What to Include in Your Internet Security Policy

policies procedures bindersWhether you’re just launching your new enterprise or you’ve been in business for a while, you’ve probably outlined a set of policies and procedures designed to ensure the safety of employees, foster a welcoming workplace, and ensure efficiency in operations. Now you need to consider that modern business is conducted not only in board rooms and cubicles, but in virtual space as well.

It is therefore imperative to create an internet security policy to complement your other operational policies and procedures. Of course, such policies are still in their relative infancy.  With new threats popping up all the time you may feel some anxiety about your ability to keep up.

The good news is that many other businesses are in the same boat.  A consensus is beginning to form concerning the best ways to develop and implement flexible internet security policies. These strategies are designed to adapt to technological advances and the evolving nature of hackers. Here are just a few key points you’ll want to include in your internet security policy.

Security Strategy

Planning your policy should begin with considering a security strategy. This could include listing your objectives when it comes to implementing and maintaining internet security. It might also cover your ethical and legal responsibilities in terms of privacy laws meant to protect customers and employees.

Your policy should also include the variety of systems you use that operate online. Note how to protect each one with relevant security software and employee usage guidelines. Detailing these points will help you determine the course of your internet security policy. This way you can delve deeper into pertinent issues like which software to purchase, how much to spend, and how to train employees to do their part.

Specific Programs

You may need some professional guidance when it comes to planning your internet security policy.  If your business uses specialized software or equipment, your policy should include proper procedures pertaining to each specific system, network, and program you utilize. Naturally, this portion of your policy may change over time as you implement new software and systems.

It might seem like overkill to list specifications for hardware and software. However, if you expect employees to properly utilize these systems as part of their job, they need to understand potential risk factors so they can behave appropriately and keep your online operations secure.

Authorizations

Compartmentalization is a great way to increase the level of security for confidential data. For example, everyone in the company might need access to an employee directory, but you may limit access to financial records to only your finance and executive team.

While you may want to foster transparency and openness, you don’t necessarily want all of your employees to be privy to executive planning and communications.  You also can’t allow unfettered access to sensitive customer data like credit card or social security numbers. By compartmentalizing and setting up a system of authorizations for different positions, you can help to protect your company and your customers.

Don’t forget to include behavioral information in your policy as well. You need to make it clear that employees are not to share access with one another or with outsiders and that they will face penalties for doing so.

Password and Network Policies

Some of your internet security policy will focus on the technical elements of securing your online operations. The rest will pertain to employee behavior as a means of teaching workers how to behave in a manner that helps to protect the company.

Your employees no doubt have passwords to access computers, accounts, networks, and data. Your password policy should provide clear rules and regulations regarding how to access resources and how password usage works.

It seems almost silly in this day and age to remind employees not to share their login information with anyone, including their coworkers. Yet, it is still necessary to include this in your policies, along with protocols for password creation.

You also need to train employees to operate in a careful manner when it comes to email and other network usage. Some of the most common ways hackers gain access to company data involves employee error. This includes the use of weak passwords and blunders like clicking spammy links, visiting dangerous websites, or downloading files that contain viruses, spyware, or malware.

Expectations and Penalties

Employees need to understand what you expect of them when it comes to internet security. It is also important that they understand the consequences, to the company and to themselves, should they fail to act appropriately. Irresponsible behavior could result in a devastating data breach. Spell out penalties associated with such failures so that workers have ample motivation to follow your internet security policy.

Posted in General | Tagged , , , , | Leave a comment

How to Train Employees to Safeguard Against Hackers

employee training puzzle pieceHackers can cause all kinds of problems with a business. In addition to planting viruses, worms, spyware, and more, hackers can steal sensitive customer, employee, and business data.  These criminals will use this information to hijack identities and make a profit.

One of the latest threats many businesses face comes in the form of ransomware. This is when hackers infiltrate a computer or network and take files hostage by encrypting them. Businesses that want to regain their data have to figure out how to break the encryption, which is next to impossible, pay up in the time allotted, or lose access to their information for good.

