They “are many, varied, ever-changing, and [seemingly] eternal. Fighting them is like fighting a many-headed monster, which, each time a neck is severed, sprouts a head even fiercer and cleverer than before. You are fighting that which is unfixed, mutating, indestructible.”  

Today, should you choose to pay attention and follow the lessons of the illustrious Mistress Minerva, you might just learn a thing or two that’ll put you head (and shoulders) above the rest.  

First things first, let’s review our syllabus.  

Understanding Security Threats 

Class is in session.  

You are here learning to defend yourselves against that which cannot easily be seen.  

Dark creatures abound on the Internet. As we progress through our lessons, we’ll seek to identify and uncover them — all the while discovering what incantations and ingredients best keep their dastardly deeds at bay.  

These shadowy cybernauts seek to prey on us by accessing and damaging computers and networks. They revel in their ill-begotten spoils — in your business, personal, financial, or even medical information. And once they have it in hand, the damage has been done — no matter whether they’re holding it for ransom or auctioning it off to another digital shade. 

The average attack costs small to medium businesses $18,000. In the U.S. alone, 40% of cyberattacks swindle their victims to the cool tune of $25,000+, an 80% increase over last year. 

And do not be so naive as to think that all a cyberattack could cost you is money. As the professional sector is so often the target, both your reputation and customer base are at stake.  

In 2021, Norton discovered that 53% of mu—, I mean, adults, are more worried than ever about being a victim of cybercrime. Despite this, as of March 2022, 51% of SMBs have no protections against cyberattacks.  

As these shadows hone their prowess in performing feats of the darkest digital arts, so too shall we learn to combat them. 

Defend Against Phishing

Remember this: At their cores, cyber attackers are liars.  

They’ll feed you sweet words, send you messages appearing to be from positions of authority, and offer deals too good to be true, all in attempts to ensnare you.  

Their goal? To compromise you. To access your accounts and gain mastery over your assets.  

But how can they achieve such things without certain personal information, like usernames and passwords? 

There’s one vulnerability these silver-tongued, digital serpents know is always exploitable: You.  

These are known as social engineering attacks, and they skirt cybersecurity tools by way of human loopholes.  

Last year, the average cost of phishing attacks reached $4.24 million dollars. And that cost comprises a variety of things, like: 

• Stolen funds or direct monetary loss.
• Damage to brand and reputation.
• Compliance fines and penalties.
• Loss of customers.
• Loss of revenue.
• Cost of response and remediation.
• Legal fees.
• And others.

Do be careful — there are many forms of social engineering attacks. Below, we’ll learn how to identify them.  

A Compendium of Social Engineering Attacks  

• Phishing  
  • Here, digital dark artists use illusion to befuddle, confuse, and fish for your information. 
  • They’ll send emails appearing to be from a legitimate company asking you to update your payment method. Or you’ll receive a text from an unknown number asking that you confirm your next doctor’s appointment by clicking a link. Perhaps they’ll disguise malware or viruses as an unassuming attachment, lulling you into a false sense of security so that you’ll click “Download,” and infect your device.  
  • Phishing attacks are the handiwork of opportunistic cybercriminals — they have no specific target. 
  • Whispers say these attacks are alleged to have been created by a Nigerian prince, though it cannot be confirmed.  
• Spear Phishing
  • Like phishing, but with an intended target, either an individual or a larger organization.  
• Angler Phishing  
  • Fake customer service accounts on social media pose as legitimate business accounts in hopes that you divulge your login information to said service.  
• Whaling
  • A form of spear phishing targeting a high-profile or wealthy person or organization.
  • High-profile targets often equate to larger payouts, so these are especially enticing to those practicing the digital dark arts.
• Smishing
  • Phishing attempts done via SMS/Text.
• Vishing
  • Phishing attempts communicated via telephone.
• Baiting
  • Mind your curiosity. Nefarious cybernauts know that humans are prone to wonder and they use it to their advantage.
    •  Online Baiting Example: A pop-up or landing page claims that you’ve won an incredible amount of money! All you have to do is click a link to claim it. That link is chock-full of malware, unbeknownst to the target.  
    • Offline Baiting Example: Occasionally, our dark artists leave the Internet and enter the physical world. They may leave a non-descript USB stick strategically abandoned in a high-traffic cafeteria of a large business, knowing someone will be curious and plug it into their computer to find out more. But that USB stick is rife with malware — Avada Kedavra your network.
• Piggybacking (AKA Tailgating)  
  • Another form of in-person social engineering. In these scenarios, a scammer attempts to enter a secured premise immediately behind someone who has access.  
  • To prevent it, don’t let anyone into restricted areas after you. Ensure they have ID and make them use it to enter the premises, just as you had to do. 
  • These dark artists do not have your best interests at heart. They anticipate that you’ll be “too nice” to say anything to stop them, thereby giving them access. 
•  Business Email Compromise  
  • Last year, the FBI received almost 20,000 reports of business email compromise. 
  • These attacks range from cyber scammers spoofing emails posing as employees or other trusted persons requesting sensitive information in their emails, to full account compromise. That’s when a hacker gains access to a legitimate account, instead of just spoofing one to look like it.  
• Quid Pro Quo  
  • Fake tech support scams fall firmly into this camp. Someone calls or messages saying that your device is infected, or that you’re eligible for a software upgrade. All you have to do is give them your credentials and they’ll ensure you’re taken care of. Do not believe their lies.  
• Scareware  
  • Fear is a big motivator. Cyber attackers create pop-ups that appear in your browser saying something to the effect of, “Your system/device has been infected! Click here to fix.” 
  • Don’t click, never click. Doing so will ensure your device becomes infected. It’s a self-fulfilling prophecy. 

