Website Security: Hiring the Right Body Guard for your Business.
Take a look at what exactly website security is and why it is important to your online business. Let’s first put this in perspective- remember the movie “The Bodyguard” where Kevin Costner plays the true and trusted security to Ms. Whitney Houston and would do anything for her? She was an established talent in the media and needed protection from all the corruption that surrounded her. Now, in the technology world once you’ve established yourself as a business of any type of importance there are unfortunately “hackers” out there who want to steal your sunshine and bask in your limelight. They’ll take you out for a lobster dinner and pick up the tab…compliments of your clients credit card information! Here at Maine Hosting Solutions we pride ourselves in being a local bodyguard for our customers. Think that Kevin Costner would ever let Whitney down? We think not. And just like Costner- we will not let YOU down.
Understanding Why Website Security is Important:
An alarming 80% of all information entered online is not safe if you do not have your computer protected. Website security and testing is a critical step that you must take in order to protect your online business and to make it successful. Making the security of your site a top priority is crucial to your credibility as well as the protection of you and your customers. Understanding that and taking the steps to properly implement practices can mean increased sales and much more business.
Whenever you or a customer enters personal information online which can include: credit card information, social security numbers or banking accounts on your website that information has to go through a number of different transits before arriving to the financial institute. En route, that information can be collected by identity thieves which can lead to an extremely messy and inconvenient situation which could have easily been avoided by using an online security method.
What is a SSL: Secure Lockets Layer:
If you plan on entering into the world of E-Commerce by offering any goods or services on your site- you MUST enable an SSL to keep your information safe. Here is an overview of what an SSL is and what it can do for your business:
- A Secure Sockets Layer (SSL) is a type of protocol that enables a security system within your site- making online transactions safe.
- SSL certificates are especially important for any E-Commerce sites where money transactions are taking place.
- Once personal information is entered on a site- an SSL will encrypt the data and scramble it into random letters, numbers and symbols. By doing this, it makes the info unreadable to anyone trying to intercept.
- Only the particular SSL you have installed can descramble the useless data and turn it back into readable material once it hits the banks system. It does this by issuing a “key” within your computers server and can lock and unlock personal information as needed or when detected.
- There are multiple types of SSL certificates you can order and the costs change based on the levels…highest being the most expensive. The cost will be worth it however since more customers will be apt to buy from your site when they feel like their information is being protected. *Secret Tip: Another great benefit of having an SSL certificate if you have a business website is that you can write it off as a tax deduction at the end of year.
Why Hire MHS as a Bodyguard:
MHS will purchase, install and test your Security Certificate for you. No hassles, not fuss!
Click here for more informaiton
If you’ve shopped online, chances are you’ve spent money with Amazon. Perhaps you’ve also shopped at the websites of the national stores you see locally. And possibly, you’ve shopped, or thought about shopping, at a smaller, more specialized website, with or without a brick and mortar location.
- Before you enter your credit card number, you need to feel comfortable. Sales are lost every day when a consumer has second thoughts about the security of a transaction.
- So if you’re selling online, you’re likely competing with brands that are more famous, and more trusted. How can you vie for your piece of the spending?
First, make sure you’re trustworthy!
- Is your online store PCI compliant? (Has it passed the rigorous tests set up by credit card companies for security?) Many ecommerce programs don’t pass the test. And they’re still out there! If you’re not sure, give us a call and we can check with you.
Second, make sure you appear trustworthy!
- Have a professionally designed, easy to navigate site. Include your physical location, a phone number to reach a real person, and perhaps pictures of your location. Go a step further and include profiles of yourself and your staff. Reassure customers that real people are serving their needs at a legitimate operation.
Finally, make it easy for us to give you money!
- Is your shopping cart system easy to navigate? Really? We’ve personally had shopping experiences where we got our choices into the cart and then couldn’t figure out how to check out. Shoppers lack patience. Make it super easy to give you money. Because if you can’t make the buying experience easy, customers will start to doubt that they want to work with you at all. And give us a giant BUY NOW button!
Are you sure your ecommerce is up to the job?
Contact us for personalized advice.