The worst part about hackers gaining entry to a business’s virtual operation is the damage they leave in their wake. Perhaps just as disconcerting is how often employees are to blame for letting hackers gain access. The best security measures in the world won’t work if employees are holding open the virtual front door for hackers.

As a result, you not only need to make sure you have appropriate cyber security in place; you also must take steps to train employees to spot threats, behave in an appropriate manner, and act as a line of defense against hackers. Here are a few things you should include in your training program.

Policies and Procedures

As a business owner you enact any number of policies and procedures designed to maintain a safe, efficient, and productive workplace. Some policies (like sexual harassment or discrimination training) curb offensive employee behavior and limit your liability.

Other policies like NDAs and non-compete clauses help to protect your business from leaks that could compromise confidential data. You also need to develop policies and procedures intended to teach employees how to safeguard against hackers.

You could, for example, enact behavioral policies that spell out how employees should use your network resources. Employees should not open emails from unknown senders or click suspicious links. Above all they should heed the advice of software warnings when they try to access dangerous websites.

Policies and procedures designed to safeguard against hacking could pertain to password protection, network usage, and even sharing information between employees. Taking the time to list your expectations and make employees aware can only help to keep your operation safe from hackers.

Strong Passwords

Cracking passwords is one common way that hackers make their way into your system.  Luckily, there is a lot you can do to ensure greater protections in this area. A good start is to select software that prompts users to create strong passwords (requiring 8-12 characters and a variety of letters, numbers, and symbols) and requires employees to change passwords regularly.

Your software shouldn’t do half of a hacker’s job for them by repopulating fields when the login information entered is incorrect. Instead of leaving the name in place when the password is wrong (alerting hackers that they have the correct name), all fields should be automatically cleared.

You also need to make it clear that there will be serious consequences if employees share passwords, even with fellow coworkers. Compartmentalization of data, authorization for access to different areas, and password protections only work if individual passwords remain confidential.

Recognizing Threats

There are many ways in which hackers can target your employees. They can attach spyware and malware to seemingly innocuous links or downloads thereby piggy-backing on other programs to gain access to your system.

Employees must be trained to spot these scams in order to avoid them. Your security software can go a long way toward protecting your company from hackers, but when employees understand potential threats and how they might contribute to the problem, there’s a much better chance all of your protective components will work together.

Backups

Even with proper training, employees can still make mistakes that open you up to hackers. The best defense is always a good offense.

Having backup protocols in place could help minimize damage if employees slip up and hackers find a way in. A monitoring service is a good place to start, but you should also have system backups in place so that you can shut everything down, lock hackers out, and revert to a recent save point so as to resume business operations post haste.

Posted in General | Tagged , , , , | Leave a comment

Are Hackers the Only Threat to Your Site Uptime?

page-not-found-688965_640Every business that operates in the online arena, either solely or in concert with a brick-and-mortar establishment, fears hackers. For years, experts have warned that it’s not a matter of if, but when a company will be hacked. If it can happen to mega corporations, healthcare providers, banks, and even government entities that have the highest levels of security, it can definitely happen to the average business.

This is partially due to the fact that most businesses are woefully under-protected when it comes to internet security. Or perhaps hackers are just one step ahead. The outcome is the same – your business suffers when hackers cause site downtime and steal, corrupt, destroy, or ransom your data.

Of course, hackers are not the only cause of website downtime. Although hackers pose a real threat, there are other reasons why your website might suffer unscheduled downtime. This interruption of service will annoy customers and cost you money.

The good news is that you’re not the first business to deal with such problems and you can learn a lot from those who suffered before. Preparing yourself to recover from downtime starts with understanding potential causes and then determining how best to plan for recovery. Here are a few threats to your site uptime and what you can do to minimize them.

Web Hosts

It’s important to take your time when it comes to choosing a suitable web host. You will first want to consider the bottom line regarding rates and scalability.  Just as importantly, you want to make sure the vendor you select has a solid reputation for service. Look for a host that offers some guarantees (by way of reparations) should you suffer unscheduled downtime.

