They “are many, varied, ever-changing, and [seemingly] eternal. Fighting them is like fighting a many-headed monster, which, each time a neck is severed, sprouts a head even fiercer and cleverer than before. You are fighting that which is unfixed, mutating, indestructible.”  

Today, should you choose to pay attention and follow the lessons of the illustrious Mistress Minerva, you might just learn a thing or two that’ll put you head (and shoulders) above the rest.  

First things first, let’s review our syllabus.  

Understanding Security Threats 

Class is in session.  

You are here learning to defend yourselves against that which cannot easily be seen.  

Dark creatures abound on the Internet. As we progress through our lessons, we’ll seek to identify and uncover them — all the while discovering what incantations and ingredients best keep their dastardly deeds at bay.  

These shadowy cybernauts seek to prey on us by accessing and damaging computers and networks. They revel in their ill-begotten spoils — in your business, personal, financial, or even medical information. And once they have it in hand, the damage has been done — no matter whether they’re holding it for ransom or auctioning it off to another digital shade. 

The average attack costs small to medium businesses $18,000. In the U.S. alone, 40% of cyberattacks swindle their victims to the cool tune of $25,000+, an 80% increase over last year. 

And do not be so naive as to think that all a cyberattack could cost you is money. As the professional sector is so often the target, both your reputation and customer base are at stake.  

In 2021, Norton discovered that 53% of mu—, I mean, adults, are more worried than ever about being a victim of cybercrime. Despite this, as of March 2022, 51% of SMBs have no protections against cyberattacks.  

As these shadows hone their prowess in performing feats of the darkest digital arts, so too shall we learn to combat them. 

Defend Against Phishing

Remember this: At their cores, cyber attackers are liars.  

They’ll feed you sweet words, send you messages appearing to be from positions of authority, and offer deals too good to be true, all in attempts to ensnare you.  

Their goal? To compromise you. To access your accounts and gain mastery over your assets.  

But how can they achieve such things without certain personal information, like usernames and passwords? 

There’s one vulnerability these silver-tongued, digital serpents know is always exploitable: You.  

These are known as social engineering attacks, and they skirt cybersecurity tools by way of human loopholes.  

Last year, the average cost of phishing attacks reached $4.24 million dollars. And that cost comprises a variety of things, like: 

• Stolen funds or direct monetary loss.
• Damage to brand and reputation.
• Compliance fines and penalties.
• Loss of customers.
• Loss of revenue.
• Cost of response and remediation.
• Legal fees.
• And others.

Do be careful — there are many forms of social engineering attacks. Below, we’ll learn how to identify them.  

A Compendium of Social Engineering Attacks  

• Phishing  
  • Here, digital dark artists use illusion to befuddle, confuse, and fish for your information. 
  • They’ll send emails appearing to be from a legitimate company asking you to update your payment method. Or you’ll receive a text from an unknown number asking that you confirm your next doctor’s appointment by clicking a link. Perhaps they’ll disguise malware or viruses as an unassuming attachment, lulling you into a false sense of security so that you’ll click “Download,” and infect your device.  
  • Phishing attacks are the handiwork of opportunistic cybercriminals — they have no specific target. 
  • Whispers say these attacks are alleged to have been created by a Nigerian prince, though it cannot be confirmed.  
• Spear Phishing
  • Like phishing, but with an intended target, either an individual or a larger organization.  
• Angler Phishing  
  • Fake customer service accounts on social media pose as legitimate business accounts in hopes that you divulge your login information to said service.  
• Whaling
  • A form of spear phishing targeting a high-profile or wealthy person or organization.
  • High-profile targets often equate to larger payouts, so these are especially enticing to those practicing the digital dark arts.
• Smishing
  • Phishing attempts done via SMS/Text.
• Vishing
  • Phishing attempts communicated via telephone.
• Baiting
  • Mind your curiosity. Nefarious cybernauts know that humans are prone to wonder and they use it to their advantage.
    •  Online Baiting Example: A pop-up or landing page claims that you’ve won an incredible amount of money! All you have to do is click a link to claim it. That link is chock-full of malware, unbeknownst to the target.  
    • Offline Baiting Example: Occasionally, our dark artists leave the Internet and enter the physical world. They may leave a non-descript USB stick strategically abandoned in a high-traffic cafeteria of a large business, knowing someone will be curious and plug it into their computer to find out more. But that USB stick is rife with malware — Avada Kedavra your network.
• Piggybacking (AKA Tailgating)  
  • Another form of in-person social engineering. In these scenarios, a scammer attempts to enter a secured premise immediately behind someone who has access.  
  • To prevent it, don’t let anyone into restricted areas after you. Ensure they have ID and make them use it to enter the premises, just as you had to do. 
  • These dark artists do not have your best interests at heart. They anticipate that you’ll be “too nice” to say anything to stop them, thereby giving them access. 
•  Business Email Compromise  
  • Last year, the FBI received almost 20,000 reports of business email compromise. 
  • These attacks range from cyber scammers spoofing emails posing as employees or other trusted persons requesting sensitive information in their emails, to full account compromise. That’s when a hacker gains access to a legitimate account, instead of just spoofing one to look like it.  
• Quid Pro Quo  
  • Fake tech support scams fall firmly into this camp. Someone calls or messages saying that your device is infected, or that you’re eligible for a software upgrade. All you have to do is give them your credentials and they’ll ensure you’re taken care of. Do not believe their lies.  
• Scareware  
  • Fear is a big motivator. Cyber attackers create pop-ups that appear in your browser saying something to the effect of, “Your system/device has been infected! Click here to fix.” 
  • Don’t click, never click. Doing so will ensure your device becomes infected. It’s a self-fulfilling prophecy. 

