website. I educated myself on how to check website security and learned how to do my own website safety check in order to keep my and my clients’ sites relatively safe from “bad actors,” as the FBI called them. 10 action items for a website safety check Based on my knowledge and research, I put together this checklist you can follow to perform a basic website safety check — and reduce the odds that your own sites fall prey to the bad guys’ nastiness. Enable HTTPS. Update plugins and other software. Remove unnecessary plugins. Keep backups. Monitor file integrity. Protect against brute-force attacks. Change your username. Auto-generate passwords. Scan DNS and WHOIS. Run online website safety check Let’s get started.
1. Make sure you have the https:// protocol That’s the S in https. It’s the Secure Socket Layer, which encrypts traffic between a user’s browser and your website. This has become so important, Google is now factoring the existence of an SSL into its SEO formula — and starting to flag any website that isn’t using https as potentially unsafe. Stay ahead of this development by picking up an SSL certificate for your site.
2. Update all software, including plugins If you’re running a website on WordPress.com, Blogger.com, or a website builder like GoDaddy’s Website Builder, you don’t have to worry about this part of your website safety check. But if you self-host a website on your own server, or even a third-party web host, you are responsible for your own updates to check website safety. That means keeping content management software like WordPress updated, as well as any plugins you’re using. Many plugin updates are available to fix vulnerabilities hackers might exploit, so by using older versions of plugins, you’re leaving yourself open to malicious attacks.
3. Remove unnecessary plugins Delete any and all plugins you’re not using, especially if the creators haven’t updated them for several months. The risk is that a bad actor (there’s that term again) will buy an out-of-date plugin, update it, and add their own piece of malicious code. Then, when you do update your plugin, you’ve got the new and compromised version on your site, which gives the hacker a secret backdoor into your server. If you’re trying to check website security, this can leave you pulling out your hair. Website Safety Check Delete Plugins Dumpster Outdated plugins? Trash ‘em.
4. Keep backups of everything I’ve heard horror stories where entire websites have been devastated by a malicious so-and-so who wanted nothing more than to destroy a company’s hard work. Years and years of blog posts and content can get lost to data destruction or injected malicious code. But this can be avoided if you just keep regular backups of your website, hosted in a separate third-party location — that’s not on your website’s server. Work with a separate backup service provider and keep all web data, company data, and financials safely and securely away from your website, in case something goes wrong. For larger companies, it doesn’t hurt to have two completely separate backups from two completely different providers, in case one of them fails. Check out this article for a deeper dive into the topic of backups.
5. Monitor file integrity Pay attention to extra files you post on your website and include them in your website safety check. Image files — as well as Excel and Word documents, and even PDFs — can be corrupted by cybercrooks. Use a malware checker like GoDaddy Website Security, powered by Sucuri to establish a baseline for your files’ status, which is then compared to future scans to check website security.
6. Protect yourself against brute-force attacks This is the image we all have of hackers, bad guys trying to guess our usernames and passwords, or using software to just hammer away on that login box hundreds of times per second. This can be thwarted in a couple of ways: First, use complex passwords, preferably with random letters and numbers, or better yet, a string of random words. Second, if you’re a WordPress user, use plugins like Limit Login Attempts to block brute-force attacks and ban IP addresses that are the source of them.
7. Change your username Whenever I get a brute-force attack report, which happens about once a week, invariably the hackers are trying to break into the admin account. So any time I set up a new website, I always create a different name for the admin account and then delete the user Admin. That way, if anyone tries to access that particular name, they’ll never get in, no matter what.
8. Auto-generate your passwords Speaking of brute-force attacks, you can greatly reduce their odds of success by using extremely complex passwords. Don’t try to come up with your own clever password: I know! I’ll use my son’s middle name and the year of his birth! No one will ever think of Avery2004. Get a password vault like 1Password or LastPass, and use their feature that auto-generates passwords to create nearly-unbreakable security. They’ll create passwords that string together several words, making them nearly impossible to crack. Website Safety Check LastPassOne password calculator, Haystack, says a particular passphrase could take “1.82 thousand trillion trillion trillion trillion centuries” to break, so I think I’m good. (I’m only planning to live 1.82 thousand trillion centuries.)
9. Scan your DNS and WHOIS I knew a guy whose domain name was stolen because the hacker had reverse engineered his email address, and then used the Forgot My Password feature on his domain registrar. It was three weeks before my friend ever realized his domain name had been stolen, and it took another two weeks to get it back. Monitor your DNS and WHOIS listings, whether you check it manually once a week, or get a plugin that does the job. The Sucuri security plugin, for one, will keep track of this information for you. (Sucuri provides a lot of great web security with a single program, so I’m going to keep mentioning them. I think they should give me a hat or something.) But it also helps to have two-factor authentication turned on for your email and social networks.