- Who has to be PCI Compliant? Everyone who has any contact with credit card information, including websites which automatically transmit credit card data to an authorized gateway must be audited on a yearly basis and must submit PCI compliant quarterly reports.
- What is PCI compliance? It the adherence to the set of rules set forth by Visa, Master Card, American Express and others in the credit card industry.
- Their basic goal is for everyone who is accepting credit cards to follow the same set of standards to be sure that credit card information submitted by your client cannot get compromised in the process of handling their transaction with you.
- When do I need to be PCI Compliant? Different merchant providers are implementing PCI Compliance at different times. However, there is no better time to achieve this status, for your OWN Protection. Stolen credit card data can result in the lose of your merchant services, as well as impact your ability to apply for merchant services in the future.
- Where can I find a PCI Compliant web host? Right here! Our unique all-in-one approach addresses all aspects of eCommerce including PCI Compliance.
- E-commerce Software: Shopp or WooCommerce
- Security Certificate: 2048 Bit GlobalTurst SSL
- Server Environment: Full Intrusion Hardened
- PCI Compliance: ControlScan Verified
- Merchant Services: Cayan
- Payment Gateway: Authorize.net
- Antivirus Software: ClamAV, CSX, Sucuri
- Anti-spam software: Our Exclusive Anti-Spam Engine
- Web Application Firewall: Applicure
- Redundant Backups – R1Soft
- Secure FTP – sFTP
- Feature Packed Web Hosting
Call for a complete PCI Compliant Web Hosting Quote.
Call toll free 1-888-200-8008
What is Phishing?
“Phishing” is when criminals use email, phone and online scams to purposefully and maliciously trick people into sharing information such as passwords, Social Security numbers, account and credit card details and even your mother’s maiden name! Phishing is Phraud and it is a crime.
- Educate yourself, your family, and if applicable, your co-workers, clients and business partners on what Information Theft is, and what you can do to protect yourself.
- No legitimate business or government agency will ever ask for personal information via email or phone unless you initiate the contact. If you receive such a request, DON’T RESPOND.
- According to a Federal Trade Commission report, Information Theft is the fastest growing crime in the United States. It occurs once every 79 seconds on average. In 2005, the cost to consumers was in excess of $5,000,000,000, while the cost to businesses was in excess of $47,000,000,000. The average consumer loss from a phishing attack is $1200.
- According to a Symantec presentation, 1 out of every 125 emails sent is a phishing attack. In 2005, phishing attacks rose by 90%.
- The Anti-Phishing Working Group reports that 5.7 billion phishing emails are sent each month, and that over 150,000 unique phishing attacks and 3,000 phishing websites are reported per month.
What information are Phishers after?
Phishers are interested in gathering information which, by nature, is private and/or confidential, especially if this information can help them steal your identity.
Information Theft targets a wide array of information, including, but not limited to:
- Social Security Numbers.
- Driver’s License Numbers.
- Date and Place of Birth.
- Mother’s Maiden Name.
- Account Numbers.
- Personal Information.
- Any confidential information that criminals can either directly use or resell.
- Do not disclose any personal information unless the requester has a valid need for the information.
- Don’t hesitate to ask how your information is going to be protected.
- Never agree to have your information shared or sold.
- Remember: No legitimate business or government agency will ever ask for personal information via email or phone unless you initiate the contact. If you receive such a request, DON’T RESPOND!
How NOT to become a Victim.
Phishing may appear to be an anonymous crime, but it is not a victimless crime. However, we have good news: simple techniques exist to NOT become a Phishing Victim.
- Never provide confidential information unless you started the conversation. Never answer an email, pop-up, phone call, letter, etc. that asks for personal information. Legitimate companies do NOT ask for this information, ever!
- Be suspicious! Because something is written down in an email or in a pop-up does not mean that it is true and legitimate.
- Do not click on a link provided in an email or enter information in a pop-up window. Go to the website yourself and from there navigate to the area of interest.
- Use anti-malware solutions that are updated. This will stop the installation of crimeware on your computer that could harvest your information.
- Do not use public computers or wireless networks to conduct confidential activities. This includes wi-fi hot spots, kiosk computers, cybercafés.
