• You are here:
  • Home »
  • Archive: November, 2016

Archive Monthly Archives: November 2016

Security Alert: Phishing with fake DocuSign

Please think before you click. This afternoon, I received a message from a person I know well, but the message was out of character. Since she is a partner in a well-known and respected architectural firm in Seattle, I responded to her message indicating to her that I thought she had sent this to me by mistake.

I got back, almost instantly a message indicating it was a document she wanted me to review.

The response message was also a bit suspicious because once again, there was no personalization. So I called her. She was out for the afternoon, but the receptionist asked me if I got an email from her and then let me know that her email had been hacked and their IT guy was working on it.

The entire message thread is shown below:

Many business people recognize DocuSign as a respected way to legally sign documents and is a 100% legitimate and security conscious company. The combination of the well-respected firm, a known relationship, and DocuSign, nearly caused me to click the link

I checked the header of the messages sent, and these messages were not spoofed but sent from her actual Office365 email account. The fact that her IT department was working on it, while the perpetrator was still responding to messages was my biggest concern. Cyber security is a job for all of us.

If you have not already done so, please review the steps you should take WHEN you find out your email has been hacked. And share this with all of your employees and customers. In this case, the first and most important step was not taken.

Continue reading

Perform a website audit

Many website owners take the Ron Popeil approach with “set it and forget it” and while that may work for roasting chickens, it is a terrible web strategy. If it has been awhile since you reviewed your own website, now is an ideal time to do it. Here are 8 things to look for when you are doing a website audit.

  • Check out your title tags.The title of your website is a critical factor when it comes to the major search engines understanding what your website is all about. A good title should be less than 55 characters and should contain a keyword (or two) that you want your website to be found for in a search.  The title tag appears in the tab of your browser and in the search engine results page. Check out the titles on your website pages.  If they are all the same and non-descriptive it is time to update them with more relevant and search friendly titles (see how to update titles in WordPress or the ProFusion UIS)                
  • Update content.Things can change rapidly in business. What was true about your company and its offerings when you launched your website may not be relevant today. Be on the lookout for:        
  • Making sure all of your products and services are represented on your site
  • Employee profiles are current.
  • News stories and press releases are up-to-date
  • Add video content.Processing over 3 billion searches per month, YouTube is now the 2nd largest search engine. Video content is becoming more and more important for your business. Share your process, products, promotions and people with short video clips that can be uploaded to YouTube and embedded on your site. Check out our tips on how to DIY a great video!    
  • Contact Information. Your contact information (address, phone and email) should be located and easy to find on every page of your site. 
  • Refresh graphics.Do a quick once over on your site. Do your graphics look crisp and clear? Do they load quickly and are sized properly for use on the web? If not, it is time to edit the graphics and re-upload them.    
  • Social media accounts.Can people easily find links to your Facebook, twitter, LinkedIn and other social media accounts? Adding a clickable logo to your page makes this easy for all users to find and use.    
  • Cross links.Linking from one page of your website to another is an easy way for users to find and access information on your site. If in your opening paragraph on your homepage, you talk about one of your products, be sure to link the product name on the homepage to the product page. Creating these links can also be good for Search Engine Optimization. Add these links from one page to another where it makes sense and seems logical for the user.      
  • Optimized for mobile.This is no longer an option or a nice to have feature. Having a mobile optimized site is an absolute must for businesses. With over 50% of searches being done on mobile devices, if your site isn’t optimized for those users you are very likely losing out on a lot of potential business. Check out what your website looks like on a mobile device. If it is not optimized for a smaller viewport, give us a call to see what it would take to mobile optimize your site.       

These are just a few critical items that you can review your website for to make sure your site is an asset to your company.

If you’d like us to run a comprehensive website analysis on your site, let us know! An annual website review can be a great way to start your marketing and sales planning for the new year. Request your website evaluation today!

Continue reading

What to do when your email gets hacked

Notice, we did not say if, but when. The number and sophistication of attacks is increasing all the time. For most companies, you fall into one of three camps,Been hacked will be hacked

or have been hacked but do not know it. We felt it would be a good time to remind folks of first steps when a hack has been discovered.

First, disconnect your network or infected systems from the Internet. Your priority is to stop further harm.

Second, clean the infected devices and restore from the last known clean backup. Restoring from a time before the hacker attacked is the fastest way to undo what has been done.

Third, determine how the hack was perpetrated and what information may have been compromised or what files were infected. Examining log files can be tedious work, but will provide logins and activity that can show you how the attack was initiated.

Fourth, make sure you notify affected users. This can be an uncomfortable step, but must be done to protect users and help prevent the problem from spreading.

Fifth, take corrective action. Hackers gain access most frequently by exploiting known vulnerabilities and secondly by careless users. Remind all users of security policies, and the need for strong, unique passwords that are not shared between users. Ensure that your system software is kept current and all patches and updates are applied. Separate functions like accounting and payroll to different servers or systems not connected to the Internet so that access to one does not provide access to all.

Continue reading