No web hosting service can guarantee 100% uptime, so if you hear this promise you should probably keep looking. However, reputable and reliable providers should warn you well in advance of scheduled downtime. A good hosting service will be available to help you address and troubleshoot issues with downtime and, in some cases, they may even back up their guarantees with a policy of repayment for any unscheduled downtime you do suffer due to problems on their end.

Traffic and Bandwidth

Business owners must always concern themselves with the bottom line if they want to run an efficient and profitable operation. In terms of bandwidth, you’ll have to try to calculate the amount of virtual traffic that is likely to come in so that you can pay for an appropriate package.

If you miscalculate and you experience more traffic than anticipated, your site could go down. This will leave visitors and patrons unable to peruse your wares and make purchases online. A web host that offers scalability will allow you to ramp up quickly should such issues arise.  However, you might want to err on the side of caution by opting for more bandwidth than you think you’ll need and then scale back if you’re not using it all.

Employees

Hackers are a definite threat to your business, but one of the most common ways for hackers to gain entry to your system is through your employees. This happens most often when employees are careless with login information. By creating weak passwords that are easy to hack or allowing others access to their login information, these employees are putting your system at risk.

Employees may also behave in an unsafe manner by visiting dangerous websites, opening emails from unknown senders, or clicking suspicious links. All of these ill-advised actions could result in hackers gaining access to your system and shutting it down from the inside out.

There are two good ways to deal with this. First, you should train your employees to behave in an appropriate manner when using company resources. Second, you should use software protections that prompts employees to create strong passwords (and update them frequently), that warn employees when they’re about to do something dangerous, that requires additional confirmations for downloads, or that outright denies access to certain online resources.

Monitoring and Alerts

If you want the best chance to minimize and address website downtime, regardless of the cause, your best bet is to hire a monitoring and maintenance service. These professionals can not only monitor your site and alert you when problems arise, but they can help you to plan for action and recovery when downtime does occur.

Posted in General | Tagged , , , , | Leave a comment

5 Consequences to Reacting to Site Downtime Without a Plan

disaster plan keyboard buttonAs a business owner, you try your best to plan for the future. You start by creating a business plan that spells out your corporate goals, the products or services you’ll offer, how they fit in the marketplace and appeal to consumers, and how you plan to market them.

While you can’t plan for every contingency in business, there are a lot of potential ups and downs you can prepare for.  A flexible attitude complete with a backup plan can help you to weather most unexpected setbacks. Of course, it’s always better to anticipate the things that could go wrong to mitigate any potential damage to your company.

When it comes to site downtime, your best option is to move forward under the assumption that, at some point, you will suffer loss of service. At the very least you’re going to have to shut down your website on occasion for maintenance and repairs.

Unexpected downtime can occur for a variety of reasons. You may end up with a web host that provides spotty service. Or perhaps you didn’t anticipate the bandwidth you’d need and your site overloads as a result (one can only hope for such problems).

It’s also possible that you could come under attack from hackers looking to steal sensitive customer data or wreak havoc on your company. Regardless of what causes your site downtime, you’ll be better equipped to deal with it and get back up and running if you have a plan in place to recover from unanticipated downtime.

Failure to plan for this potential threat could lead to several undesirable consequences. Here are just a few reasons why reacting to site downtime without a plan is detrimental to your business.

1. Extended Downtime

Suppose your car breaks down on the highway. If you’ve planned ahead, you probably have a roadside assistance service in place. All you have to do is call the service for a free tow and the time you spend marooned on the road will be short.

If you failed to plan ahead, you’ll have to find phone numbers for towing services, call around to check rates and availability, and potentially spend a lot more time and money rectifying the situation. A proper plan can significantly reduce your hassle.

The same is true when your website experiences unscheduled downtime. Planning ahead might mean hiring a monitoring service to immediately alert you when downtime occurs. This way you don’t have to wait for customer complaints to start flooding in to know that your site is down.