With only a cursory glance, perhaps you won’t realize these are naught but lies. They’ll send you sweet messages, deals simply too-good-to-be-true, and indiscriminate vagueries to pique your interest and ensnare you.

Use your powers of logic and observation. Ask yourself, “Is this too good to be true?” and “Does this message make sense based on the sender?”, “Do I recognize the sender’s domain name?” and “Why would this person be asking that of me?” If anything seems out of character, think twice about continuing any further.

If you engage positively with them — clicking their links or answering their texts — they win.  

Too much protection isn’t a thing. In addition to reviewing everything with a critical eye, you can use the following tools to keep your website and business email secure.  

Cryptology 

How does information remain secure when it’s communicated over the Internet? 

To answer that, we’ll need to take a step back and understand what happens when you traverse the interwebs.  

Whenever you open up your computer to visit a website you’re quite literally docking into the Internet like a boat would dock at a port. Once someone is docked, they’re then able to communicate information to and from others who are also docked. Ports are numbered differently to indicate their use and properties. These ports are called TCP, or Transmission Control Protocol Ports.  

SSL, or Secure Sockets Layer, is a technology that keeps internet connections secure. It encrypts and protects sensitive information and data as it’s sent between two systems (like your browser and another website or two servers). SSL stops cyber shadows and bots from reading or changing the information being sent between the systems (like credit card information during an e-commerce transaction.) 

Can data be transferred from one server to another without SSL? Sure can. But that’s like dancing with the devilish hackers themselves, exposing your information to any who care to intercept it.  

How can you tell if your connection to a website is secure? 

Look at the URL in the address bar in your browser. You’ll see that the URL starts with one of two things: it’s either HTTP or HTTPS. The HTTPS indicates a secure connection (and it uses port number 443.) HTTP is an unsecure internet protocol, (and uses port number 80.) 

Are you a website owner? It is your responsibility to secure your digital domain, both for you and your site visitors. Do so by purchasing and using SSL on your site.  

Advantages to using SSL: 

• Faster web page loading  
  • HTTPS loads pages faster than HTTP. Who waits around for a webpage to load nowadays when there’s always a competitor around the digital corner whose site might be faster? 
• SEO Improvement  
  • Your site is likely to rank higher in search results if you’re using HTTPS as opposed to HTTP. 
• Stop hackers and bad actors in their tracks  
  • SSL encrypts the data transferred back and forth between two systems. Even if these bad people and bots could somehow see the data being transferred, they won’t know what it says. 
• Maintain PCI Compliance  
  • PCI Compliance stands for Payment Card Industry Compliance. This is required by all credit card companies when making transactions online to further secure and protect against data and identity theft. 
  • Part of the PCI Compliance guidelines is that your site must use HTTPS, which means your SSL certificate needs to be configured on your site before you can accept payments via credit card for purchases. 
• No scary alerts  
  • If you’re using HTTP then chances are your site visitors are receiving notices telling them your website isn’t secure when they land on it. Frankly, this looks bad. It causes them to lose confidence in your site and odds are good they won’t be back. 

Protect Your Properties 

Do you seek the formula for digital security?

