Recommended Agency

text controls: text only | A A A

Lots of jobs at a growing Focus! See https://t.co/j4SZgV0BZf for more and help make great digital! #jobs #bristol, posted 2 months ago

RSS feed icon What is RSS?

blog.

articles tagged with: security


Displaying all 5 articles

What does SSL mean?

With 2017 seeing Google continue their campaign against insecure web sites (read my blog to find out more), we thought this was a good opportunity to look behind the abbreviations and discover what SSL and HTTPS mean and the impact they have on everyday web site visitors.

1. SSL stands for ‘Secure Sockets Layer.’ In layman’s terms, this is a secure way of sending information over the Internet. Any data transferred 'over SSL' - such as web page content from a server to your browser - gets encrypted prior to being sent over the web for viewing.

2. Many websites use SSL for secure areas of their sites, particularly user accounts and online checkouts. As information is encrypted, the theory is that even if someone unwelcome gets hold of it, they'll be unable to do anything with it.

3. SSL is applied to your website – or parts of your website – by way of a digital certificate, which is purchased and added to your domain to demonstrate its security to users. It also ensures any content from that domain is encypted.

4. When you visit a website whose address starts with ‘https’, the ‘s’ after the ‘http’ indicates the website is secure, and has SSL. You should also see a padlock before the https, like below:

5. SSL keeps personal data such as your name, address or credit card information between you and the merchant who you are sending it to.

6. If you want to find out more information about a site’s security, by clicking the ‘i’ icon, or right-clicking the padlock, you can get more details.

7. Like everything in life, there's a wide range of SSL certificates available and they vary in features and price. Some are free but will require ongoing administration, others are more expensive but offer the tightest security including the strongest encyption algorithms and verification checks. 

SSL is likely to be a hot topic in 2017 with Google's planned warnings for insecure web sites.

If you’d like to know more about SSL, securing your site and how to get an SSL certificate, please get in touch.

Annette Ryske
Annette

Created on Tuesday December 13 2016 01:30 PM


Tags: website google ssl security


Comments [0]








Google and Secure Sites

Google are big believers in HTTPS and SSL - they've been focused on making the web 'more secure' for all of us for some time now. One way in which they do this is to prioritise secure web sites in their search results, and another is showing a site's security status in the address bar within their native browser, Chrome.

2017 will see Google continue this campaign with some significant new features. Early in the year, Chrome will start to display additional security warnings for specific pages on web sites that are not secure – so HTTP, not HTTPS. These warnings will be fairly stark, as shown, and aPicture of Google non-secure warnings you can imagine, not the most reassuring sight for a visitor to your web site.

As time passes, Google have said that their criteria will gradually become stricter and the warnings will also be added to all non-secure pages - the aim is, by some point in 2017, to mark all HTTP sites as ‘non-secure’ with a red security indicator.

This is likely to have considerable impact. Google Chrome currently accounts for 47% of all UK web users, so these warnings are going to be seen by a lot of people. Equally, Google will continue to rank non-secure sites lower in their search results. And history has shown that what Google does, others follow, and we're likely to see a similar approach adopted by other browsers such as Safrari, Firefox and Internet Explorer. 

Web site owners who have or do not move to SSL will suffer not just the effect on web traffic and performance, but there is a risk to jeopardising customer trust.

If your website does not yet have SSL / HTTPS, or you’d like to know more about how to make your website more secure – and therefore more favourable with Google – please get in touch.

Google’s official article about these changes is available on their blog.

You may also like to read my blog which explains what SSL and HTTPS really means.

Annette Ryske
Annette

Created on Tuesday December 13 2016 01:28 PM


Tags: google chrome ssl security


Comments [0]








Local Authorities and Cyber Security

Local Authorities and Cyber Security

With the help of digital agencies like us here at focus / focusgov who are coming up with effective and engaging ways local authorities can communicate with families, parents and young people, we are seeing more and more local authorities with services based online. This of course is great news, however, with this comes the potential threat of cyber attacks - some more sophisticated than others. 

Local authorities are key providers of public services so they can hold a vast amount of personal data containing sensitive information such as health and care arrangements. This alone makes them a very tempting target indeed for hackers.
There are other potential problems such as phishing. Phishing is the fraudulent practice of sending emails purporting to be from a reputable company. Reasons for this could be anything from persuading individuals to reveal personal information, such as passwords and credit card numbers online or to encourage the recipient to open an attachment containing a malicious programme. 

This is exactly how Lincolnshire City Council were stung earlier this year. There was widespread disruption and it took almost a week for IT systems to be restored. Lincolnshire’s response to the attack was commendable and led to no loss of data. Staff dealt with issues off-line and kept their services running without impeding the public. 