With only a cursory glance, perhaps you won’t realize these are naught but lies. They’ll send you sweet messages, deals simply too-good-to-be-true, and indiscriminate vagueries to pique your interest and ensnare you.

Use your powers of logic and observation. Ask yourself, “Is this too good to be true?” and “Does this message make sense based on the sender?”, “Do I recognize the sender’s domain name?” and “Why would this person be asking that of me?” If anything seems out of character, think twice about continuing any further.

If you engage positively with them — clicking their links or answering their texts — they win.  

Too much protection isn’t a thing. In addition to reviewing everything with a critical eye, you can use the following tools to keep your website and business email secure.  

Cryptology 

How does information remain secure when it’s communicated over the Internet? 

To answer that, we’ll need to take a step back and understand what happens when you traverse the interwebs.  

Whenever you open up your computer to visit a website you’re quite literally docking into the Internet like a boat would dock at a port. Once someone is docked, they’re then able to communicate information to and from others who are also docked. Ports are numbered differently to indicate their use and properties. These ports are called TCP, or Transmission Control Protocol Ports.  

SSL, or Secure Sockets Layer, is a technology that keeps internet connections secure. It encrypts and protects sensitive information and data as it’s sent between two systems (like your browser and another website or two servers). SSL stops cyber shadows and bots from reading or changing the information being sent between the systems (like credit card information during an e-commerce transaction.) 

Can data be transferred from one server to another without SSL? Sure can. But that’s like dancing with the devilish hackers themselves, exposing your information to any who care to intercept it.  

How can you tell if your connection to a website is secure? 

Look at the URL in the address bar in your browser. You’ll see that the URL starts with one of two things: it’s either HTTP or HTTPS. The HTTPS indicates a secure connection (and it uses port number 443.) HTTP is an unsecure internet protocol, (and uses port number 80.) 

Are you a website owner? It is your responsibility to secure your digital domain, both for you and your site visitors. Do so by purchasing and using SSL on your site.  

Advantages to using SSL: 

• Faster web page loading  
  • HTTPS loads pages faster than HTTP. Who waits around for a webpage to load nowadays when there’s always a competitor around the digital corner whose site might be faster? 
• SEO Improvement  
  • Your site is likely to rank higher in search results if you’re using HTTPS as opposed to HTTP. 
• Stop hackers and bad actors in their tracks  
  • SSL encrypts the data transferred back and forth between two systems. Even if these bad people and bots could somehow see the data being transferred, they won’t know what it says. 
• Maintain PCI Compliance  
  • PCI Compliance stands for Payment Card Industry Compliance. This is required by all credit card companies when making transactions online to further secure and protect against data and identity theft. 
  • Part of the PCI Compliance guidelines is that your site must use HTTPS, which means your SSL certificate needs to be configured on your site before you can accept payments via credit card for purchases. 
• No scary alerts  
  • If you’re using HTTP then chances are your site visitors are receiving notices telling them your website isn’t secure when they land on it. Frankly, this looks bad. It causes them to lose confidence in your site and odds are good they won’t be back. 

Protect Your Properties 

Do you seek the formula for digital security?

