Stay Safe While Shopping Online

online shopping with hands reaching through screens
Summer is here! Kids are out of school, and maybe you have a vacation planned – but cybercriminals never take a holiday. Whether you’re booking a hotel room, buying concert tickets, picking up stuff for your garden, or taking advantage of summer clothing sales, stay vigilant when making online purchases.

Several years ago, most people made very few online purchases. Now, Amazon Prime Day(s) are touted almost as much as holidays, and some people buy almost everything online. You can make purchases, and even pay, with your mobile phone. The downside of this convenience is that it gives cyber thieves more ways to get into your wallet.

But just like there are ways to protect yourself when in a crowded place that may harbor pickpockets, there are ways to protect yourself from the cyber bag snatchers. CouponChief has put together an Online Shopping Safety Guide to educate consumers on security concerns and provide some tips on what you can do to protect yourself.  Give it a read, and enjoy your summer shopping, safely!

World Password Day 2019

keyboard with key on top

Happy #WorldPasswordDay!  The first Thursday of May is designated World Password Day, and it’s intended to promote better password habits to help safeguard our digital identities.  With cybercrime on the rise and data breaches becoming almost commonplace, it’s more important than ever to protect these keys to our kingdoms.  Take a moment today to review these tips to secure access to your accounts.

Use Strong Passwords

You know this…but do you follow this advice?  A recent study of hacked accounts showed that 23.2 million victim accounts used 123456 as the password.  Make your passwords strong  – a combination of upper and lower case letters, numbers, and special characters is best.

Use a minimum of 12–15 characters – longer is better!  Length is even more important than complexity, and long “pass phrases” can actually be easier to remember.  Don’t use easy-to-guess information, such as birthdays, sports teams, or band names, and don’t use dictionary words.

Don’t Use The Same Password On Different Systems

When you’ve picked out a great strong passphrase, it’s tempting to use it everywhere.  Don’t do it!  Even the strongest password does you no good if it’s been exposed in a data breach.  Cyber criminals often take passwords gleaned from a breach, and try the credentials on other systems.  If your social media account is compromised, and you use the same password and email address for your bank account…well, that’s a problem you don’t need.

Web security expert Troy Hunt created a great free resource which collects data on known breaches to help people assess whether their information may be at risk.  Check out Have I Been Pwned to see if any of your accounts have been compromised in a data breach.  (Spoiler:  the answer is probably yes!)

LastPass is a great password management tool for you, your family, or for a business team. (Disclosure: This is an affiliate link, which means I may get a small commission if you purchase through this link. There is no extra charge to you and there is no requirement to purchase through this link to get the latest deal.)

Use A Password Manager

So, I’m supposed to use long, strong passwords, and different passwords for everything – how am I supposed to remember all this?  If you follow best practices for passwords, it’s impossible to remember and keep track of them all – this is where password managers come in.

A good password manager will securely store unique login credentials for all your different accounts.  You only need to remember the master password to the password management tool itself.  Features vary depending on the tool you choose, but many password managers allow you to autofill using a browser extension (be cautious!), sync passwords to use on desktop and mobile devices, help you change passwords on your accounts, and generate strong passwords to help keep your accounts secure.

Most password managers are relatively inexpensive, and many have free versions that may work for you.  I personally use LastPass, but it doesn’t matter what you use, just use one!

#LayerUp Your Login

Yes, it’s World Password Day, and since passwords are still the most prevalent way of protecting an account, we need to follow good password practices.  However, the best password in the world is useless if it’s been exposed in a data breach.  The theme for this year’s World Password Day is #LayerUp – further protect your login by using multi-factor authentication (also known as two-factor authentication).

Multi-factor authentication adds another layer of protection to your accounts by requiring an extra step, such as entering a code sent to your phone, a code generated by an authentication app on your mobile device, or authentication with a separate hardware key.  This may seem a little inconvenient, but it’s a lot less hassle than trying to get your money back if your bank account is hacked or having to cancel your credit card after a major data breach.

Most major companies now have the option to turn on two-factor authentication to help prevent fraudulent access and add additional protection to your account.  Check out these tutorials to learn how to enable this additional protection for many popular services.

Your personal information is valuable – protect it!  Take a moment to celebrate #WorldPasswordDay by reviewing your accounts for strong passwords, and enabling multi-factor authentication on your most important accounts.  #LayerUp and stay safe online!

Shared Hosting: GreenGeeks

Disclosure:  This post includes affiliate links to the recommended service, which means if you click on the link and make a purchase, I may receive a commission or bonus.  All my reviews and recommendations are based on my personal experience with the product or service.

As a technical consultant and service provider for small businesses, I’m often asked to recommend a shared web hosting provider.  Although I strongly feel that a business should use cloud-based or VPS (or even dedicated) web hosting, shared hosting can be appropriate for a freelancer, blogger, or a business just starting out and testing the waters.