The Cabinet Office’s ’10 Steps guidance on dealing with cyber threats’ put it concisely by saying ‘Put cyber security on the agenda before it becomes the agenda’. 

One very manageable way to achieve this is to see cyber as a strategic issue rather than an IT one. Make sure the local authority workforce are aware of the risks and how they can combat them. Perhaps new employee inductions could include details of how to recognise a cyber attack and avoiding opening harmful malware programmes. 

Of course various security procedures such as firewalls play an important role but user cautiousness is imperative. As October is cyber awareness month, what better time than now to share with you some tips? 

1. Be heedful of email scams
Do you know the sender? Does it seem too good to be true? Does it contain links and attachments? Is it an urgent request? 

2. Protect your computer
Always have the latest anti-virus software installed on your computer to keep it up to date and protected from online threats like malware and viruses. 

3. Check links
Hover over links in emails and you will see the URL of the actual website you are being directed to. You should see it across the link and bottom left of your screen. If this is different to the link originally shown, don’t click it. 

4. Vary your passwords
It’s a pain but the best thing you can do is have a different password for all of your accounts. You should most certainly separate your work from your personal accounts, making sure critical accounts have super strong passwords. You could try lyrics form your favourite song separated by numbers, include a mixture of upper and lower case.

and finally...

5. Never choose to ‘Save Password’
Browsers such as Internet Explorer and Google Chrome are always looking to increase ease of use, this includes offering to save your password, but you should never allow it to. When websites ask if you want to remain logged in, choose no and always log out properly, just closing your browser does not do this.

Jordana Jeffrey
Jordana

Created on Thursday October 13 2016 11:37 AM


Tags: cyber security


Comments [0]








Shellshock Update

Shellshock is a vulnerability affecting the “Bash” shell which is installed by default on most Unix-based systems, such as Linux and Mac OSX. More details are available here: http://en.wikipedia.org/wiki/Shellshock_(software_bug)

To begin with the "executive summary" of the current situation: We don’t believe your This is Focus website would have been susceptible to Shellshock at any point, but all systems are now patched with the relevant security patches in any case.


To go into a little more detail; certain specific conditions need to apply in order to be able to trigger the Shellshock vulnerability, and the information currently available to us about the potential exploits suggest that This is Focus-created websites would not be a possible vector of attack. However, this is a moving target, and information will likely continue to come to light on the subject in more detail over the coming weeks, so it’s impossible to state this categorically.

Even though we suspect your website was safe all along, all servers that we maintain were (and continue to be) continually patched whenever the vendors release security updates for them; we specifically tested all our servers against Shellshock on Friday 26th September 2014.

We currently have no evidence to suggest that any servers we maintain (or any websites we host) have been compromised by the Shellshock vulnerability in any way.

If you have any specific concerns or questions, please don’t hesitate to get in contact with us.

Neil Smith
Neil

Created on Tuesday September 30 2014 11:12 AM


Tags: security


Comments [0]








Heartbleed OpenSSL Vulnerability

Heartbleed OpenSSL Vulnerability

By now, you may have heard of "Heartbleed", a security issue that was announced earlier this week in OpenSSL, which provides the https/SSL security to a significant percentage of the internet's websites (and email services etc.)

It's estimated that Heartbleed affected about 17% of all secure websites at the time of its announcement, and it's a bad issue - it theoretically means that someone can read secure SSL-protected data.

First of all, from a This Is Focus viewpoint, we can confirm that only a very small number of sites we host were ever affected, and those were upgraded within a few hours of the fix's availability - meaning that they're no longer vulnerable. Remember, this issue only affects you if you're running an https:// (SSL) website.

So what does Heartbleed mean? Without going into too much technical detail, it effectively means secure websites were potentially only as secure as non-secure websites - an attacker could see details passing between you and the website whilst they were "in transit" between them.

That's still fairly secure, to be honest - an attacker couldn't see your password unless they were either on the same network as you, your website, or somewhere in between. If you're on your own network (and not, say, on public WiFi), it's still difficult to achieve for a casual attacker - it's only practical for serious, large-scale attackers.

Having said that, the problem has affected a lot of very popular websites - including, but not limited to, Google, Facebook, Yahoo, Dropbox and Pinterest - so it's theoretically possible that someone could have grabbed your passwords for those sites. All those sites have swiftly applied fixes, however. So it's not a bad idea (it's never a BAD idea!) to change your password on those sites, as well as any other sites where you use the same password. (Which ideally, you shouldn't!)

So in summary, everyone should have applied these fixes by now - we have, and all the sites mentioned above have - but it's worth asking/checking if you rely on the security of any other sites.

And this could be a good reminder to change your passwords!

Neil Smith
Neil

Created on Friday April 11 2014 10:10 AM


Tags: website ssl security


Comments [0]