I’ll share it with you below. Strict adherence guarantees luck in your online endeavors…

Custodi Domum Digitalis Tuam

• Use strong passwords.  
  • Learn what makes for a strong password right here. 
• Install an SSL certificate.  
  • People are evermore distrustful of “HTTP” in their browsers and for good reason. They want to know you’re doing what you can to protect their information. Your SSL port indicates there’s a secure, encrypted connection keeping their data safe from prying eyes. 
• Use a reputable host.  
  • A reputable host has a proven history of maintaining their customers’ security and is capable of helping you address threats and malware should they occur.  
• Perform regular malware scans.  
  • Who has the time to manually monitor their online security? Sitelock Security protects your website from malware, viruses, hackers, and spam. It scans your site for these malicious things, automatically removing any it finds, and alerts you when something doesn’t look quite right. 
• Backup your site.  
  • Why? Backing up your website is the only guarantee you have that your site can be completely restored if it encounters an egregious issue. 
    • Human error (inadvertently deleting files), malicious cyber hackers, or outdated and unprotected themes and plugins can all introduce risk to your site.  
• Keep WordPress plugins or other site plugins and web apps up to date.  
  • The digital dark arts are ever-evolving. To stay ahead of them, keep your plugins up to date. Not doing so leaves your site vulnerable and open to attack. Not just that, but they can affect your site experience, causing issues for legitimate visitors.  
• Perform regular site audits and tests.  
  • As people, we’re constantly striving to improve ourselves. Why should that be any different for our websites and other digital properties? — Do they not represent us?  
  • This scroll contains the secrets to auditing your digital presence. Use it wisely.  
• Keep your finger on the pulse of your digital health.  

Protect Your Brand 

Digital dark artists understand the power of a name. It’s why they’re gunning for yours.  

Your name is irrevocably yours — it’s part and parcel of your brand — that special thing that makes you, you. It comprises every public-facing facet of yourself, and inversely, what people think of those facets – of you.  

Your personal brand CANNOT survive lies and deception.

This is why cybercriminals will always target it in addition to your digital properties, like your site and social media. If they capture your name, they control your narrative.  

How might they do this? Their nefarious options are legion.  

• Counterfeit websites.  
  • If a customer lands on a fraudulent site and suffers real-world harm (malware on their device, compromised sensitive information) they will always associate it with your name. Would you want to continue doing business with someone if their name alone caused you memories of traumatic events? Probably not.  
• Copyright piracy.  
  • Cyber shadows don’t care for honest work. They’ll illegally reproduce and disseminate your copyrighted materials, hurting your bottom line.  
• Trademark infringement.  
  • To convince others that they are who they say they are, hackers have no qualms about using trademarks in unauthorized manners.  
• Patent theft.  
  • A patent is representative of a great deal of work. Whatever your patent, behind it lies hours of ideation, creation, iteration, and finalization.  
  • A digital dark artist will take the easy route. They’ll do whatever they can to make, use, and sell your products without obtaining a license.  
• Impersonation on social media.  
  • Social media is a fantastic tool for building your brand and connecting with your audience. Until someone else does it for you and deceives your unwitting audience into revealing their private information.  

To protect your brand, follow these steps: 

• Acquire misspellings of your domain.  
  • Cyber hackers purchase variations of domain names in hopes of catching traffic that was intended for your site.  
• Purchase alternate domains/TLDs.  
  • Depending on your business, you might not want your brand name associated with a .sexy or .xxx domain name.  
  • Register those domains before someone else does and uses them to your detriment.  
• Focus on the aesthetics and elements of your brand that establish your authority.  
  • Increase trust in your customers’ inboxes by using a professional email address that matches your domain name. It helps them know they aren’t about to open a spam message and have their system infected with malware.  
  • Refer to this Branding and Website Design Checklist to ensure your brand is cohesive no matter where you are online — your site, your social media, and more.  

Abundant Caution Does No Harm  

It does not do to dwell on a false sense of security and forget the dangers that lurk about the Internet.  

Man the boundaries of your site, social media, and email accounts. Do your duty to protect your site, your customers, your brand, and your name.

And do make sure you aren’t late for class tomorrow.  

And when something is valuable, it deserves protecting.

We’re here to help you understand and navigate the security issues your website faces so that you’re prepared to handle them should they occur. Today, we’re delving into website security risks, website owner responsibilities, and how SiteLock Security helps keep your website secure.

SiteLock and Website Security

The state of cybersecurity

You might think that as a small business or independent contractor you’re not on any hacker’s radar, because who’d want to waste their time when there are bigger targets, right?