I’ll share it with you below. Strict adherence guarantees luck in your online endeavors…

Custodi Domum Digitalis Tuam

• Use strong passwords.  
  • Learn what makes for a strong password right here. 
• Install an SSL certificate.  
  • People are evermore distrustful of “HTTP” in their browsers and for good reason. They want to know you’re doing what you can to protect their information. Your SSL port indicates there’s a secure, encrypted connection keeping their data safe from prying eyes. 
• Use a reputable host.  
  • A reputable host has a proven history of maintaining their customers’ security and is capable of helping you address threats and malware should they occur.  
• Perform regular malware scans.  
  • Who has the time to manually monitor their online security? Sitelock Security protects your website from malware, viruses, hackers, and spam. It scans your site for these malicious things, automatically removing any it finds, and alerts you when something doesn’t look quite right. 
• Backup your site.  
  • Why? Backing up your website is the only guarantee you have that your site can be completely restored if it encounters an egregious issue. 
    • Human error (inadvertently deleting files), malicious cyber hackers, or outdated and unprotected themes and plugins can all introduce risk to your site.  
• Keep WordPress plugins or other site plugins and web apps up to date.  
  • The digital dark arts are ever-evolving. To stay ahead of them, keep your plugins up to date. Not doing so leaves your site vulnerable and open to attack. Not just that, but they can affect your site experience, causing issues for legitimate visitors.  
• Perform regular site audits and tests.  
  • As people, we’re constantly striving to improve ourselves. Why should that be any different for our websites and other digital properties? — Do they not represent us?  
  • This scroll contains the secrets to auditing your digital presence. Use it wisely.  
• Keep your finger on the pulse of your digital health.  

Protect Your Brand 

Digital dark artists understand the power of a name. It’s why they’re gunning for yours.  

Your name is irrevocably yours — it’s part and parcel of your brand — that special thing that makes you, you. It comprises every public-facing facet of yourself, and inversely, what people think of those facets – of you.  

Your personal brand CANNOT survive lies and deception.

This is why cybercriminals will always target it in addition to your digital properties, like your site and social media. If they capture your name, they control your narrative.  

How might they do this? Their nefarious options are legion.  

• Counterfeit websites.  
  • If a customer lands on a fraudulent site and suffers real-world harm (malware on their device, compromised sensitive information) they will always associate it with your name. Would you want to continue doing business with someone if their name alone caused you memories of traumatic events? Probably not.  
• Copyright piracy.  
  • Cyber shadows don’t care for honest work. They’ll illegally reproduce and disseminate your copyrighted materials, hurting your bottom line.  
• Trademark infringement.  
  • To convince others that they are who they say they are, hackers have no qualms about using trademarks in unauthorized manners.  
• Patent theft.  
  • A patent is representative of a great deal of work. Whatever your patent, behind it lies hours of ideation, creation, iteration, and finalization.  
  • A digital dark artist will take the easy route. They’ll do whatever they can to make, use, and sell your products without obtaining a license.  
• Impersonation on social media.  
  • Social media is a fantastic tool for building your brand and connecting with your audience. Until someone else does it for you and deceives your unwitting audience into revealing their private information.  

To protect your brand, follow these steps: 

• Acquire misspellings of your domain.  
  • Cyber hackers purchase variations of domain names in hopes of catching traffic that was intended for your site.  
• Purchase alternate domains/TLDs.  
  • Depending on your business, you might not want your brand name associated with a .sexy or .xxx domain name.  
  • Register those domains before someone else does and uses them to your detriment.  
• Focus on the aesthetics and elements of your brand that establish your authority.  
  • Increase trust in your customers’ inboxes by using a professional email address that matches your domain name. It helps them know they aren’t about to open a spam message and have their system infected with malware.  
  • Refer to this Branding and Website Design Checklist to ensure your brand is cohesive no matter where you are online — your site, your social media, and more.  

Abundant Caution Does No Harm  

It does not do to dwell on a false sense of security and forget the dangers that lurk about the Internet.  

Man the boundaries of your site, social media, and email accounts. Do your duty to protect your site, your customers, your brand, and your name.

And do make sure you aren’t late for class tomorrow.  

In large part, that’s due to something called Secure Sockets Layer, or SSL. SSL is a technology that keeps internet connections secure. It encrypts and protects sensitive information and data as it’s sent between two systems (like your browser and another website or two servers). SSL stops bad people and bots from reading or changing the information being sent between the systems, like credit card information during an e-commerce transaction.

If you have a website or are in charge of the web hosting for your business, you need to understand the importance of data privacy and securing internet connections. As you begin your research, you’ll come across the term “SSL port” and that’s what we’re focusing on today.

What is an SSL port?

Data can be communicated between systems (like your web browser and your favorite online shopping website) with or without SSL. But the SSL port number is what indicates whether or not your connection is secure.

How can I tell if my connection to a website is secure?

Look at the URL in the address bar in your browser. You’ll see that the URL starts with one of two things: it’s either HTTP or HTTPS. The HTTPS indicates a secure connection and it uses port number 443. HTTP, an unsecure internet protocol, uses port number 80.

