Category: Guidance

Free Website Audit Report

There are numerous versions of the basic email message about a free website audit.

This is because most of these messages aren’t from professional scammers but from people desperate to get work in the fields of website design, search engine optimisation, digital advertising etc.

The problem with these emails is that they are often full of lies. People seem to think it is acceptable to lie when writing Sales/Marketing messages BUT IT ISN’T.

An example from one of the more courteous versions sent to the radio station.

 “Hope you are fine. I was going through your website and I found it impressive!!! However when I search for your business keywords I see your competitors ranked on 1st page whereas I am unable to see your website anywhere on the 1st page of Google.

Then lots of stuff about why you have to be on the 1st page of Google to be noticed.

The website URL is never mentioned therefore he hasn’t looked at it.

He hasn’t searched for our business keywords as he clearly doesn’t know what they are.

He says our competitors are on 1st page Google.

What competitors are those? He clearly has no idea.

Then a list of issues with our website and these issues are all very general as he has not looked at our site and hopes by luck to find a fault that either our site does have or one that would worry us.

  • Low online presence for many competitive keywords
  • Unorganised social media accounts
  • Not compatible with all mobile devices

Then he mentions the audit report for our website which he has already prepared and will send us free of charge.

There is software that will automatically analyse websites and prepare a list of recommendations.

Presumably he could use such software to prepare a report if we actually replied saying we wanted to see it.

The whole email is a pack of lies, sadly. The company name and email address seem to be genuine and based in India and Singapore but that’s the only true part.

If you want website design, SEO or other such services then find a local company that has good customer reviews and can provide what you want but never reply to or try working with people who send out such blatant lies.

If you want a free audit report of your website – there are numerous ones available on the Internet, but do understand the reports are generic and every website is different which the automatic reports cannot recognise.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

GDPR has Landed

GDPR is the latest EU regulation intended to give consumers better protection for their personal information held by government, businesses and any other organisations.

And today’s the day it becomes Law.

GDPR may make a worthwhile difference for consumers as it puts pressure (and the threat of large penalties) on businesses to use clear concise language, make it clear what they want your data for and exactly how it will be used, ensure they have your consent for such messages and give you an easy route to making them delete all personal information.

You’ve probably had requests recently in the post or online from businesses wanting to stay in touch with you after today. This is because from today they have to show that you chose to allow them to contact you – not just assume it was OK as often happened in the past.

Plus many are taking the opportunity to revamp their policies over Marketing messages etc.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

 

How Common are Ransomware Attacks

“Ransomware threat on the rise as almost 40% of businesses are attacked”.

Security firm Malwarebytes surveyed companies and found one-third of victims lost revenue as a result of a ransomware attack.

The downtime caused by the ransomware rather than the cost of paying the ransom is what can kill a business.

Malwarebytes™ (software company selling anti-malware products) released its “Second Annual State of Ransomware Report”. The multi-country study surveyed 1,054 companies with no more than 1,000 employees across North America, France, U.K., Germany, Australia, and Singapore. More than one-third of businesses have experienced a ransomware attack in the last year. Twenty-two percent of these impacted businesses had to cease operations immediately.

Key Findings

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise.

The impact of ransomware on SMBs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMBs that experienced a ransomware attack, 22 percent reported that they had to cease business operations immediately, and 15 percent lost revenue.

For many, the source of ransomware is unknown and infections spread quickly. For 27 percent of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected. Further, more than one-third of ransomware infections spread to other devices.

The most common source of ransomware infections in U.S.-based organizations was related to email use. Thirty-seven percent of attacks on SMBs in the U.S. were reported as coming from a malicious email attachment and 27 percent were from a malicious link in an email.

Seventy-two percent of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cybercriminals’ ransom demands, about one-third lost files as a result.

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

UK Government Cyber Essentials 10 Step Plan

 

This is a summary of the UK Government 10 step plan for Cyber Essentials, which is designed for organisations looking to protect themselves in cyberspace.