Think again. Small business websites are prime targets for hackers because they’re often not well secured, yet they still harbor a wealth of data and information.

In 2015, (which already seems eons ago) Ginni Rometty, IBM’s Chairman and CEO, stated that:

We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true – even inevitable – then cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.

That statement rings truer today than it did a mere five years ago. 4iQ says in their 2019 Identity Breach Report that “Cyber criminals [have] shifted their focus, targeting more small businesses, resulting in a 424% increase in authentic and new breaches from 2017.”

Whose responsibility is website security?

At its most basic level, website security is any action taken to protect your website from harm.

But whose job is it to make sure a website is secure? Well, as a website owner — it’s yours.

And there’s a lot to keeping a website safe, like maintaining secure passwords, patching vulnerabilities in different applications, and keeping plugins and tools up to date. But a website owner’s responsibilities don’t stop there. If a website does get infected with malware or hacked, it’s also their job to fix it.

Luckily, you don’t have to do these things on your own (okay, the password bit you probably should). There are tools, like SiteLock Security, that are designed to prevent and mitigate attacks and harm to your website.

Sometimes, we get asked, “Isn’t it my web hosting provider’s job to keep my website secure?” And the answer is no, it isn’t.

Jessica Ortega created this great, short YouTube video that explains the responsibilities of both website owner and web host when it comes to security.  In it, she interviews Ryan Austin, who paints the following analogy.

Think of your web hosting provider as the superintendent of an apartment complex. It’s their responsibility to make sure the building is secure from the outside, to keep the lights on in the parking lot, and ensure all is well outside of your apartment. Your website is like an apartment in the complex and it’s your responsibility to keep it secure — lock the doors and do your part to prevent intruders. If someone does get in because you’ve left a window or door unsecured, your superintendent isn’t at fault.

What happens if my site gets hacked?

Your website is central to your business, so if it gets hacked or infected with malware you face a number of potential consequences that range from a suspended site, to data theft and ransom, and loss of revenue and consumer trust.

If your web host detects malware on your site, they’re liable to suspend or take down your site. This is because they don’t want the malware on your site to spread and infect other sites. It’s similar to the idea of using quarantine to keep viral infections at bay.

A site infected with malware isn’t something you can keep under wraps. Google’s Chrome browser is the most used internet browser in 2020, and it’s not shy in warning its users away from websites that are possibly infected with malware. If they detect that your site is infected they’ll blacklist it and alert their users, as malware can spread to people who visit and interact with your site. Your potential customers won’t want to take the risk. Instead of doing business with you they’ll turn around and find a (safe and uninfected) competitor’s website.

And if your website is infected with malware, chances are you’ll have to restore it to an older version (assuming you have backups) or re-build it altogether, both options meaning you’ll have lost a lot of time and hard work.

The effects of website hacking are many and varied, but never pleasant. Here are five real-life examples of small businesses that got hacked and their devastating consequences.

How to keep your website secure with SiteLock Security

The security of your website should be a top priority, and there are things you can do today to help prevent and mitigate attacks to your site.

We know that small business owners, entrepreneurs, and people with side hustles wear a lot of different hats. It’s tough enough keeping up with the day-to-day aspects of running your business much less staying on top of online threats that are hard to see and harder to predict.

That’s why we’ve partnered with SiteLock Security to give you, and your website, some peace of mind.

Benefits of SiteLock Security

SiteLock Security protects your website from malware, viruses, hackers, and spam. It does this by scanning your site for these malicious things, automatically removing any malware it locates, and alerting you when something doesn’t look quite right.

In addition to the services they provide behind-the-scenes, SiteLock Security comes with a seal that you can display on your site. The SiteLock seal inspires confidence in your site; in fact, when SiteLock and Domain.com did a user study in 2014, we found that displaying the SiteLock seal can increase conversions by up to 15%.

SiteLock Security plans and features

At Domain.com we offer three different SiteLock Security plans: Essentials, Prevent, and Prevent Plus, to suit the varying needs of website owners.  

If you think you might need even more protection to maintain your website performance and security, we can help. Call us toll-free at (800) 403-3568 to speak to an expert and make sure that your website gets all the protection it needs.

Don’t delay when the security of your website and site traffic is at stake.

Hackers, malware, suspended websites — it all sounds like the stuff of small business nightmares… because it is. Save yourself a headache or ten by investing in your website’s security now. 

Get SiteLock Security today and rest easy knowing that your website is in good hands. 