It could also mean having software solutions or service providers in place. These services can pinpoint the problem and help you to correct it so you can get back up and running as quickly as possible. It might also mean having a system backup in place to revert to just in case you can’t access needed files.

Your plan will determine your response to unscheduled downtime. This way you can minimize damage and get your online operation back in business.

2. Wasted Money

With no plan in place when downtime occurs, your employees may have to spring into action and work overtime to find and solve the problem. This could result in paying some employees to sit idle because they can do nothing while your website is down.  Or you might end up paying some employees overtime to get your site back up – or both.

3. Lost Revenue

In addition to the added expense for labor, you are likely to lose revenue when your website experiences unexpected downtime. This could happen in a couple of ways.

If you provide an online shopping cart for patrons, they will not be able to access accounts and make purchases while your site is down. Also, new visitors to your site, upon finding it non-responsive, may elect to go to competitors, never to return. Both outcomes bode ill for your business.

4. Declined Morale

Employees may lose confidence if they see the company scrambling to solve a problem for which a plan of action should have already been in place. In addition, having to do extra work to rectify the situation because of the company’s poor planning could result in a decline in morale.

5. Damaged Reputation

If you suffer extensive or ongoing downtime issues, your professional reputation will begin to suffer. Customers may not see your company as reliable. They may complain in online reviews.

This can cause further lost revenue, loss of employees, and other problems that spell disaster for your company over time. Having a plan in place to deal with unscheduled downtime can make a world of difference.

Posted in General | Tagged , , , , | Leave a comment

5 Ways Your Business Can Come to a Halt When Your Site Is Down

error page website downNot all website downtime is bad. In some cases, it’s necessary to schedule downtime in order to practice maintenance, make needed repairs, run tests, or load new content. However, this planned downtime can be disclosed to customers well in advance and you have the opportunity to redirect visitors to a temporary page that tells them when you’ll be back up and running.

Unscheduled downtime, on the other hand, does not allow you the same preparation. So when visitors seek out your site and get an error message instead of a landing page, they’re going to be understandably disappointed, or maybe even annoyed.

First-time visitors are likely to navigate away, probably never to return. Although regular customers may give you the benefit of the doubt, several unscheduled outings could ruin customer relationships you’ve worked hard to build. Then there are the problems you’ll have when search bots can’t locate your site.

In short, unplanned site downtime can be a real hassle for your business. In many ways, it can bring your operation to a crashing halt. Here are just a few examples of the impact you’re likely to feel when your website goes down.

1. Lost Sales

The biggest halt, of course, will be to online sales. When your website is down your customers can no longer access product pages or shopping carts, hence eliminating your ability to make sales.

This is a major problem for any business relying on revenue from online sales. If you have a brick-and-mortar location in addition to your online presence, it might not be such a big deal, except for the fact that downtime can impact future sales, as well. Online-only stores will find themselves in big trouble if they suffer extended or ongoing outages.

When consumers visit your site and find it unavailable, there is a great likelihood that they’ll never return. They’ll go to competitors whose sites they can access. You will not only lose sales in the immediate sense, but potentially in the long-term, as well.

2. Loss of Service

Depending on your business, customers or clients may rely on your web portal for certain services, or you may need online operations to carry out business. Downtime could throw a wrench in your ability to provide services for your clients.

Just consider what happens when an airline’s website goes down. Not only do they lose the ability to sell tickets, in some cases, but customers may not be able to check in, track flights, or fly at all, even if they’ve already purchased their tickets. The negative impact this has on a business goes far beyond the loss of a single sale, for example.

3. Reallocation of Assets

If your business relies heavily on online operations, your staff may be unable to perform their duties until your site is back up and running. Even those that can continue working might be reallocated to work on finding solutions for the downtime or to deal with angry customers.

4. Reduced Rankings

In addition to raising the ire of consumers, website downtime can be a black mark with the bots search engines like Google use to ensure that their customers get the best possible recommendations for their search queries. In other words, if Google finds your website down too often or for too long at one time, you will likely be penalized.

