Last month international headlines blared that the Starbucks rewards app had been hacked and people’s accounts were being drained. I even sent a Tweet related to the news, encouraging people to use strong passwords for their Starbucks rewards accounts.
But was the smartphone app really hacked? Headlines like this: “Hackers are draining bank accounts via the Starbucks app” make it sound like hackers could magically access the rewards app on your smartphone and drain your card balance. Users would be forgiven for thinking the best way to deal with this problem would be to delete the app from their smartphone.
However, looking a little closer reveals that [continue reading…]
Usually when you login to your website to start making updates or changes, you’ll just need a username and a password. This is the most basic form of user authentication. Unfortunately, it’s also the weakest form of authentication, especially if your account has full administrative rights on your website. It’s not hard for bad people to launch an attack against your website’s login page attempting to brute force their way into your site. If you have a simple username and password, there’s a good chance they’ll succeed.
Avoid Obvious Usernames
The first step to avoid being the victim of a brute force attack is to make sure you’re not using an obvious username for the administrator account. The most obvious username of all for the administrator account is [continue reading…]
In my ebook Information Security for Small Businesses, I described how to securely browse the web. One of the techniques is to make sure that the websites where you’re doing secure transactions are using HTTPS (also known as HTTP over Transport Layer Security (TLS)). This means that all the traffic flowing between your browser and the website’s server is encrypted, preventing anyone else from eavesdropping on the transaction and potentially collecting sensitive information.
You can tell when a website is using HTTPS by whether or not it has a padlock or similar symbol in the address bar of the browser.
If you click on the padlock, you can usually get information about the secure connection.
When you see that padlock, you can be assured that all communications between you and the website are encrypted.
As a business owner with a website, you can offer the same level of security to everyone browsing your site, too. You definitely want to offer HTTPS encryption if [continue reading…]
Once you’ve selected a reliable and secure web host, you need to decide how you’re going to build your website. For many small business owners, it’s easiest to outsource the building of their website, since most people don’t have the expertise to build high-quality websites themselves. That means many small business owners don’t give much thought to how the site is built as much as how it looks and functions after it’s done.
This is sort of like hiring a construction company to build your house and not asking about the quality of materials or requiring them to get the necessary permits to ensure it’s built properly.
When outsourcing the construction of your website, [continue reading…]
Where you choose to host your website is one of the most important decisions you can make related to the security and availability of your site. All web hosts are not created equal. I learned that lesson the hard way.
Cheaper is not always better
Many years ago, when I first started building websites, I tried various website hosting services. I eventually found one that I thought was a really great deal. It was only $2 a month charged through a PayPal subscription. I used them for almost a year, building many different sites with their service. Then, the worst case scenario happened: [continue reading…]
I made a cool word cloud from the text of my Information Security for Small Businesses ebook. Check it out!
Here’s the full image: http://i.imgur.com/RO7UG0p.png
Make your own word cloud here.
Now available, the second book in the small business information security series: More Information Security for Small Businesses.
And for a limited time (from 23-27 Mar), you can get it FREE from Amazon. Just go to the Amazon page below and download it to your Kindle [continue reading…]
If you’re a security wonk (like me), you find legal cases related to information security interesting. And the one described by Shawn Tuma, a cybersecurity lawyer, in the DarkMatters security blog is an excellent example why.
In the article, Tuma describes the current legal case between an insurance company and a website design company (Travelers Casualty and Surety Co. of America v. Ignition Studio, Inc.). Ignition Studio, the website design company, suffered a security breach for a website they designed and [continue reading…]
