Thinking About Risk
As many bloggers have found out in recent times, the ease and joy of setting up a WordPress self-hosted blog can turn sour quickly. Reality strikes in many forms – hackers, hosting service issues, getting blocked by Google and countless other risks.

In the off-line world natural disasters, fire and flood can also put you out of business if you have data hosted on computers and servers in high-risk areas.

Are you running a business or is this a hobby?
If you are treating your sites as a business and a source of revenue, it makes sense to apply sound business continuity practices to protect you and your visitors. You should have a Business Continuity Plan and Disaster Recovery Plan.

What Is A Business Continuity Plan?
According to Wikipedia, a BCP (Business Continuity Plan) is “…the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption”.

Let me translate: You must have a plan to recover from natural or man-made interruptions to your business. If you don’t, you are risking everything you have invested in your on-line business. So, what are the parts of a Business Continuity Plan?

For a large business with buildings and people working onsite, a BCP is fairly complex. The scope here is to focus on the small to medium on-line business primarily running in a virtual structure in cyberspace.

Here are some key points for building your plan:

Assess Risks and Take Action
Take the time to go over the things that could happen to your site. The focus here is the virtual world where your data is hosted but don’t neglect to evaluate your physical office, too. Once you have your list of risks, investigate options to mitigate those risks.
Risk – your hosting service is hacked either due to weak server security or outdated code. Be sure and have your part under control by keeping all code up-to-date. If your hosting service is a problem, you will need to consider moving your sites.
Other risks range from a crashed drive on your laptop to someone stealing your WP-admin user and password information. These and many other risks need to be accounted for and plans made to recover.

Backups – Your First Line of Defense
My friends at WPSecurityLock put it “We have backups of our backups!”. In the business world, data is a key asset and has to be protected. Get your backup strategy in place. At minimum back up locally as well as remotely. Windows has a backup utility built in. Use it! I also recommend an online service to keep your data safe. More articles on this crucial subject are in the pipeline. Stay tuned for more information.

Who has a Business Continuity plan in place? For extra credit…Who has tested their plan?

This is NOT the way to manage your passwords!

“Internet Change Your Password Day”

This new annual event has been created by Internet Tech Guy to remind you to change your passwords on a regular basis.

Start with these tips and take action to celebrate Internet Change Your Password Day!

• Make your passwords at least 14 characters…really!
• Make your passwords a mix of letters, numbers and special characters.
• Make your passwords unique to each account – don’t use the same password over and over.
• Manage your passwords in a secure way – sticky notes under your keyboard will not suffice.
• For more ideas on password management, see my earlier post below.

              What is YOUR password management system? I like Roboform – how about you?

We would like to send out a big thanks to everyone that participated in National Cyber Security Awareness Month!

I hope everyone will be more alert and PAY ATTENTION while on line.

‘Tis the Season!

The holiday season is coming upon us quickly and the retailers aren’t the only ones looking forward to sales and profits. The bad guys will seek ways to take advantage of the increased email traffic and scams and phishing attempts will be flying like reindeer. We at Internet Tech Guy remind you to keep alert and Think Before You Click on any suspicious or even non-suspicious emails.

Let’s all have a safe and happy season!

As you know, this site is very focused on computer and Internet Security. Because of this focus, we at Internet Tech Guy fully support and endorse National Cyber Security Awareness Month (NCSAM).

This campaign has been conducted every October since 2004. It is a national public awareness campaign to encourage everyone to protect their computers and transactions on the internet. Here is a quote from the site Stay Safe Online:

“Cyber security requires vigilance 365 days per year. However, the Department of Homeland Security (DHS), the National Cyber Security Alliance (NCSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), the primary drivers of NCSAM, coordinate to shed a brighter light in October on what home users, schools, businesses and governments need to do in order to protect their computers, children, and data.”

Please do your part in these endeavors. The Internet is a fabulous resource shared by the world but it is not free of dangers and risks. Get smart about staying safe online by educating yourself, your family, and your company what it takes to get safe and stay safe – online!

This month our friends at WPSecurityLock are hosting a Website and Internet Security Telesummit. These events will take place during the month of October. Click here to sign up for these important and informative events!

“Get Safe and Stay Safe on your PC, Laptop and the Internet”

My friend Regina Smola over at WPSecurityLock.com has written an excellent article on hosting services.

Click on over to read and learn from her experience helping hundred’s of folks to secure their WordPress blogs… (Read the article here)

Internet Tech Guy wants to help spread the word to “Get Safe! Stay Safe!”

Many folks got hit today (September 10, 2010) with a fast-spreading virus with a not-so-masked URL to a domain in the UK.

Please do not click the link! Pay attention to all email and think before you click. Here is a quote from my bank’s website:

“My Bank” is aware of a global e-mail virus with the subject line “Here You Have” or “Just For You” that contains a fast-spreading e-mail worm that mails itself to all the victim’s e-mail contacts. When the e-mail is opened, the victim sees a short message and a link that appears to be to a PDF file. If the PDF file link is clicked, the computer downloads the worm virus and propagates itself by sending e-mails to everyone in the victim’s e-mail address book. If you receive the e-mail message, delete it without clicking on the PDF link. Also, ensure your computer is updated with the latest antivirus and firewall software, anti-spyware and pop-up blockers.

Internet Tech Guy recommends you add common sense to your tool kit and NEVER click on a link from a source you don’t know.

Get Safe! Stay Safe!

Whether we are casual web surfers or dedicated on-line business people, the primary tool in our technology kit is our web browser. In fact, the various browsers our visitors use shape much of the experience when they come to your site. With this in mind, pay attention to our blogging so that your site is attractive in the major browsers.

The debate over which is the best of the bunch goes on year after year. Many of us have settled on Firefox as our favorite but Chrome and Internet Explorer are stirring up the pot. Here is a quick overview and some ideas on how to use the most popular browsers. The big three are Firefox, Internet Explorer and Chrome.

Firefox is by far the most customizable and the countless plug-ins and add-ons have made it the favorite of on-line business people and serious surfers alike. For the security conscious the “No Script” plugin is a must. The community supporting Firefox is wide-spread and passionate and there is constant work to improve the experience. Though all of these contenders now include tabbed browsing, Firefox pioneered it years ago.

Internet Explorer 8 is a pleasant experience to use now, once you get past the set up pushing Bing and the “Live” products from Microsoft. All the major browser now share tabbed browsing, integrated search engines, custom toolbars and other features that have become common in today’s browser market.  For a good read, see what Microsoft has to say about security in IE8 in their comparison chart. It will be interesting to see what Redmond comes up with in IE 9.

Google Chrome is coming on strong and according to most surveys and speed tests, it is the leanest, meanest and fastest new guy on the block. Once more Google has struck gold with the browser which is a precursor of a coming Operating System of the same name.

There are other choices out there. If you own an iPhone or iPad, you are familiar with Safari. Safari has been improved and works well now in the PC world. One of the cool features is “Safari Reader” which highlights articles on sites by dimming out the sidebar content (which can be quite distracting). If you research a lot of articles, this alone may make it a choice for your browser toolkit.

Opera has a cult following and the iPhone version, Opera Mini,  is particularly attractive to me. It is a rapidly evolving browser and is currently on version 10x. One of the standout features of Opera is searching from the Address Bar. This is quite convenient at times.

So which browser do you choose? The contrarian answer is ALL OF THEM!  Here is what I recommend. Pick your primary browser for input work – writing your articles and blogging. My choice is Firefox. Then choose a secondary for other parts of your business – mine is Chrome. Finally, you cannot ignore Internet Explorer. Always check your blog posts and design in IE. It can be embarrassing to proudly link to a new post that look terrible in IE. Do good work and pay attention on your web presence through whatever browser lens others are using.

We are  in a connected world with our PC’s Laptops and SmartPhones  providing a  window to the Internet. However, we must keep our passwords safe so that those on the outside cannot look in! To get around in that world requires different levels of security. To simply surf the web catch up on the news is not a big risk, but going to your banking sites to pay bill IS a significant risk. Take the explosive growth of  Social Media; Twitter and Facebook provide anyone and everyone with a web browser ways to learn all about you. The recent buzz about Facebook and its privacy policy has made big news lately. For an eye-opening experience, click over to http://www.spokeo.com/. This site is a virtual white page phone book – except on steroids! Take a moment after reading this article to go over there and search on your own name. You will see a glimpse into your public web profile.

Get Secure And Stay Secure With Strong Passwords

Because there is so much data out there, don’t help by giving the bad guys a head start. Secure your digital world with strong passwords and good security practices. You do not want your User Names and Passwords to be part of the information easily accessible by strangers. One of the fastest growing crimes is Identity Theft. Companies such as LifeLock are capitalizing on the fear of having your identity stolen. Identity Theft Prevention is now a business that did not exist twenty years ago. Many of us have been victims or know of someone that have had accounts compromised by malicious hackers. It is frustrating and costly. So by now you should be convinced that security is important and you should be paying a bit more attention to your password habits. Here are some suggestions on taming the password beast while protecting your identity and assets.

Password Generation – DIY manual method using phrases

The first area to consider is password generation. When confronted with a requirement to create a login for a website, folks often go the easy route and use a memorable password they use on countless other sites. This is no longer a safe option in today’s world of sophisticated hackers. You must use strong passwords. Don’t neglect your User ID either. If possible, don’t use your email address and use the maximum characters that fit the criteria for a user name.

Here are some guidelines from Microsoft. The full list is available at http://www.microsoft.com/protect/fraud/passwords/create.aspx According to the article, the “keys to password strength are length and complexity”.

An ideal password is long and has letters, punctuation, symbols, and numbers.
Whenever possible, use at least 14 characters or more.
The greater the variety of characters in your password, the better.
Use the entire keyboard, not just the letters and characters you use or see most often
One DIY way to generate a good password is to take the first letters of a sentence of at least 10 words and turn that into a password. Here’s a suggested method: Using the sentence “A strong password will protect you from malicious hacker attacks most of the time”. Take the first letters of each word, like this: aspwpyfmhamott. Now substitute the @ sign for “a”. This results in @spwpyfmh@mott. Now change the “S” to $ and capitalize some of the letters, like this: @$pwpYfMH@moTt. Finally use a number or two to add complexity to your strong password, as shown here: @$pwpYfMH@m0Tt. This changed the “oh” to “zero”. This is a strong password that you might even be able to remember. Most likely you will need to store your passwords in a trusted system, or password safe.

Password Generation – Automated

There are also software tools and web-based sites that will generate strong passwords for you. If you don’t want to go through the steps above to manually create a strong password, try http://strongpasswordgenerator.com/ Choose the 14 character option and check the box to include symbols. Another online site for auto-generating complex passwords is at https://secure.msdservices.com/apg// A commercially available password management tool might be the solution for you.

Three Password Management Tools

If you have used the DIY or automated tools to generate strong passwords, how do you keep track of them? Do you use a spreadsheet, 3×5 cards or stickies on your monitor? This may suffice if you have one computer in a secure location at home. But if you are a road warrior or mobile worker you will need an another solution. Options include carrying a USB drive with your password information on it or online password management system. My recommendation is to use an online system so that you can access your sites from anywhere. Here are 3 tools to consider.

Keepass
Keepass is a free password management system that is open source (OSI certified). It has many strong features including the ability to be run from a USB drive on any machine without installing on a Windows machine. It is secured by a master password or key file and encrypts the database. If you are on the geeky side and would like to have the ability to look at source code, Keepass is for you.

LastPass
LastPass is one of the new players in the password management space. It is browser based and supports Windows and Mac as well as mobile devices. LastPass has a free version as well as a subscription based paid model. The premium version costs $1.00 per month and adds many features including mobile device support.

Roboform
The long standing favorite is Roboform. It is available as a 30 day trial as well as a paid version, Roboform Pro. I have trusted friends that have  used it for years and highly recommend it. It is a password management system as well as an auto-form software that fills out the forms necessary to setting up accounts or making purchases online. There are many favorable reviews on Roboform so you can be assured it is cream of the crop.

There are other contenders in the marketplace. Do your research, but take action now and manage your passwords to keep your information safe. Your business, reputation and bank account are at stake!.

Get Secure! Stay Secure!

Allen Dresser

http://InternetTechGuy.com

The aftermath of the on-going hacks directed at major hosting services continues to cause pain with those trying to clean up and restore their sites. Once again we at WPSecurityLock.com want to stress that these attacks are not limited to any one platform or any one hosting company. We have had reports for not only WordPress installations, but Joomla, Pligg and “Simple Machines Forum” as well.

This afternoon, Go Daddy reached out to us … click here to read more over at WPSecurityLock.

On May 1, 2010, Hosting providers were hacked again with malicious attacks similar to last month containing the kdjkfjskdfjlskdjf dot com code. WPSecurityLock has reported several sites that have been hacked for a second time. The variation appears to be the same script redirecting to different domains.
The recent attacks on self-hosted WordPress blog sites has expanded to the Joomla and Pligg platforms as well as WordPress…. Click over to WPSecurityLock to read the rest of the story