Securing Your Website With a Free SSL

Are they really worth the hassle?

Greetings from the Help Desk!

You have a website but still haven’t purchased an SSL? That’s the thing that makes your website start with “https“ and encrypts your guests’ data.

No one wants to spend more money on their website, yet still wanting more visitors. So here’s some helpful information about FREE SSL’s for you. Or is it?

As you probably know, there has been a change in how websites are displayed. Anyone without an encrypted https and padlock in their web address gets flagged by most browsers as either “insecure” or with an exclamation mark. Not good for business! Also not good for Google ranking either!

Enter: the FREE SSL.  Is it really worth the hassle?

Free certificates actually aren’t new. Plenty of companies have been offering them for a while. It’s just now that these seem more attractive since the online world is moving to a more secure environment. They are, interestingly, just as safe as paid ones. So why would you pay for one every year when you can get a free one, you ask? Good question! There are a couple of good reasons. 

Paid Certificates:

  • Offer a warranty, or protection, in case data is captured and unencrypted by a middle man during transfer. Some protect your site up to $1.5 Million, such as Symantec’s Netsure Protection Plan. If you’re selling a lot of items or passing a lot of sensitive information through the internet, then this may be important.
  • Offer help to install and troubleshoot issues. With free certificates, you’re pretty much on your own if you “trip over the cord and accidentally unplug the Christmas Tree” you may have to have the certificate re-keyed and your website might go off-line.
  • Another reason is so your website can have that green bar (trust issue) with your company name, like you see in many big reputable companies. Check out Twitter.com as an example.
  • The biggest upside to a paid SSL, however, is the length the key will work for until it needs to be renewed. Most paid certificates offer 1 – 2 year options. But with a free certificate, you’ll only likely get 3 months at a time. After that time, the certificate will become invalid. When this happens, your site will basically shut down. There’s a big page that pops up saying that it’s dangerous to enter your site and warns users before proceeding! Really, it looks bad. So then you have to call your certificate issuer and ask it to be renewed. This process can involve several steps for the issuer that may take up to a few days to get taken care of.

If you can afford your site going offline for a couple of days and you’re willing to call the issuer, then this option might be a good one for you.

Having said that, however, I called my host provider (Blue Host) last week and they told me I would NOT need to call every 3 months to have a free certificate renewed. So, perhaps there’s more hope for using this FREE option in the long haul.

It seems like this type of technology should be automatic these days. But in the meantime, I’ll save the time figuring it out and purchase mine.
See more about free certificates at https://ssl.comodo.com/free-ssl-certificate.php
I get no compensation from Comodo, Blue Host and Twitter by mentioning them here. The Comodo, Blue Host, and Twitter names are copy-written and owned by their respective companies.

Latest Spam Tactics

What the bad guys are doing with your leaked information

This particular e-mail I received invoked anger.

What I got looked like other spam messages, but this one was a little different.  It started with the normal junk about my e-mail address being hacked, blah, blah.  It looked like a mass e-mail.  They alleged that they sent the message FROM my e-mail account (which I noticed they didn’t). But then they revealed one of my personal passwords!  Wait, WHAT!?

They said they know the password to log into my e-mail account and then provided “proof” that they actually did.  I was not happy.  How could this be?  How do they know my password?

So after a little digging, here’s what is happening.

This might be the latest tactic to scare people, similar to other scare-ware pop-ups.  The whole point is to get us scared, and then motivated to taking action.  Usually to the detriment of our bank account (ie. they hope we pay them money).

When they reveal your password, they have likely gotten it from a hacked company that you do business with.  Almost every few months we hear about the latest security breach.  Last month, for instance, Facebook announced they’ve been hit again.  They originally said 50 million users were affected, but last week admitted to “only” 30 million users.  They said last week that we don’t need to change our passwords.  Phew.

What companies have been hacked that you do business with?

So there’s a website that keeps track of hacked accounts.  You can search by your e-mail address and see if you are one of those affected.

In my case, Bitly, a company that provides our shortened web address (type mcs.bz in your browser address bar to see what happens.) was hacked.  They stole email addresses, passwords and more.

Some clarification: Like many of you, I use the same password for multiple accounts.  The password they revealed to me wasn’t exactly the password used to check the e-mail address they claimed.  It was a lowercase “J.”  But, in any sense, the password DID MATCH EXACTLY what I had used for Bitly. Now it made sense.  So it was Bitly’s password that needed to actually be changed and not my e-mail.

This security breach happened back in 2014.  But only now are we seeing what the bad guys are doing with the information.

Check to see what companies have been hacked here: https://haveibeenpwned.com

What’s the Deal With GDPR Compliance?

How Data Protection Affects You

GDPR, or General Data Protection Regulation, is a regulation from the European Union that helps protect web users’ data.  Wait, I know, I know.  Before you say it: You are in the United States!  But before you hit ‘delete’ calling this irrelevant, let me explain how it affects you.