1.     Risk Management

Embed an appropriate risk management regime across the organisation. This should be supported by an empowered governance structure, which is actively supported by the board and senior managers. These should aim to ensure that all employees, contractors and suppliers are aware of the approach, how decisions are made, and any applicable risk boundaries.

2.     Secure Configuration

Identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems. Develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities.

3.     Network Security

The connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding. Your organisation’s networks may use of mobile or remote working, and cloud services, makes defining a fixed network boundary difficult.

4.     Managing User Privileges

All users should be provided with a reasonable (but minimal) level of system privileges and rights needed for their role. The granting of highly elevated system privileges should be carefully controlled and managed.

5.     User Education and Awareness

It’s important that security rules and the technology provided enable users to do their job as well as help keep the organisation secure. This can be supported by a systematic delivery of awareness programmes and training that deliver security expertise as well as helping to establish a security-conscious culture.

6.     Incident Management

Invest in establishing effective incident management policies and processes to help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact.

7.     Malware Prevention

Malicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. The risk may be reduced by developing and implementing appropriate anti-malware policies as part of an overall ‘defence in depth’ approach.

8.     Monitoring

System monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies.

9.     Removable Media Controls

Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.

10.Home and Mobile Working

Mobile working and remote system access offers great benefits, but exposes new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers.

https://www.ncsc.gov.uk/guidance/10-steps-cyber-security has further information.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

Why You Need Double Opt-In Marketing

With single opt-in, you let people sign up to your newsletter, subscription or whatever by simply clicking once on a link or filling in a contact form etc.

But double opt-in takes this a stage further and you have to get the person to either return an email confirming their registration or  click on another link in an email to confirm.

Hence it is a two-step process to register.  This extra step will mean you lose some people, who would have otherwise registered with just the single opt-in, but there are advantages to double opt-in and it becomes law in May 2018 with the European Directive General Data Protection Regulation (GDPR).

From May 2018, consent for processing personal data and any Marketing communications must be freely given and unambiguous i.e.no pre-ticked boxes, generic descriptions or over complicated terms and conditions.

GDPR also states that companies must keep a record of how and when the customer gave such consent. The double opt-in method is considered the easiest way to comply.

If you’re offering incentive to get people to sign up to your subscription or newsletter etc. then there are likely to be many people who sign up but with fake email addresses and spambots that try to sign up.  This means that many of the email addresses on your list will be bogus and hence you will be wasting your time sending out emails to them.

Double opt-in takes care of this as only people who give correct email addresses will sign up and if the second stage of confirmation has not put them off then you have a better quality email list.

So, double-opt-in as well as becoming a legal requirement may actually help you.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Identify Ransomware

If you are hit by Ransomware, you need to block off the attack by removing Internet access from your PCs and  servers,  stop any encryption processes in progress and any other processes running that shouldn’t be running.

Then the first stage of investigation is to identify what you’re facing and the website https://id-ransomware.malwarehunterteam.com/ is a good starting point.

You upload one encrypted file or the file that is the ransom message to this website and it will try to identify the variant of ransomware. Currently it can identify more than 500  different variants.

For each there is extra information which can tell you if there are decryption keys available on the Internet.

Some anti-hackers try to find the decryption keys and post them freely, but the blackmailers do know this and try to stay of ahead of them by using new variants for which there are no keys available except for the one held by the blackmailer.

The website is run purely as a free service to the public and does not decrypt files for you – you need an IT  professional for that (assuming it’s possible as many cannot be decrypted without a key from the blackmailer)

If you have a suspected virus rather than ransomware then there is a website that may help to identify it  at https://www.virustotal.com

As always, the advice is that it’s best to avoid being held to ransom – ensure you have adequate systems protection in place, staff that have been educated on the danger of cyber attacks, regular backups (including off-site) and have a plan in place to deal with a ransomware attack.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature