Author: Lauren Papagalos Page 15 of 17

To WAF or Not to WAF? Part 2: Introducing TrueShield

What is TrueShield?

TrueShield is SiteLock’s WAF (web application firewall.) It operates like your very own team of secret service agents, standing guard at every possible entry point on your website, 24/7. The TrueShield web application firewall inspects every visitor who tries to enter your site, denying access to the bad guys and bad bots, and welcoming the rest. You may imagine this would cause a traffic jam and slow down flow to your website – but it is actually just the opposite. The TrueShield WAF includes TrueSpeed, a content delivery network (CDN) which moves your website into the fast lane, loading your pages faster and improving your visitors’ experience – even boosting your SEO. It’s pretty remarkable stuff.

Who can use TrueShield?

Anyone who has a website. The TrueShield web application firewall is cloud-based, which means that it doesn’t require a complicated installation – in fact setup takes just a few minutes. It also means that TrueShield is affordable for even the smallest businesses and budgets. A typical small to mid-sized business does not have the in-house technical staff, nor the time, to deal with the complexities of protecting their site from every potential attacker. A web application firewall, like TrueShield, is the easiest way for a small business to get enterprise-grade protection without needing enterprise-level resources.

To get more information about TrueShield or to learn about other great products to protect your website visit today.

Keys to Computer Security

Computer SecurityMany years ago, a bar owner shared with me the tale of how he was losing so much money in one of his bars he had to hire a loss prevention specialist to pose as a customer and watch his staff for any signs of financial impropriety.

The undercover customer spent nearly a month visiting the bar (what a job!) and reported back that he found nothing was amiss. He said he watched all the cash registers for four weeks and didn’t see one suspicious transaction at any one of the four registers.

Read More

How to Protect My Website from Cybercrime

In a recent interview with Barry Moltz on Blog Talk Radio, Neill Feather, President of SiteLock, responds to the growing concern, particularly for small businesses, of website risks and how adding website security can protect online businesses and their reputation.


Protect your website from hackers and cybercrime.

The fact is that small businesses are increasingly a prime target for cyber crime. Case in point – Neill references a recent study by Verizon that states that 95% of online businesses that are attacked by hackers have fewer than 100 employees. And the number of attacks continues to grow each day.

Read More

Building a Cybersecurity Plan

Ever heard the saying “if you fail to plan then you plan to fail”? This is just as true in security as it is in business, and the lack of a clear plan to protect your business from cyber risks usually results in no real protection at all.

An information or cyber security plan is a very simple and free tool that can have a profound impact on how well your business is protected from cyber threats. A security plan is a short document, often no longer that a few pages, that outlines:

Read More

eCommerce Website Security

PCI Compliance – Embrace it, before it cashes you out

pci complianceAs a small businesses owner who accepts credit cards online, becoming PCI compliant is one of the most important decisions you can make.

There are millions of small business merchants in the U.S., and while every small business that accepts credit cards has to comply with Payment Card Industry Data Security Standard (PCI DSS), many businesses do not.

Read More

To WAF or Not to WAF?

The Open Web Application Security Project (OWASP) was formed with the goal of supporting the creation, development, acquisition, operation and maintenance of applications that can be trusted by their users.

Web Application Firewall (WAF)

As more applications are developed online, the threats to attack those applications increase even more rapidly in the form of threat agents. The agents, in this case, are not often the good guys (even though sometimes they are employees or others within your organization). They are any capability, intention or activity that attempts to exploit the company’s assets, frequently its data.

Read More

Fear of the Walking Botnet

BotnetsWith all the movies and TV series focused on zombies lately, many of us seem to have zombies on the brain. Think they don’t actually exist? Oh but they do – in the form of business and personal computers compromised with malicious software capable of engaging all kinds of nasty behavior.

Networks of zombie computers are called botnets, and many experts believe that botnets now represent the single biggest cyber threat, to businesses and to consumers:

Read More

10 Ways Your Employees Can Make You Safer

employeesThere are plenty of things your employees can do to make your business and their workplace safer. Here’s just a sample of some of the more important ones.

  1. Follow your security rules and policies. Which means you have to have some in the first place, you have to share them, and your employees must know there will be consequences if they ignore them.
  2. Protect their passwords. Password safety is not just about creating strong passwords and changing them often. It’s also about employees protecting their passwords, not writing them down where they can be found or hacked (like on a computer) and not sharing them with other employees.
  3. Ignore phishy emails. Phishing emails are still very effective in spreading malware and other threats. And advanced phishing schemes, like spear phishing, can be so convincing they can easily fool employees. So it has to be guard up, all the time. Trust, but verify.
  4. Surf more selectively. Where an employee wanders on the internet, and what sites they linger at, can determine their vulnerability to a host of web threats. One of the biggest threats is a watering hole – an infected web site lying in wait for every visitor (including your employees) to visit the web site, catch the bug, and bring it home.
  5. Believe that if security is good for business, it’s also good for their job. Sad but true, fear is a great motivator. If fear of the impact of a security breach on your business is enough for you to make security changes, same rules apply to your employees. If they can be made to understand that a data or security breach could result in layoffs, maybe they’ll think twice about the next online pharmacy they were thinking about visiting.
  6. Protect their laptops and other devices. The two worst things that can be on an unprotected laptop or smartphone are sensitive customer information and access credentials like a password. It doesn’t help if the devices store company secrets either. But the best way to prevent a missing laptop or phone from turning into a major security incident is to make sure employees don’t use them to store anything sensitive.
  7. Be careful on the road or out of the office. Like the knights of old, it’s easy to feel safe, comfortable and complacent behind castle walls, but things change when you’re out in the wild. Employees need to understand that security rules and practices follow them everywhere because hackers are everywhere.
  8. Beware of free Wi-Fi networks, and especially at hotels, coffee shops, and airports. Setting up a fake network with the network name WelcomeToStarbucks is child’s play, even for an amateur hacker. And a very easy way to eavesdrop on an unsuspecting employee.
  9. Be vigilant, challenge, and report. Encourage all employees to be vigilant around the workplace, whether it’s a stranger wandering around the office or sensitive data left unattended. Make it easy for them to take action when they see something suspicious, and even allow them to report it anonymously if they prefer.
  10. Lead by example. The greatest feature of a great leader is the ability to make others want to follow. If you don’t live, breathe, and talk security, why should you expect your employees to? Talk about security, as often as you can. And talk about it positively, as a business enabler and opportunity, and not in the way you might scold belligerent children.

Google Author: Neal O’Farrell

Independent Firms Discover 98% of Cybersecurity Vulnerabilities

In a report published at the end of 2012 on the growing hacking threat to websites, research firm Frost and Sullivan found that of all cyber security vulnerabilities, more than 98% were discovered by third-party researchers, while less than 2% were discovered by the people who made the applications that contained the vulnerabilities.

cybersecurity vulnerabilitiesAccording to Frost and Sullivan, more than 80% of websites have at least one known vulnerability. If that vulnerability is known to security researchers, you can bet it’s also known to hackers who use automated tools to sniff out unpatched vulnerabilities, millions of websites at a time.
And as it turns out, four of the top five of all known vulnerabilities have something to do with websites – Adobe Shockwave Player, Adobe Acrobat, Apple QuickTime, and Microsoft Internet Explorer.
The report also found that the most common attacks on websites include:

Read More

12 Simple Steps to Data Protection

Did you know that there has been an average of more than one reported data breach in the U.S. every single day for each of the last five years? And that’s only the reported data breaches. The number of unreported or undiscovered data breaches could be ten times, even one hundred times that number.
Those data breaches combined have exposed more than 4.2 billion records, and some studies have found that more than 80% of those breached records have included Social Security numbers.

Read More

Page 15 of 17