This could include reducing your rankings for certain searches. In extreme cases you could even be de-listed. This type of damage could take months to repair, ruining all the hard work you did to achieve stellar rankings and leaving you without access to search traffic in the meantime.

5. Damage to Reputation

The long-term effects of site downtime can be difficult to gauge, but it’s fairly likely that the ripple effects won’t be fully realized for quite some time. One major issue you may come up against is damage to your reputation resulting from extensive or frequent downtime.

Positive customer reviews can really boost your reputation, but negative ones can do just the opposite, and if your site is unavailable, inconveniencing customers, negative reviews are sure to follow. In order to undo this damage, you’ll have to find ways to change the opinion of reviewers. Otherwise prospective customers will be tainted by the bad reviews, which could potentially halt your business for good.

Posted in General | Tagged , , , , | Leave a comment

How Google Accounts for Your Website’s Downtime

google-76517_640Google continues to dominate the search market, claiming somewhere in the neighborhood of two-thirds of all search traffic on the web (with Bing/Yahoo coming in at a distant second). This is great news for the company that spends its time and money on innovations like the self-driving car and a loony project to create a literal sky-net of balloons floating in the stratosphere to relay satellite signals and provide internet access to the entire planet (like a benevolent Big Brother).

For businesses trying to make an impact in the online arena, this merely means pandering to Google’s every whim and algorithm update. It wasn’t that long ago, really, that monthly indexing by search bots sent webmasters into paroxysms of fear. If a web crawler found a site unavailable, the reaction was immediate and difficult to reverse.

Eventually Google realized the unfair demand being placed on businesses…or maybe they changed their algorithms and practices for an entirely different reason and the result was a happy byproduct for online businesses. Either way, an increase in Google’s web crawling activity a couple of years back gave websites a little more latitude concerning downtime.

So what can businesses expect these days? How does Google now account for website downtime? Here are a few things you should know.

Google’s Perspective

If you want to know how Google will react to website downtime you need to try to look at it from their point of view. They don’t know why your site is down, and they don’t care. To them it doesn’t matter if you’re practicing regular maintenance, you’re having server issues, or you picked a subpar web host.

Google is running a business, like you, and they want to provide the best possible service to their customers. To this end they’ve set up complex algorithms designed to reward the highest-quality content by placing it at the top of the list for related search queries.

If your website is unavailable, by definition you cannot be the best option for customers seeking information or access to goods and services. This is the perspective Google has to adopt in order to keep their own customers happy.

How Much Downtime is Too Much?

According to a 2014 missive from Google’s preeminent engineer, Matt Cutts, websites will no longer be penalized for short periods of downtime. Being down for a few hours or a day when web crawlers come to call is okay. Letting your website take a 2-week vacation – not so much.

Of course, there’s a pretty wide gray area between one day and two weeks. Here’s what happens. When one of Google’s bots checks your site and finds it down, the crawler will return within 24 hours to check back, and continue checking. If you’re having sporadic downtime and the bot finds you up and running the second time around, you won’t be penalized.

If, on the other hand, your site remains unavailable after repeated attempts, the bots will be unable to index your site, which will produce increasingly negative consequences for your rankings.

Possible Repercussions

When your website is down and Google’s bots can’t access it, you’re going to find that a couple of things happen in short order. First, you’ll get a notice from Google telling you that your site is inaccessible. Then your rankings will plummet as repeated attempts to access your website fail.

This could be temporary. If you’re able to get your site back up and running in short order, say within a couple of days, you should be able to rebound rather quickly. Google is not trying to penalize legitimately good websites that are suffering temporary issues with downtime.

On the other hand, extended or repeated bouts of downtime can have cumulative results that ultimately end with your website being delisted. Coming back from that snafu is no picnic.