Lately, news of online hacks and data breaches abound. You wouldn’t think that hopping online to buy a new sheet set from a major retailer could jeopardize your private and financial information, but for many of us, it’s happened and it’s a hassle.

So what can you do to reassure your website visitors and prospective customers that your site is a safe place to transact? Wouldn’t it be helpful if there was some kind of visual indicator?

Rest easy, because there is!

SiteLock Security is a website must-have

It’s called the SiteLock Security Seal and you can proudly display it on your website with any purchase of SiteLock Security.

That’s not the only benefit SiteLock Security provides. In fact, by the time you’re done with this article you’ll wonder how you ever published a site without it.

Let’s take a look at why you need SiteLock Security on your site.

Malware Scanning – What is malware? It’s a portmanteau, created from the words malicious and software, and it strikes fear into the hearts of Internet users the world over.

Ever heard of viruses or Trojans? How about ransomware or spyware? These are a sampling of different types of malware. Viruses spread from infected files to clean files and can cause extreme damage to websites. Trojans, a lá their namesake, are discreet — they create “backdoors” that allow other viruses into your computer, server, and security. Ransomware and spyware are what they sound like — one can hold your computer and its contents hostage while the other spies on your every action.

Depending on the SiteLock Security plan you choose we offer both daily and continuous malware scanning so you can relax in the knowledge and comfort that we have your, and your website’s, backs.

Automatic Malware Removal – All those nasty types of malware we just discussed?— yeah, we’ll automatically get rid of those for you if they’re detected by SiteLock Security. If you don’t have the time to manually scan and remove malware yourself (and who does?), don’t fret because we’ve got you covered.

Blacklist Monitoring – There are a lot of good lists out there that you want your name on, like the VIP list for that fantastic new eatery opening up around the corner. But a blacklist? Not so much.

If you find yourself on a blacklist your bottom line will feel the negative impact. So what is a blacklist and why is appearing on them detrimental to your site and business?

We’re betting SEO and where your website shows up in Google search results is important to you. (If not, it should be.) SiteLock’s Blacklist Monitoring will help ensure you don’t get put on one of Google’s blacklists, which would damage your domain and site reputation, and keep your site out of search results. 

Block Automated Bot Attacks – Bots, also known as Internet Robots, come in a variety of forms and perform numerous functions. Some bots are good, like the spiders and crawlers Google uses to search websites and determine the best results for people’s search queries. These are not the bots to worry about, and not what SiteLock protects against. SiteLock Security protects your site from bad bot attacks.

Bad bots exploit issues on your site and aggravate the effects of any malware on your site. Put simply, bad bots do bad things. Their functions run the gamut from logging keystrokes (that means they track and record the keystrokes your site visitors make — including when they enter sensitive and financial information and login credentials) to sending spam that can land you on blacklists.

DDoS Protection – What’s DDoS? It stands for Distributed Denial of Service. DDoS Protection prevents your site from succumbing to a DDoS attack, which can render your site unusable for the duration of the attack.

DDoS attacks are a particularly ugly form of bot attacks. What happens during a DDoS attack? It’s when multiple compromised computer systems (usually ones that have fallen prey to a Trojan virus) maliciously band together to flood your website and server — rendering your site unreachable because it’s overwhelmed. Sometimes DDoS attacks can last a few minutes, or in particularly bad cases, they can last for days. What would happen to your revenue if your e-commerce site was rendered unusable and unreachable for days on end? Nothing good, that’s for sure.

Advanced Web Application Firewall – You’ve probably heard of firewalls before as they’ve been around for a long time. Basically, firewalls are another way your site and server are protected from bad actors trying to infiltrate them.

Think of a firewall as a bouncer, and an advanced web application firewall (WAF) as the biggest, baddest bouncer around. When bots and other malicious entities try to reach your site and server to wreak havoc, your WAF won’t let them through the door.

Keep your website up and running with SiteLock Security

When it comes to Internet security, it pays to be safe.

Running an unsecured website is like playing Russian roulette with your digital livelihood. Don’t become a victim, unable to use or monetize your site due to DDoS attacks or Trojan viruses; instead, use SiteLock Security.

SiteLock Security is the guardian your website needs — never sleeping, always on, and always working in your best interest. If anything malicious is detected on your site you’ll receive email and account alerts, and you’re guaranteed a quick response time should we at Domain.com need to jump in and help with anything happening on your site.

So what are you waiting for? Safeguard your site today!