Chrome to mark HTTP as ‘not secure’
Google Chrome currently marks HTTPS-encrypted sites with a green lock icon and “Secure” sign. And starting in July, Chrome will mark all HTTP sites as “not secure.” Google hopes this move will nudge users away from the unencrypted web. Read on to learn more about the forthcoming changes. For several years, Google has moved toward a more secure web by strongly advocating that sites adopt the Secure HyperText Transfer Protocol (HTTPS) encryption. And last year, Google began marking some HyperText Transfer Protocol (HTTP) pages as “not secure” to help users comprehend risks of unencrypted websites. Beginning in July 2018 with the release of a Chrome update, Google’s browser will mark all HTTP sites as “not secure.” Chrome’s move was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and the majority of Chrome traffic is already encrypted. Here’s how the transition to security has progressed, so far: Over 68% of Chrome traffic on both Android and Windows is now protected Over 78% of Chrome traffic on both Chrome OS and Mac is now protected 81 of the top 100 sites on the web use HTTPS by default HTTPS: The benefits and difference What’s the difference between HTTP and HTTPS? With HTTP, information you type into a website is transmitted to the site’s owner with almost zero protection along the journey. Essentially, HTTP can establish basic web connections, but not much else. When security is a must, HTTPS sends and receives encrypted internet data. This means that it uses a mathematical algorithm to make data unreadable to unauthorized parties. #1 HTTPS protects a site’s integrity HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one can tamper with the traffic or spy on what you’re doing. Without encryption, someone with access to your router or internet service provider (ISP) could intercept (or hack) information sent to websites or inject malware into otherwise legitimate pages. #2 HTTPS protects the privacy of your users HTTPS prevents intruders from eavesdropping on communications between websites and their visitors. One common misconception about HTTPS is that only websites that handle sensitive communications need it. In reality, every unprotected HTTP request can reveal information about the behaviors and identities of users. #3 HTTPS is the future of the web HTTPS has become much easier to implement thanks to services that automate the conversion process, such as Let’s Encrypt and Google’s Lighthouse program. These tools make it easier for website owners to adopt HTTPS. Chrome’s new notifications will help users understand that HTTP sites are less secure, and move the web toward a secure HTTPS web by default. HTTPS is easier to adopt than ever before, and it unlocks both performance improvements and powerful new features that aren’t possible with HTTP. How can small-business owners implement and take advantage of this new interface? Call today for a quick chat with one of our experts to get started. Published with permission from TechAdvisory.org. Source.
How WP security updates impact your site
WordPress (WP) websites require routine updates to keep up with user demands. Some of WP’s most critical updates are security patches, which protect sites from various cyberattacks. But why does your website sometimes act up when you finish running an update, and how can you prevent it? Be cautious with updates In 2017, WP issued 21 updates and 33% of these focused on security. Despite their many benefits, these updates caused some sites to crash and caused downtime related plugin incompatibilities. To take advantage of updates without experiencing any drawbacks, our technicians shared the following tips: Check plugin compatibility A typical WP site has anywhere from 10 to 50 plugins installed that enable additional functionality. Some are supported by developers who constantly update these plugins while others are not. For a fully functional website, always choose plugins that are backed by certified development teams, and be wary of error-prone free plugins. We know how difficult it is to designate a portion of your business expenses on improving your site, but in the long run, you’ll realize that relying on free plugins will generate more website crashes than website leads. Choose how you update Every time WP releases a new version, you get a notification in the dashboard. There, you are given an option to select a manual or automatic one-click update. Consider the effect of either option before you update. With manual updates, you can fix incompatible site features, customize plugin update settings, and view your updated website in a controlled environment. Keep in mind that this process is technical and complicated, but gives you more flexibility with the way your update is managed. With automatic updates, you have three options: automate the process with custom programming, click the “Update Now” button, or download an automatic update plugin. Option number three may seem ideal, but sweeping automatic updates will make it difficult for you to single out which add-on caused your site to crash. Unless you’re certain of the best option for updating your WP site, you need a managed services provider to help you navigate this complicated process. We’ll keep your site secure and lend a hand in case it breaks down. Give us a call today to get started! Published with permission from TechAdvisory.org. Source.