Regaining Your Footing

If you have proper monitoring software in place you’ll recover from unplanned downtime pretty quickly, and if you are able to pinpoint and address the issue promptly you’ll suffer no consequences where Google is concerned. Extended downtime is another matter. So what can you do if Google strips you of your ranking and ultimately ousts you from the index?

Unfortunately, you may be stuck clawing your way back to the top of the heap. Regaining your former rankings after extensive downtime could take months of work, especially if Google has gone so far as to remove your site from their index. If the worst comes to pass and your site is de-listed, you’ll simply have to roll up your sleeves and virtually start over.

Posted in General | Tagged , , , , | Leave a comment

How to Protect Against Common Hack Attacks

attack computer codeHacking is not really a new concept. In fact, the idea of breaking into a business to steal information, make a quick buck, or simply wreak havoc has been around pretty much as long as there have been businesses. The advent of online technologies has just upped the ante, so to speak, by increasing B2C connections and centralizing the data, making for a virtual smorgasbord that criminals can’t ignore.

Even worse, hackers are ahead of the game. They’re constantly finding new ways to break down defenses, exploit chinks in the armor, and defeat protective measures. This, of course, is also nothing new.

Build a better lock and thieves will find ways around it. The difficulty, as always, is that one party plays by the rules and the other delights in breaking them. That said, you can’t suffer the slings and arrows of outrageous fortune without at least trying to protect yourself.

At the very least there are privacy laws in place that mandate some effort on your part to protect the sensitive information entrusted to you by customers. That said, you also have an ethical responsibility to treat confidential information with the utmost care, and frankly, your business will suffer the most if that data is compromised, thanks to government penalties, possible lawsuits, and a damaged reputation.

What can you do? As it turns out, you can do a lot. Many businesses are sorely in need of increased protection from hackers. In some cases pricy upgrades are needed, but others rely on pure common sense. Here are some strategies to help you protect against the most common hack attacks.

Don’t Be an Easy Target

As in the real world, many crimes in the online arena are crimes of opportunity. Hackers are predators – why work hard for a kill when there are so many easy pickings available? If you’re not protecting yourself adequately, your company will pay the price.

Although the headlines often feature only the highest-profile hacks on mega-corporations, it’s much more common for small businesses to be targeted and compromised simply because they don’t have the same level of protection as their larger brethren. If you want to secure yourself against the most common attacks, you need to at least take basic measures.

A firewall is pretty much a given, as is antivirus/anti-spyware software. However, you can do a lot more on behalf of your company and your clients. For starters, you’re going to need a web application firewall (WAF) to protect your online operations the same way you protect your internal network.

From there you can consider more aggressive options like using encryption software, hiding your website’s CMS with security applications, and employing a third-party monitoring service, just for example. These measures can cost you, but likely not as much as a data breach will, and you can pick and choose the options that work best for your business.

Focus on Login Controls

One of the easiest points of ingress for hackers is often customer or employee logins. The good news is that you can do a lot to stymie hackers on this front.

Strong password requirements are a must, but you should also prompt users to change their password frequently and automatically log users out after short periods of inactivity. You can also use login software that doesn’t auto-populate fields.

If the password is wrong, don’t allow the username to display even if it was correct – clear all fields for additional login attempts and freeze the account following successive fails to log in. Two-step verification is also becoming more popular for added security.

Train Employees

Your protective tools are only as good as the people using them. Your password protections, for example, are worthless if users allow easy access to login information. Your firewalls can’t protect against ignorant behavior.

Training is therefore an essential element of protection. You may have software that warns network users about dangerous websites, but you also need to train them to navigate away instead of ignoring these warnings and behaving in a foolhardy manner.

Employees should also be warned against opening suspicious emails or clicking harmful links. With proper training your employees and even your customers can be taught how not to facilitate data breaches.

Hire Help

If you want to protect against hackers you may have to hire professional help. Whether you employ an on-site IT staff or you contract with third-party service providers, you should update and maintain your hardware and software regularly, monitor your network, and implement a system of alerts that warns you of suspicious activity. Early warning of hacking activity can be a very valuable protective measure.

