The world had a wake-up call to make it take online security seriously on the weekend, when a large-scale ransomware campaign called “WannaCry” locked down computers at thousands of organisations globally, including those of some Australian businesses and individuals, demanding ransom money for their release.
We’ve known these cyber thugs have had this ability for some time, but this past weekend might have a silver lining if it prompts us all to take this matter seriously.
Why is an Adelaide-based marketing agency shouting this message from its rooftop?
It’s because we don’t want our clients to invest money with us to craft persuasive, online marketing material, and configure online transactions and communications, only to see the darkest and most evil minds on the planet deploy their poison to suck money away from the noble few who are actually working to create community and commerce.
Here is our hitlist, which should make a sound starting point if you want to “harden up” your online presence.
But, as computer security expert, Associate Professor Richard Buckland told the University of NSW as part of its Computing Public Lecture Series last year, you will be hacked.
Therefore, the purpose of this article is to help you NOT be the lowest hanging fruit in the eyes of the thugs, gangsters, and psychopaths who make up the hacking community.
You’re online in more ways than you might think
When we talk about your interaction with the world through online means, this includes your computers, tablets, and phones, as well as the any IoT (internet of things) items you might own, such as networked fridges, air-conditioning, security systems, etc.
Furthermore, your exposure has numerous touchpoints, such as browsers, websites you visit, websites you own, email accounts, social media accounts, online services like banking and streaming TV, apps, ecommerces systems and payment gateways, plugins, software, even the firmware on your router that gives you access to the internet!
So, our first challenge is to make sure our computers, networks, and devices are all secure.
This means strong login passwords, two-factor authentication (when possible, more later), and regular updating of software and firmware on all devices and software.
Smart password management is the go when you take online security seriously
We are now in an era in which it is no longer good enough to either:
- Use the same password across multiple sites
- Use special ways to make and remember a string of complicated passwords
- Write passwords on sticky notes (cyber crime is often committed by people you trust, sadly)
- Rely on those security questions about the street you grew up on
To stay abreast of the assault on passwords and logins, there are two tools to try to use together, namely:
- Use a password manager
- Use two-factor authetication
With a password manager and, where possible, two-factor authentication, you have gone a long way to securing your various online entities.
You create and account with one of them, craft the hardest, most unique password you will be able to remember, and then let the manager gradually change your passwords across your various sites – start with the most important ones, like banks, email, and Facebook.
After this, you will always be able to login to sites with hard passwords but all you need to remember is just one password.
Yes, these services are as safe as you can hope to expect. They use military grade encryption and not even password manager staff can read your files.
Secondly, where offered, use a website’s two-factor authentication service.
This simply means that when you try to log in, the service or site will SMS you a code to enter to prove you are you. This means even if your device is compromised, crooks won’t get further than the front door.
Keep your website up-to-date
One of the surest ways to stay safe with your website is to keep its content management system and apps up-to-date.
We work with WordPress and we have found the sophistication of WordPress, security apps, and many of the trusted plugins we use on client sites, keep prying pests away.
The key, apart from strong passwords, is keeping WordPress, its plugins, and its themes up-to-date. This only takes a few minutes a week, akin to sweeping the front of the shop, and it really does keep you in the too hard basket for online thugs.
We help clients stay on top if updates with our WordPress Website Maintenance Plan.
It costs $49 a month and for that we keep WordPress and its plugins and themes up-to-date. Click her for more details about our WordPress Maintenance Package.
Antivirus, firewalls and anti-ransomware protection
Our IT providers have analysed the various antivirus options available and currently they recommend Bit Defender as a well-priced, actively-updated solution for protecting your devices.
Bit Defender is one of the better options on the market, with optimisation tools for keeping your computers running more smoothly, along with easy ability for you to take control or leave in fully automatic mode.
The key thing is that you don’t settle for a free antivirus solution. Rarely do they offer any help at all and, in some cases, use of free antivirus for business purposes can land you in legal hot water.
Develop your street smarts
Another action to take is to get meaner.
Yes, you basically need to suspect every email and social networking friend request, as a scam, designed to hook you in.
Because these scummy individuals keep trying new ways of tricking you out of your login credentials, it is hard to say exactly what to suspect, but here is my list.
- Unsolicited emails asking me to click a link to log in to update details
- Unsolicited emails asking me to open or download attachments
- Social media friend requests from strangers or from people I know (many scammers copy someone’s details and create fake account profile). I especially ignore and report friend requests from accounts supposedly from young women striking provocative poses – I know my place!
- Unsolicited emails or phone calls from people claiming to have found problems with my website or my SEO rankings. These tricksters throw in a little jargon to fool non-experts and then scare them intto handing over details and/or buying “support” packages
- Emails about domain name renewals, web hosting renewals, courier parcels, ATO fines, court summonses, or a myriad other official-sounding correspondence. I simply use such emails as a trigger to log in to the service providers directly and check for updates. Your Baker Marketing consultant is happy to pass an opinion if/when you receive suspicious looking emails that relate to your online website or services – we’ve seen them all before.
Sometimes, your own email address is the access the key because it has been scraped from a hacked service provider.
If you want to know whether your email is sitting in a list for sale on the dark web, visit Have I Been Pwned.
Finally, there are other things to consider as well, such as getting some backup sorted out with your IT advisor so that if and when your system breaks, you will be able to restore your services quickly, getting an SSL or TLS certificate for your website to be encrypted, and even considering a Virtual Private Network so you are always anonymous when you go online (I use privateinternetaccess.com).
So, to avoid the feeling that you WannCry over these cyber bullies and thugs, follow the steps above, and remember we’re here to help with our advice and our WordPress back up package for our clients.