However, it’s tough to find a quality shared hosting option.  Certain large companies with big marketing budgets saturate the advertising space, and they historically have subpar performance and less-than-stellar reputations.  From my experience with several of these companies, that poor reputation is deserved.  While some deliver adequate performance for small, low-traffic sites, the security measures for these low-cost plans are often horrendous.  A “security service” is a common upsell, but I’ve had clients with sites compromised even when they purchased the “security”.  I’ve seen sites hacked due to cross-contamination, and I’ve seen overloaded servers running software that is years out of date.

I was lucky enough to run into Trey Gardner of GreenGeeks at a WordCamp, and after a short conversation, he invited me to check out GreenGeeks hosting.  I’m pleased to say that I now have a solid recommendation for shared hosting – if you are in the market for shared web hosting, I invite you to check out one of the GreenGeeks plans.

(Note:  GreenGeeks does offer VPS hosting and dedicated server hosting as well, and while I have no doubt those plans are also excellent, I have not personally tried them.)

Performance

For a shared hosting plan, GreenGeeks has comparatively good performance.  They offer all the basic items you’ll find in most shared plans (unlimited web space, data transfer, MySQL databases, the underlying software needed to host popular platforms such as WordPress or Drupal).  With three levels (Starter, Pro, and Premium), you can find an inexpensive plan to help get that blog started, or a little more robust plan if you want to test out your business idea without a large upfront outlay of cash.  My recommendation even for small sites is to start with the “Ecosite Pro” plan, but if you just need something for a low-traffic personal site and are really cash-strapped, the “Ecosite Starter” can get you going.  GreenGeeks has implemented a scalable hosting platform, so if you find the standard resources don’t quite meet your needs, you can purchase a memory upgrade to help boost your site performance.

When you sign up, you can choose from 5 data centers – if you’re located in the US, Canada, or Europe, you’ll be able to choose a location near you for faster loading times.  They also offer integration with the CloudFlare Content Delivery Network, which can help with page loading speeds by caching content and serving it from a location close to your site visitors.  And their proprietary PowerCacher service (on Pro and Premium plans) can help speed your site up even more.

GreenGeeks uses state-of-the-art hardware, with solid state drives and name brand server and network gear.  In addition, they stay current with the latest web software and protocols, using both HTTP/2 and PHP 7.  This is important not only for performance, but also for security.

Security

As mentioned, GreenGeeks is up to date with the software running on their servers – something not all inexpensive shared hosts do (I recently helped someone with a web issue and discovered their web server was running PHP 5.2 (as of the original date of this post, end-of-life for PHP 5.2 was over 8 years ago, so it’s not at all surprising the individual had website troubles).  GreenGeeks also offers secure FTP, giving you a secure connection to transfer and access your files.

GreenGeeks uses a container based approach, provisioning each account with a secure virtual file system.  This helps to keep accounts private; although you share space on the server with many other accounts, users can only see and access their own accounts.  Along with security scanning and server monitoring, this approach helps to protect against malware, and reduces the concern of cross-site contamination if there happens to be a “bad actor” on your shared server.

Finally, GreenGeeks offers a free Let’s Encrypt SSL certificate with all hosting plans – a must to ensure your site uses the important https and doesn’t get marked as “non-secure” by the Chrome web browser.  While most reputable web hosts will offer the Let’s Encrypt SSL certificate, many of the low-cost shared hosting plans charge to set up and install the certificate for your site.

Support

Other than the free website transfer offered by GreenGeeks, I have not had the need to use their support.  My support request for the website transfer was handled quickly and I had no issues.  If you do have occasion to need support, GreenGeeks offers email support through your Account Manager area, 24/7 live chat, and phone support from 9 AM to midnight Monday through Friday, and 9 AM to 8 PM EST on weekends.  If, like me, you prefer to try to figure things out yourself first, they do have a robust knowledge base as well as a number of tutorials on common topics.

Other

GreenGeeks’ claim to fame is, as evidenced by their name, being an award-winning “green” web host.  They are proud of being an environmentally friendly web host, by not only making the maximum effort to be energy efficient, but also investing in renewable energy to reduce the inevitable environmental footprint created by technology.  And when you host with GreenGeeks, you can use one of their cute little “Green Badges” to show that your website is eco-friendly!

Although personally I’m more interested in the security aspects of the hosting I use, I can’t deny that being as energy-efficient as possible is good for all of us.  Oh, and Trey is a really nice guy!

It’s Not Easy Being Green

If you need an inexpensive shared hosting plan that still offers good performance and security features, as well as giving you the satisfaction of “being green”, then check out one of GreenGeeks hosting plans.

Cybersecurity At Work: It’s Everyone’s Business

It’s Week 3 of #CyberAware Month, and this week is all about tips and advice to ensure online safety at work.  No matter where you work – government, industry, academia – we all have a role in ensuring online safety and security.  While your organization may have an Information Technology (IT) department to oversee company infrastructure and computers, following cybersecurity practices to protect the organization from cyber attacks is a responsibility everyone shares.

 

table with computer and papers - text overlay says protect your business from cyber threats

(more…)

In Demand: Consider A Career In Cybersecurity

Week 2 of National Cybersecurity Awareness Month is focused on raising awareness about the need for cybersecurity professionals and inspiring students and those entering (or re-entering) the workforce to consider the many opportunities to contribute in this field.

(more…)