Posted in General | Tagged , , , , | Leave a comment

Web Security 101

web security mouseYou’d have to be living under a rock to remain unaware of the many threats modern companies face due to online operations. Certainly there is a lot to be gained from setting up a business website complete with an online store, not to mention social media accounts, but there are also many risks associated with forays into the virtual world.

Keeping your business secure used to mean installing locks, an alarm system, surveillance cameras, and possibly a robust safe, just in case. While these measures still apply to companies with brick-and-mortar locations, many businesses now have the added worry of protecting a secondary operation in the online arena.

You’ll hear plenty of people say that the worldwide web is a modern Wild West. Although controls are constantly evolving and will continue to advance, the truth is that hackers often seem to be a step ahead. However, this could have something to do with the vast number of businesses that are tremendously under-protected.

Whether you’re just starting your online operation and attempting to learn about web security along the way or you’ve been at it for a while and you’re in need of a refresher, there are several security basics every business should be aware of. Here’s a crash course in web security to get you started.

Technical Controls

There are two main types of controls inherent to web security: technical and operational. Technical controls consist of any measures automatically implemented by your technology, including your hardware, software, and firmware.

There are a broad range of technical controls to consider when planning your security strategy. Most businesses start with firewalls for both their internal systems and their online operations (i.e. web application firewall). The next step is implementing software that recognizes and stops viruses, spyware, malware, and so on.

Technical controls could also include password protection software, encryption software, third-party monitoring and maintenance, and system backups. This last one is technically a recovery feature rather than a security measure, but it’s worth mentioning because without it a hack that results in data loss could halt operations.

Of course, you can’t rely entirely on technical controls to keep your company’s online operations safe. In addition to the many programs designed to protect you from hackers, your users (employees, customers, etc.) also must to behave in a safe and responsible manner in order to ensure the highest level of security. Tools are only as good as their users, and this is where operational controls enter the picture.

Operational Controls

Operational security measures include any actions performed by people, as opposed to machines, but these two systems of control often work hand-in-hand. For example, you no doubt have a login system that includes username and password requirements.

The system itself is a form of technical control, but users are responsible for making and using passwords appropriately. If employees allow others to access their passwords and accounts, they could be responsible for breaches that your technical controls would otherwise have protected against.

Another example of technical and operational controls working together would be software that warns users when they’re about to access dangerous websites (those that contain potentially harmful code). If users are properly trained, they should navigate away instead of putting your network at risk.

Of course, this marriage of technical and operational control relies on a tertiary system: management control. The policies and procedures you create have an impact on how well these systems all work together to protect your online operations.

With comprehensive training and implementation of security systems you can ensure that both technical and operational controls work toward the common goal of keeping your company secure against breaches.

Risk Management

Proper internet security begins by assessing your website from the hacker’s point of view. What are the weaknesses hackers are most likely to exploit? Perhaps your password protocols aren’t very robust or your antivirus software is out of date.

Maybe your employees have a penchant for visiting dangerous websites, opening suspicious emails, or clicking dubious links. Maybe you don’t take advantage of monitoring services that could provide you with early warning of breaches.

Risk management revolves around understanding the threats you’re facing and performing an honest assessment of your vulnerabilities. When you do this you have the information needed to implement suitable security controls.

Posted in General | Tagged , , , , | Leave a comment

How Page Content Monitoring Can Improve Your Site Security

security-265130_1280Business owners can’t exactly spend all day checking in with their website to ensure that it is performing as it should. The good news is that there are all kinds of monitoring programs and services to do the heavy lifting for you.

What do these monitoring platforms provide? There are any number of things the average business might want to track. For example, site uptime is a major concern for many business owners who want to make sure unscheduled downtime isn’t preventing customers (and prospective customers) from accessing their content.

The right monitoring service can alert a business when its website is experiencing downtime or even extended loading delays, just for example. Monitoring software and services could also be used to track network activity, error messages, customer logins, traffic, shopping carts, links, email, and more, including the content on your website.