What is a port?

Whenever you open up your computer to visit a website you’re quite literally docking into the Internet, like a boat would dock at a port. Internet ports are numbered differently to indicate what the ports are used for and what they offer. These ports are called “TCP Ports” and that stands for Transmission Control Protocol.

If you’re diving into the world of websites and hosting, it’ll be helpful to know what the most commonly-used ports are and their assignments, or their purpose.

How Are TCP Ports Used?

TCP is pretty reliable. In order for TCP ports to work, there must be an “anchored connection” between Point A, where the data or request originates, and Point B, where the data or request is being sent. The only way that transmission of data will fail with TCP is if the connection between Points A and B is lost, like if you lost your internet connection.

What are the more common TCP Ports?

What’s the relationship between HTTPS and SSL?

To understand how SSL and HTTPS work together, let’s first go back to the unsecure HTTP. HTTP and HTTPS aren’t that different. In fact, the only difference is that when HTTPS creates and maintains a secure internet connection, it’s doing so with SSL.

How do I secure my website with SSL?

You want your site visitors and customers to trust you. You want them to have faith in your site and know that the information they’re sharing with you during a purchase is safe and secure. The way to go from HTTP (a visual marker of an unsecure site) to HTTPS (the visual marker of an SSL-secured site) is to install an SSL certificate on your website server. This certificate verifies your site’s identity so that information can be passed securely from your web server to your visitors’ browsers.

Is SSL a certificate or a protocol?

SSL certificates and HTTPS protocol are two separate things. But together, they make for a mighty secure internet connection.

Think of the HTTPS protocol as the physical structure that allows encrypted information to travel securely from point A to point B.

SSL certificates are what encrypts the information being shared over that HTTPS structure. However, you must keep in mind that the SSL certificate itself isn’t going to do anything for you. It only works once you’ve configured and set it up on your server.  

Isn’t SSL outdated?

If you’re researching SSL then you’ve probably come across the term “TLS.” Is it really a new and improved version of SSL? What are we all doing still talking about and using SSL? Don’t worry folks, we’ll explain.

TLS stands for Transport Layer Security, and it’s definitely a newer and better version of SSL. However, the term SSL is so well known that it stuck around even after TLS was introduced. So when you purchase SSL you’re in fact purchasing TLS (it’s like SSL plus).

What are the differences between TLS and SSL?

The original SSL was developed back in the wild & wooly 90s by a company called Netscape (remember them?). TLS isn’t too different, it uses many of the same technologies and protocol, but it’s been updated to withstand the security risks and issues of today’s world. TLS provides stronger encryption, but remember, it’s still referred to as SSL because that’s the more well-known name.

Why does my SSL port matter?

You need to configure your SSL certificate on your web server to get “HTTPS” to show in your website’s URL in the address bar. This indicates that you’re using an SSL port, which means the connection created between your site and someone’s browser is secure.

People are growing evermore distrustful of seeing “HTTP” in their browser and for good reason. With the amount of hacks and data theft happening today, people want to know you’re doing what you can to protect their information. Your SSL port indicates there’s a secure, encrypted connection that will keep their data away from malicious prying eyes.

Advantages to using SSL

• Faster web page loading
  • HTTPS loads pages faster than HTTP. Who waits around for a webpage to load nowadays when there’s always a competitor around the digital corner whose site might be faster?
• SEO Improvement
  • Your site is likely to rank higher in search results if you’re using HTTPS as opposed to HTTP.
• Stop hackers and bad actors in their tracks
  • SSL encrypts the data transferred back and forth between two systems. Even if these bad people and bots could somehow see the data being transferred, they won’t know what it says.
• Maintain PCI Compliance
  • PCI Compliance stands for Payment Card Industry Compliance. This is required by all credit card companies when making transactions online to further secure and protect against data and identity theft.
  • Part of the PCI Compliance guidelines are that your site must use HTTPS, which means your SSL certificate needs to be configured on your site before you can accept payments via credit card for purchases.
• No scary alerts
  • If you’re using HTTP then chances are your site visitors are receiving notices telling them your website isn’t secure when they land on it. Frankly, this looks bad. It causes them to lose confidence in your site and odds are good they won’t be back.

Where can I get SSL for my website?

Domain.com offers a variety of different SSL certificates to suit you and your websites’ needs.

Only need basic SSL protection so your customers see your site is secure and you improve your Google search rankings? We offer that.

Do you have multiple subdomains that need SSL protection? We offer that, too.

And what if you have an e-commerce site and require even more protection for your customers’ data? Yeah, we’ve got you covered.