10. Run an online website safety check There are several malware checkers for websites, including a few WordPress plugins. I use Sucuri (there they are again) for this function, but there are other websites that will scan your site. Sucuri is free, and it will give you a basic report of your website’s security after each scan. There is also a paid version to get more functionality and features. With other sites, avoid any random popup boxes you encounter that offer to scan your hard drive for you! That’s probably malware. There are literally dozens, if not hundreds, of things you need to do to protect your website from hackers. Many of these are built into web hosts and web software, like Web Hosting from GoDaddy. But if you’re a real do-it-yourselfer, and you’ve got your own web server, and you’re building the website from scratch, you’re going to need a professional web developer and security specialist to check website security. Regardless, there are some basic steps to check website safety that everyone should follow, regardless of where your website is hosted, or the kind of web software you’re using. In short, if you’ve got a website that sits on a server somewhere, you’re prone to being attacked by hackers, cybercriminals, and ne’er-do-wells. The likelihood of them gaining access to your website and its precious data depends on you, so either take these steps yourself or work with a cybersecurity professional to keep your data safe.
April 12, 2018 Branding
Having a solid, trusted brand is important for your company to thrive. If your target audience doesn't know or trust your brand, how will you ever...
Having a solid, trusted brand is important for your company to thrive. If your target audience doesn't know or trust your brand, how will you ever increase your customer base and sales? Here are six innovative strategies you can use to increase brand awareness and help your business thrive. Inviting influencers into your niche is a great way to increase brand awareness and hopefully drive sales. When influencers have an established audience that knows and trusts them, once they mention your product(s) and discuss your brand in their content, those mentions will expand your reach and increase people's awareness of your product. Ikonick is a perfect example of a company that works directly with influencers: It sells canvas art for your home and office. The way Ikonick uses influencers involves providing them with art and having those influencers pose with the art, then share the photos on social media. "Our relationships are an important part of our business," co-founder Mark Mastrandrea told me. "Our relationships make up our community, and the community is how our brand grows." Ikonick uses all types of influencers, from Instagram photographers to celebrities. The company's social strategy has enabled it to scale and grow exponentially because its influencers become part of its sales team -- even ambassadors. The relationship is mutually rewarding, Mastrandrea said. Companies can also offer to sponsor influencers at an event (if they do that sort of thing) and even use them as spokespersons for their brand and product(s). A lot of CrossFit-related companies do this, including Rogue Fitness, which sponsors certain athletes with clothing. The athlete then becomes a walking billboard for the company. Have you ever received an order that came in branded packaging? Rather than see it as just another shipment, perhaps you felt that that that special branding made the package seem like a gift. The team knows that the product experience doesn't commence at first use, but rather at the unboxing stage. How companies present their brand, and the story they tell through their design and graphics, can create an emotional connection with the customer that may last even longer than the product itself.
February 07, 2018 Illustrator
Whether you're a freelancer or an in-house designer, or at a studio or agency, you'll probably have to rebrand at the and Whether you're a...
Whether you're a freelancer or an in-house designer, or at a studio or agency, you'll probably have to rebrand at the and Whether you're a freelancer or an in-house designer, or at a studio or agency, you'll probably have to rebrand at the andWhether you're a freelancer or an in-house designer, or at a studio or agency, you'll probably have to rebrand at the andWhether you're a freelancer or an in-house designer, or at a studio or agency, you'll probably have to rebrand at the andWhether you're a freelancer or an in-house designer, or at a studio or agency, you'll probably have to rebrand at the and.Whether you're a freelancer or an in-house designer, or at a studio or agency, you'll probably have to rebrand at the and Whether you're a freelancer or an in-house designer, or at a studio or agency, you'll probably have to rebrand at the andWhether you're a freelancer or an in-house designer, or at a studio or agency.
January 22, 2018 Logos
If you're reading this, you probably plan to start a small business or a side hustle very soon. And you probably have a couple of questions running...
If you're reading this, you probably plan to start a small business or a side hustle very soon. And you probably have a couple of questions running through your mind like: Do I really need that logo? Or Yep, I really need one. But how can I get it on a budget? This post was created to help you bring system out of confusion so you can get the best out of your business and enter the market full force. First of all, yes, you do need a logo, and it doesn't really matter how big or small your business is. Even if you're making a craft soap and sell it to your relatives and friends, you still need a logo. If you plan to monetize an idea, you need a logo for it. Otherwise your work, your efforts, your image and your future brand belong to everyone, like grapes at a grocery store. But most importantly, the final design you come up with should be effective enough to promote your business and get you that place in the sun. Here are a few tips that will make the whole process easier and more fun. The first step to a killer logo is an idea. So start feeding your brain with new impressions and experiences. Use anything that works for you. Try hiking and gain inspiration from nature. Or visit an art gallery. Meditation, photography, action sports In a nutshell, any kind of activity that fills you up with energy and joy may help you get that revolutionary idea. It's always useful to browse the websites (or social media profiles) of your potential rivals to not only judge their logos but to practice analysis. Do you find your competitor's logo effective or attractive? Try to think of the ways it helps the rival company to be profitable. Is there something you would change? Why? All of these questions can really help you to improve your own perception of your brand as well as the future marketing strategy. Find out what the strengths and weaknesses of your rivals are and benefit from that knowledge. When it comes to logo design, there are and always will be several safe choices like bold and elegant black and white logos or serif font wordmarks. But if you're striving to get that killer logo, don't be afraid to cross the line and try something rebellious. Go out there and get to know the latest design trends. For example, you may experiment with the bold colors like Ultra Violet, which is the Pantone color of the year, by the way. Or play with the typography and color gradients.