If you collect names, IP addresses, session cookies, or e-mail addresses (which most websites do), you collect personal data. This personal data should be protected, right?  True.  But starting May 25th, some US websites were also required to abide by new European website privacy laws.  Of course my head was spinning trying to understand why we should be required to follow European laws.  So I did some research.

After digging deeper, this law will apply if you market (even by accident) to the EU (European Union) or a country within.  Business owners with no market share in the EU, who don’t target the EU in marketing, and don’t own an overseas domain name, have little to no required changes to make.  Or do you?

For those that might be (even inadvertently) marketing to Europeans, and those wanting to tighten your own privacy reigns, let’s take a look at their laws.  The theme is this: Be more transparent with your potential clients.  We can all learn about transparency and protecting our clients’ data!  So here are the highlights behind this regulation.

  1. Explain who you are, how long you’re keeping user data, why you need it, and who on your team or externally has access to it
  2. Get explicit and clear consent to collect data through an opt-in
  3. Give users access to their own data, the ability to download it, and to delete it from your records completely
  4. In the event of a hack or security breach, let your users know about it

So these aren’t too bad.  But the fines for not complying are!  “You could get fined 2% of your worldwide annual revenue for failing to disclose a data breach, or up to 4% for failing to ask for user consent when storing data.”1

What should I do?

Perhaps you don’t market to the EU and don’t service these clients.  It’s probably a good idea, however, to have an easy-to-read privacy policy and explanation on how you use personal data.  Get to know what personal data you actually collect, and make sure it’s being handled with care.  Lastly, (this will also improve your Google ranking) get an SSL to protect personal data in transit from your server to your customers.

If you sell or market to Europe (or the EU), now is the time to pony up and get that privacy policy written.  Get a clear statement on how you handle cookies and personal information.  Check out these easy-to-read articles by Elegant Themes here and here.  Also, you can check out this article by Fortune and this one by Forbes.

If you need help with compliance, we’d be glad to offer suggestions or setup your pop-up!

1 https://www.elegantthemes.com/blog/resources/a-quick-guide-to-data-protection-regulations

 

Don’t Fall For This Pop-up Scam

It’s very likely you’ve been jammed up while working on your computer by none other than a stubborn pop-up that just won’t go away.  You close it, ignoring the warnings not to, and it comes back with a vengeance.

The latest of pop-ups most likely to hit you where it counts, is the one claiming to rob your bank account, passwords, and take your computer hostage–unless you call the “Microsoft 800 number” to supposedly clear everything up (and take between $200-$500 from you to do it).  This is one of the latest scare tactics scammers are using to get you to buy their (fake) services.

If you see a pop-up like this, there’s several things you need to do.  First, don’t panic. Nothing is happening to your bank info.  Nothing is likely happening to passwords or anything else.  Nothings is likely happening at all.  It’s a scare pop-up to invoke fear and get you to take action.

Second, don’t call the number.  Microsoft never tells you that you have a virus. Your virus scanner or a Malware scanner would tell you, but not in an internet pop-up.

Here’s what you do instead: Despite the instructions it provides, try to close the window or your web browser.  It may pop back up, which can be the trouble.  If you can’t get it shut, click Control-Alt-Delete and open the Task Manager.  Click on the Applications tab and find the windows that aren’t closing, click on each of them and click End Task.  This should give you control back.

Third, you’ll need to clean things up a bit. Run your Virus scan (full scan).  Run a Malware scanner.  The best program to start with is Malwarebytes Free version.  Open you browser back up and clear all cookies, caches, and history.  You can now resume normal life!

Sometimes, this isn’t enough to clean the Malware.  If you get the pop-up back, check out our Help Desk Solution on downloading AdwCleaner.  Go here for that page.

Best wishes for clean browsing!

Uninstall QuickTime for Windows

QuickTimeAs with most things, computer programs also have have a life expectancy. Who would have known?  Now if you are reading this from Windows XP, then the seriousness of this issue may be a moot point!  But with outdated and no longer supported software come entry points for Malware, Viruses, and other security holes.  If security is a concern for you, then read on and learn how to uninstall QuickTime.

Trend Micro announced recently that there are serious vulnerability (safety) issues using the Windows version of QuickTime (QT).  QT is know for providing Mac-formatted video to both the Mac and PC.  The Windows version is no longer supported, meaning no patches will be provided to fix this issue, so it’s recommended that Windows users uninstall the program.

QT was once a requirement to use iTunes on the PC and to view videos created by the Mac world, QT is no longer a necessity (iTunes v.10.5 and later).

Here are screenshots and instructions on removing it from a Windows 7 computer.  Windows 8 and 10 users also can search for “Uninstall a Program” in the search bar to remove it.

Uninstall Quicktime Screenshot

Uninstall Quicktime Screenshot

 

Get More content like this in your inbox by signing up: