Why you should be responsible for your own web security 1

Why you should be responsible for your own web security

Recent significant hacks by cyber-criminals have increased the level of cyber-security awareness. Many now know that no site is safe from cyber-attacks and it is up to the individual website owners to take up ownership of the security of their site.

Here are a few ways you can keep your website secure and reduce the risk of attacks:

Keep plugins up to date

Ensuring your plugin is continuously up to date is necessary to ensure the safety of your site. Updating a site’s plugin must be applied to both the server operating system and any software you may be running on your websites these include a Content Management System (CMS) or forums. Vigilance is vital as hackers are quick to exploit any weakness in the system. If you are like most, who are unable to keep track of which plugin to update, using a managed hosting solution would be a preferred choice. Allowing automatic updates saves you massive headaches in the long-run and helps you to save money as well.

Protect against Cross-site scripting (XSS) attacks

Cross-site scripting (XSS) attacks are the injection of malicious JavaScript into your pages, which then takes over the browsers of your users, site defacement, or steal valuable information. Enabling a Content Security Policy (CSP) helps to detect and mitigate these attacks.

Beware of error messages

Be more cautious with the amount of information you are giving away when replying error messages. Confirm the source of error messages first and do not disclose sensitive pieces of information such as API keys or database passwords).

Use HTTPS

HTTPS is a protocol used to provide security over the Internet. HTTPS guarantees that users are using the right server and that nobody else can intercept or change the content they see in transit. Sites that are involved with e-commerce or handles sensitive information such as a customer’s credit card number or account login information requires HTTPS protocol to prevent these sensitive pieces of information from falling into the wrong hands. Notably, Google has announced that SEO rankings of sites with HTTPS are enhanced, positioning these sites at a higher ranking on Google search.

Interested in protecting your website from malicious hackers? WebNIC provides comprehensive web security features including SSL certificate and anti-malware solution to ensure adequately safeguarding of sites. Find out more here.

When to Buy an Organization Validated (OV) Certificate? 2

When to Buy an Organization Validated (OV) Certificate?

Assuming you are operating a traditional business trying to go online, or a small to medium-sized e-commerce enterprise that plans to publish contents, products or provides materials on a consistent basis, ensuring customer confidence in your site leads to good traffic and contributes to organic growth. To ensure that site visitors are safe when visiting your site you have decided to have SSL certificate on your site but with the various SSL certificates out in the market it can be difficult to determine which is the most suitable for your site.

When it comes to SSL certificates, it is vital to understand the goals of your website. As a small-medium enterprise, you might have probably heard of applying for an organization validation certificate to protect your website, but have some reservations due to the high price point. Let’s take a moment and have a look at the benefits of having an OV certificate.

OV certificates are considered a more secure SSL certificate for e-commerce businesses. That is because before the certificate authority (CA) grants an OV certificate a mandatory call to the requestor determines the applicant’s authenticity.

The CA verifies if the business adheres to the following features before issuing an OV certificate:

– It exists under the stipulated name
– Listed address of the business is genuine
– It owns the domain name

Once the CA verifies the above criteria to be genuine, the applicant receives an OV certificate and places it on the site.

The benefits of OV certificate

An OV cert displays name of the organization in the certificate. Listing the name of the organization confirms the existence of the organization, allows visitors to view and validate the ownership of the site, and verify that their private data securely transmits to the intended recipient. Hence, sites with an OV certificate are deemed to be more secure and trustworthy especially for websites conducting transactions online.

As more cybercriminals are conducting phishing scams online, it is up to website owners to be more vigilant in protecting their visitors who are conducting a transaction on their websites. Getting an OV certificate although expensive can potentially save you much money and safeguard your reputation in the market.

WebNIC provides comprehensive security features including SSL and antimalware software to ensure adequately safeguarding of sites. Visit here to view our SSL offers.

Startup friendly SSL is coming… 3

Startup friendly SSL is coming…

At Webnic, we are continually searching to expand our product range to enable our resellers to provide business value to their end customers, thus increase their profits along the way.

We are proud to announce our collaboration with Comodo, one of the leading SSL certificate providers in the market. Comodo has been positioned as one of the starts up friendly SSL brands in the market from its product and price range offering.

We will be launching Comodo with attractive rebate and bundle promotion in coming July. Be sure to watch this space!

As the largest Internet service provider in South East Asia, WebNIC offers a plethora of Internet service solutions including domain name, ccTLDs, SSL certificate and web security. Interested to join as part of our 4,000 resellers? Click here to find out more.

How SSL and Anti-malware Improve Your Level of Web Security 4

How SSL and Anti-malware Improve Your Level of Web Security

Previously we have covered on how to determine when a website is secure and have identified the types of secure sockets layer (SSL) in the market. Visit this link to find out more https://www.linkedin.com/pulse/when-secure-site-safe-webnic-cc/. For this article, we will cover how a website can increase the safety of their website using only two web security methods.
Firstly SSL,
Ever since web browsers have been pushing hard on SSL adoption more websites have already started to adopt SSL as part of their web security features; assuring web visitors peace of mind when visiting and conducting transactions on their site. Users have also been more aware of what to look out for when visiting a website. Features such as an https:// web address, closed padlock, and in some cases, a green bar can identify if a website SSL secured.

So what are benefits of SSL?

1. It protects sensitive data.

Transaction through a website with SSL certificate ensures that your information is encrypted. Meaning data transacted from your computer is locked and opened by the intended receiver. No one else will have the key to unlock it preventing criminals from obtaining your information.

2. Provide authentication to a website

When a website has SSL certificate rest assured that an independent third party known as the Certificate Authority (CA) will verify the identity of the site. Identity verification is the most crucial aspect of web security, and it is one of the primary tasks of SSL certificate.

When installing SSL certificate, a validation process is required and will ensure its validity. Depending on the type of document, the CA will verify the identity of the individual website owner or the organization. Once confirmed, trust indicators will be placed on the website affirming that the site is secure for a transaction, improving customers trust when visiting the site.

3. SEO, SEO, SEO

Search engines have been ramping up their systems to encourage the adoption of SSL certificates. Thus right now https-enabled websites are given a higher priority in search rankings.

Secondly Antimalware,

Having SSL certificate alone is not enough to protect your visitors and customers from online criminals. While SSL protects data and affirms your identity, there are still many other ways criminals can gain access and steal sensitive information.

One of the more common ways online criminals gain access to your website is by subtly installing malware. A website infected by malware is affected in several ways:

1. Stolen sensitive data

2. Traffic directed to another site

3. Site’s appearance altered

4. Spam keywords or comments injected into website copy

The risk of a website being hacked increases according to the number of features it has. Unmonitored features for regular updates such as social media links and plugins are vulnerable to website hacks.

Such attacks will lead to blacklisting on search engines, loss of customers and eventually a loss of profit. An antimalware software solves this by:

1. Provide alerts for any vulnerabilities or malware on the website

2. Automatically removes malware

3. Updates plugins as soon as a new security patch is available

4. Remove unused plugins for over a year

In today’s ubiquitous Internet environment the probability of a website being hacked in on the rise. It is the responsibility of website owners to ensure the safety of their visitors and customers when visiting or purchase a product on their site.

Interested in protecting your website from malicious hackers? WebNIC provides comprehensive security features including SSL and antimalware software to ensure adequately safeguarding of sites. Find out more here.

When a Secure Site is Not Safe 5

When a Secure Site is Not Safe

Ever since Google started marking sites without HTTPS, getting your site secure is no longer an option. So how do you get your site secured in the first place? In most cases, you will have to purchase a secure sockets layer or most commonly known as SSL. SSL’s are categorized into 3 different types, the cheapest and least secure being the Domain Validated (DV) Certificate, followed by the Organization Validated (OV) Certificate and the most secure being the Extended Validation (EV) Certificate. All certificates must be verified by the Certificate Authority (CA) prior to issuance of an SSL certificate.

Here is a break down on what they are:

Domain Validated Certificate (DV):

– The most common type of certificate.
– Free sources often found online.
– CA only exchanges a confirmation email or owner places a verification file provided by the CA.

Organization Validated Certificate (OV):

– Requires more validation thus providing more trust.
– CA requires applicants to be actual businesses Highest level of security
– The organization name is listed in the certificate ensuring the website and company are legitimate.

Extended Validated Certificates (EV):

– Easily recognized by a “Green Bar” implemented in the address bar
– Name of organization is shown in the address bar
– Thorough authentication to determine the organization’s domain ownership rights and organization is bound to a subscriber agreement.

Chrome

When a Secure Site is Not Safe 6
So you might be asking if all these free DV certificates out there are able to provide you with the minimum encryption required by Google why bother paying for an SSL certificate? Well, here is where you are wrong. Secure does not necessarily mean safe. As with all freebies, many shortfalls will be attached to the product (See Below).

When a Secure Site is Not Safe 7
Although cost is a major factor when running a business, getting a free DV SSL to protect your website might cost you more in the long run. Paying for an SSL that provides more security such as an OV or EV certificate will be beneficial to your business in the long run and allowing you to focus on your bottom line without worrying about the technical stuff.

As the largest Internet service provider in South East Asia, WebNIC offers SSL solutions from RapidSSL, Thawte, and GeoTrust ensuring our partners and their customers are safe browsing the World Wide Web. Click here to join us as a web-service reseller.

Facts about web security that you didn’t know about 8

Facts about web security that you didn’t know about

Amidst recent headline-grabbing website hacks big corporations and individual website owners alike are still in a state of ignorance about the need for a web security solution for their website. Think that hackers will only break into the website of big corporations? Think again.

Here are some statistics that every website owner must know:

1. A total of 99% of website attacks occur in blogs, small businesses and non-profits.
2. A brand value will decline by as much as 30% after a web security breach.
3. A total of 30,000 websites are compromised every day.
4. As many as 29% of the web runs on WordPress, Joomla! or Drupal that requires constant updates and 80% of those are outdated.
5. 44% of small business experienced a hack in the year prior. Losing as many as 65% of their customers.

If you are wondering how often hackers attack a site, here are more statistics for you:

1. The average information website deals with 22 attacks per day and up to 8000 attacks a year.
2. As many as 60% of websites that have been infected will be hacked again within 3 months of the initial attack.

These alarming statistics indicate that hackers do not discriminate when it comes to attacking a website. More often than not it is the Small Medium Enterprises (SMEs) who are more vulnerable to such attacks since most are too busy to think about security in depth or lack the resources to consistently run updates and patches on their Content Management System (CMS) platform such as WordPress, Joomla! and Drupal.

So why do you need website security?

1. Protecting customers’ information
Protection your customer’s information should be your number 1 priority. The digital age has become more porous than ever allowing a free flow of personal information across the web. As such customers are worried about security risks of the Internet with identity theft being the number one concern.Therefore, to increase customer confidence in your website ensure that your web security provider includes a security seal. Security seals are becoming more common as a means to reassure customers that the site is secure.

2. Protect your brand and reputation
Any security breach regardless of its magnitude will affect your reputation significantly. Websites that have been identified as a security risk will lose visitors quickly reducing the chance of recurring customers as well. Once the damage is done recovering from a web security breach will be difficult. Hence, when it comes to website security, prevention is always better than cure

3. Improve SEO ranking
Google detects a total of 10,000 malicious sites per day. Don’t allow one of it be you! Once a website has been identified as a security threat search engine will reduce its SEO ranking significantly to protect their customers. As customers become warier about internet risks, search engines are ramping up their search engine crawler providing a safe environment for their customers to surf the net.

As the largest Asia ccTLDs provider, Webnic has partnered with SiteLock, the fasting growing web security solutions provider to educate and provide web security solutions to our resellers. Click here to join us as a web-service reseller.

Keep your website private using WHOIS protection 9

Keep your website private using WHOIS protection

Once you purchase a domain, a collection of information such as your name, address and telephone number will be published.

Here’s why you should keep your private information well… private.

1. Identity theft

WHOIS protection keeps your identity from being stolen by identity thieves and prevent them from using public accessed information irresponsibly misrepresenting you and your businesses.

2. Have complete control over how people reach you

A private domain ensures visitors can contact you using specific information that you provide on your website. Preventing unwanted individuals from finding your personal contact number and address.

3. Spam

Without WHOIS protection your information could be harvested by marketers and then sold to corporations and organizations looking for an email database to sell you their products and services!

With cybercrime on the rise keeping your personal information private from prying eyes is essential.

WebNIC will be launching WHOIS ID protection free of charge soon for all gTLDs to ensure everyone will be protected!
To find out more visit https://www.webnic.cc/how-to-sign-up-as-reseller/.

Back To Top