Pretty much anything you want to monitor when it comes to your website performance can be tracked using appropriate software or monitoring services. What you may not realize is that such measures can do double duty by increasing your security, as well.

How can monitoring services, and content monitoring in particular, bump up your security? Here are just a few ways in which choosing appropriate software or service providers can keep you apprised of potential problems with your website and increase security in the process.

Deal with Downtime

There are obvious reasons to avoid website downtime. Some amount of downtime is, of course, unavoidable. Eventually you’re going to have to perform maintenance and upgrades to your site, and your web host will have scheduled downtime, as well.

What you really want to avoid is unscheduled downtime that stops visitors from reaching your site. When this happens, you risk losing both loyal customers and new visitors.

However, you gain more than just a window into what your visitors are encountering on your website when you hire a service to monitor downtime. You could also discover hacking or other attacks that disable your site.

Monitoring services will send you notifications when your site is experiencing unexpected downtime, allowing you to fix the problem post haste. This might actually allow you to stop a hack in progress and protect your network and data from breach.

What if hacking activities don’t result in downtime, though? Suppose someone is tampering with your content? In this case, having content monitoring services in addition to uptime monitoring could help you to spot unusual activity and stop hackers before they cause too much damage.

Spot Unusual Network Use

Some monitoring and management services provide a variety of network solutions for your business, including options to perform backups and keep an eye on network usage. Some even provide added security for your network in the process.

Regardless, the information these monitoring services provide can help to keep your business and your data safe. Network monitoring can provide you with clues to a number of different potential security threats.

When you receive alerts from your monitoring service showing unusual activity on your network, it could be a clue that employees are using your resources inappropriately, potentially creating security risks in the process. Or it could indicate that your network is under attack or that a breach is already underway.

Receiving such notifications allows you the opportunity to curb potentially harmful behavior by employees and stop hackers in their tracks, especially if your monitoring service also provides management and security.

Unfortunately, some threats come from inside your organization. Here, too, content monitoring could serve security purposes by alerting you to suspicious activities such as malicious tampering with your website content by disgruntled current or former employees.

Identify Who is Accessing the Network

With appropriate monitoring and management software or services in place, you increase your ability to determine who is responsible for breaches. Whether an employee has inadvertently allowed access to your network by clicking a spammy link, visiting a dangerous website, or sharing a password or you’ve come under attack by industrious hackers, the right monitoring program can help to trace the source of the breach.

This information can be invaluable when it comes to finding those responsible and setting up better protections in the future. Strengthening network security starts with understanding weaknesses, which monitoring methods can make you aware of.

Before you can address a problem you must first realize that something is wrong. Whether your network usage is high, your site is experiencing unscheduled downtime, or something hinky is happening with your content, the right monitoring software can alert you that there is a problem.

Derail Suspicious Email Usage

In addition to monitoring your website and your network usage, you should also keep tabs on email and messaging. For example, monitoring email could alert you to the transfer of confidential data or unusually large files, signaling inappropriate activity that goes against your security protocols.

You can also analyze log files after the fact to check for threats like viruses, quarantining as needed and tracking the sources of these threats. Regardless of the monitoring software or services you choose, you should know that you not only stand to gain valuable insight into and control over digital operations, but you could also increase security in the process.

Posted in General | Tagged , , , , | Leave a comment

On-Page SEO: 18 Easy Ways to Improve Your Rankings

This article has been contributed to the Site Uptime Blog by our friends at The HOTH SEO.

On-Site SEO Optimization

On-Site SEO Optimization

Even though on-page SEO is a synergy of different practices, not all of them are equally important. As you can see from Moz’s Search Engine Ranking Factors Study, various SEO practices influence SERP rankings differently. Although domain-level and page-level link features continue to dominate the charts in terms of
influence, on-page SEO is becoming increasingly important. What’s more, as opposed to off-site SEO, which cannot be completely controlled by the webmaster, on-page SEO is more accessible.

Continue reading

Posted in General | Leave a comment