All of our SSL offerings come with a warranty ranging from $10K – $1,750,000 USD and a visual indicator that your site is secure.

Take a look at our plans and let us know if you have any questions about those, or SSL in general, in the comments.  

Hardly.

SSL stands for Secure Sockets Layer, and you need it if you want your website visitors and potential customers to trust you and your site. Stick around as we dive into the details regarding SSL — you’ll learn what it does, how it can affect your SEO efforts, and how it influences people’s trust in your site. 

What is SSL and how does it work?

What exactly is a Secure Sockets Layer? Dictionary.com defines SSL as “… a protocol that uses encryption to ensure the secure transfer of data over the Internet.”

In a nutshell, SSL is a technology that keeps your website visitors’ personal information private (and away from hackers) when they submit it on your website. 

Fun fact: The original SSL technology has since been replaced by an updated version, called TLS or Transport Layer Security, but the collective Internet is so used to the term SSL that we keep using it.

Think of it this way: Whenever someone fills out a form or submits information on a website their information has to digitally travel from point A (where they submitted it) to point B (where it’s stored).

If the website they’re using isn’t secure, or doesn’t use SSL, then hackers can intercept and read the information being transmitted. This is called a man-in-the-middle attack and you won’t know it’s happened until it’s too late. 

Secure websites, or those that have an SSL certificate, are less likely to fall prey to any MITM attacks. When SSL is used, the connection between your computer and the other site is secured and heavily encrypted, making it nearly impossible for hackers to snag any information being passed back and forth. 

Put yourself in your site visitors’ shoes. If you like to do online shopping or banking, wouldn’t you feel better knowing your information is transmitted via a secure connection? We sure would. And a survey by GlobalSign found that “85% of online shoppers avoid unsecure websites.” That’s a lot of business you could be missing out on. 

How to identify a secure site. 

Websites can’t hide their security status. In fact, most browsers will alert you to a site’s security status in the URL bar. 

How do you know if a site isn’t secure?

If you use Chrome, you’ll see an alert that looks like this:

If you click on the information icon, you’ll get the following message:

What will you see on a site that has SSL enabled?

On Chrome, you’ll see a little padlock icon to indicate a secure site. 

If you click on the padlock icon, you’ll receive the following message:

Alternately, you can look to the website’s full URL in the browser’s address bar to find out whether or not it uses SSL.

• Not secure websites: URLs will start with “HTTP://…”
• Secure websites: URLs start with “HTTPS://…,” where the S stands for secure.

Secure websites perform better in search engine results

Since 2014, Google has said that they use HTTPS as a ranking signal in search results. 

What does that mean for you?

If your website has SSL then it’s more likely to show up higher in SERPs (search engine result pages) than a site that isn’t secure. Even if you’re not collecting visitors’ information on your website, you need SSL so you aren’t penalized in search results. 

Google has pledged to “continue working towards a web that’s secure by default,” so we don’t think HTTPS importance will decrease any time soon. 

How can you add SSL to your site?

It’s easy with Domain.com — we offer a variety of SSL certificates to fit your needs. Here are the plans and details so you can identify the best option for your site. 

LetsEncrypt Free SSL – If you have a basic website and don’t collect any sensitive information from your visitors, then this option should suffice. Search engines and visitors will see that your site is secure and that will increase their trust in you.

Before getting SSL for your site, you’ll need to make sure you have your domain name and hosting. Then, you can log into your account to turn on your free LetsEncrypt SSL. 

If you actively collect customer information (even if it’s just an email address) on your site or manage an e-commerce site then consider purchasing a more advanced SSL offering, like one of the following, all powered by Comodo SSL.

Domain Validated SSL – Secure your customer information, help boost your Google search rankings, and receive the TrustLogo® Site Seal to display on your site. You’ll also be backed by a warranty from Comodo SSL for up to $10,000 to protect the end user.

Wildcard SSL – Our Wildcard offering will give you all the features of the previous plan along with the ability to protect multiple subdomains. You’ll receive a warranty of up to $250,000 to protect the end user with this plan.

E-Commerce SSL – This is our best SSL plan and is ideal for those with e-commerce websites, and offers a green “trust” visual bar for your site, like you see in the image below, and up to a $1,750,000 warranty for the end user. 

Rest easy knowing you’re secure with SSL

The importance of having SSL on your website is only going to increase. 

Google is without a doubt the most popular search engine, and they aren’t pulling any punches when it comes to making the Internet a safer place for all of us.

If you don’t have SSL you risk having your site pushed down in search engine results and losing your site visitors’ trust. Get SSL today, and turn your site into a trusted resource.