- Shred all documents that contain personal, sensitive or confidential information.
What to do if you have been phished?
If you are a phishing victim, it is important for you to follow these simple instructions to minimize the damage caused by the criminals who stole your information.
- Place a Fraud Alert on your Credit Report.
- Close the accounts that you know, or believe, have been tampered with or opened fraudulently.
- File a police report.
- File a complaint with the Federal Trade Commission. By sharing your identity theft complaint with the FTC, you will provide important information that can help law enforcement officials across the nation track down identity thieves and stop them. The FTC can refer victims’ complaints to other government agencies and companies for further action, as well as investigate companies for violations of laws the agency enforces.
- Monitor your bank accounts, credit card accounts and credit report.
Spotlight on Reporting Action Plan:
- Write down the name of everyone you talk to, what he or she tells you, and the date the conversation occurred.
- Follow up in writing with all contacts you’ve made on the phone or in person. Use certified mail, return receipt requested, so you can document what the company or organization received and when.
- Keep copies of all correspondence or forms you send.
- Keep the originals of supporting documents, like police reports and letters to and from creditors; send copies only.
- If you are a victim of phishing, others in your community will be, too. The sooner you report it, the sooner you can help protect your community against these criminals!
Should you change your password?
If you have a poor password your website is at risk! Spammers and Phishers constantly try to break into websites that have poor passwords, once in they use your website to host fake websites intended to deceive people into proving private information, or they use your website’s sendmail service to send spam from YOUR email address. The #1 way to protect yourself is YOUR PASSWORD. We encourage all users to choose a difficult password using the following tips listed below.
Passwords aren’t suppose to be easy, they are intended to protect you, so don’t make it easy!
Login NOW and change your password to something hard!
Some PASSWORD DO’S AND DON’TS Examples:
- Bad Password: charlie
- Better Password: charl!e
- Bad Password: password
- Better Password: PaSsW0Rd!2
- At least eight characters long – 16432794
- A combination of upper and lower case letters- IE: PaSwoRDexAmPLE
- Use interspersed numbers – IE: use 0 instead of o (zero instead of the letter o)
- Use characters such as !@#$%& – IE: use ! instead of i etc…
- Passwords aren’t suppose to be easy, they are intended to protect you, so don’t make it easy.
- Your first name, last name, or login name, in any form
- Consecutive or repetitive numbers or letters
- Adjacent keyboard letters such as qwerty or asdfghjk
- Common and obvious letter-number replacements (e.g. replace the letter O with number 0)
- Easily guessed personal information such as names and dates of yourself, family members, pets and close acquaintances
- Easily obtained information, such as:
- license plate numbers
- telephone numbers
- credit card or ATM numbers
- Social Security or Social Insurance numbers
- email addresses
- Dictionary words, in any language, forward and backward
- Popular book titles, movie titles, or phrases
- Short passwords
- Never share your password with anyone. Protect all passwords as you would protect your bank PIN.
- Never store passwords unencrypted on your computer. Password management software is great for managing many passwords, but take great care to protect access to your password database with a strong password, access card or USB key! (Or better, a combination of these).
- Never type your password when anyone is standing nearby.
- Beware of phishing scams.
- Change your password frequently.
- Never use the same password in many places, especially online!
What is Reverse DNS?
Internet Service Providers use the Domain Name System to determine the IP address associated with a domain name; also called Forward DNS. Reverse DNS lookup is the inverse process, the resolution of an IP address to its designated domain name. In a shared IP environment like most hosting accounts, that IP address resolves to sometimes several hundred domains. We make sure it only resolves to one, yours.
How this affects you
If someone sharing your IP address gets blacklisted for sending out unsolicited emails your domain will be among the many on that IP. address that also get blacklisted. Your email will bounce back from people who you regularly email because of it. The process for un-listing an IP address can take days.
Dedicated I.P. Address
Assigned automatically for our Standard and above hosting accounts can be programmed to use reverse dns so that email sent from your domain is seperated from other email being sent from that server.
Benefits of Reverse DNS
You will not be blacklisted unless it is your domain that is sending the unsolicited emails.
Reverse DNS is available on all Standard Hosting Plans and above.