New Gmail features you need to use now
The first thing you’ll notice in the new Gmail for web is its uncluttered look, but there’s plenty more to be excited about. Greater security, easy-to-use sidebar apps and inline buttons, and more have been added to improve Gmail users’ experience. Here’s a quick rundown of all the features you need to start using now. Confidential Mode This feature lets you set an expiration date for your email after which it self-destructs. Sending mail on confidential mode doesn’t just auto-eliminate them; it also prevents receivers from copying, forwarding or downloading the message and its attachments. A sender also has an option to set a password for a receiver to open the message. Assistive Unsubscribing Managing email remains a time drain for many business users, so the assistive unsubscribe function is a welcome addition. With this tool, users can easily unsubscribe from unwanted promotional mail or newsletters without having to open an email to do so. This feature recommends unsubscribing from particular senders based on whether you open their email frequently or rarely. Snooze Mails Like the ‘Mark as Unread’ function, snoozing email reminds you to read or reply to important messages. The clock icon that appears within the email is the snooze button, which allows senders to have an email redelivered at a later time. Users can snooze emails based on a pre-set date (Tomorrow, This Weekend, Next Week, Someday) or pick a specific date and time. Sidebar Apps On the right-hand side of the new Gmail is a sidebar that allows you to quickly access your Google Calendar, the new notes button, and Google Tasks. You also have an option to install Gmail add-ons from the G Suite Marketplace, which includes various productivity tools that integrate with Gmail. Moreover, you can conveniently archive, delete, mark as read or unread, and snooze mail without having to check the box next to the mail, via the inline button. Just hover over the right-hand side of the email line and these buttons will appear. Security Users of the new Gmail will also benefit from an added security feature that warns them of potentially harmful email content, particularly spam. The risk warning text doesn’t merely tell you of a possible risk but also offers an easy way out via a ‘Delete Now’ button, which lets users eliminate risky emails on the spot. Other features include smart reply which lets you choose quick responses like ‘Thanks for the mail’ or ‘Not interested’ to reply to emails requiring you to respond to a meeting invite and similar messages; a nudging feature, which reminds users to respond to messages that haven’t been replied to; and an offline mode, which allows users to search, create, and delete emails when they’re not connected to the internet. These and other seemingly minor Gmail updates will help you save time and manage your inbox more efficiently. For more productivity tips and recommendations, call our experts today. Published with permission from TechAdvisory.org. Source.
Chrome, Edge, Firefox to Support Biometrics
Google Chrome, Microsoft Edge, and Mozilla Firefox will soon support web-based biometric authentication. The leading internet browsers are expected to allow users to sign into online profiles through fingerprint scanners, voice authentication, facial recognition, and the like. Online biometric authentication through these browsers requires no additional software. Authenticate Your Profile on Your Mobile Device Chrome OS, Windows, and MacOS, Linux, and Android are all adding features to help users safely log in using biometric identification via USB, Bluetooth, and NFC devices connected to smartphones and tablets. With such convenience, users can verify their accounts on the go. Preventing Cyber Attacks with Browser-based Biometrics Passwords are notoriously bad at protecting users’ accounts and the information they store. Facial scans, fingerprints and voice recognition would make it exponentially harder for hackers to commit identity theft. That means you’re also less likely to be duped by an email from a hacker pretending to be your boss asking for the company credit card. Enjoy More Secured Online Transactions Biometric verification will also retire the need for logging in your information when shopping online, streaming video, using cloud applications, and other internet-based transactions. Windows 10 has already adopted features that offer limited account management with fingerprints and facial scans. But none of the big-name technology vendors have offered solutions to achieve this on mobile devices as of yet. Browser-based biometrics could revolutionize and streamline the steps of verifying an online account. It promises to add more security and ease in logging in and transacting on the internet. To keep up with the latest and greatest in browser-related innovations at your company, give us a call now. Published with permission from TechAdvisory.org. Source.
How to enjoy real cloud cost-savings
If you want to increase collaboration, productivity, and security all while keeping costs down, the cloud is the perfect solution. But if you’re not careful, hidden charges can creep up on your monthly bill, preventing you from truly reaping the benefits of the cloud. Fortunately, there are some things you can do to bring these costs down. Don’t go for standalone services Standalone services are the biggest price trap in the cloud. Spending on a standalone cloud software may seem harmless now, but if you decide to purchase similar services, the costs can quickly pile up. Then, there’s the issue of integrating these systems together, which costs even more time and money. The best way around this is to find a service provider that offers a suite of products that work seamlessly together. Platforms like Office 365 or G Suite are great examples, and offer you differently priced packages based on the size and requirements of your business. Team up with integration experts If you do need to subscribe to a standalone service, you’ll want to integrate it with the rest of your cloud platform. But if you have limited experience with integrations, mistakes are likely to happen and cause downtime, which will inevitably cost you time and money. The more economical option is to partner with a cloud integration expert, as they can quickly configure and deploy your systems with zero mistakes. Understand cloud backup costs While cloud backups are great for keeping your data secure, you must know how much you’re paying for them. If you plan on storing your data for a long time, you may be charged more. At the same time, if you store more versions of your data, it will cost you more. One way you can keep costs down is to ask yourself whether certain files even need to be stored in the cloud. Mission-critical files like customer information, legal document, and business plans should be stored in the cloud so you can retrieve them right away after a disaster, but routine documents like timesheets can probably be stored in less expensive data centers. Remove unnecessary accounts Most cloud service providers charge you based on the number of users per month, so if you’re not diligent about removing accounts when employees have left your company, you could be throwing your money down the drain. To avoid this, you need to have deprovisioning procedures in place for when an employee’s contract is terminated. Create a spreadsheet of each employee in your payroll and note down their cloud subscriptions. When an employee leaves your company, you must delete all their business accounts and give the relevant manager access to all their documents. It’s also a good idea to schedule regular audits to make sure you’re not paying for people who’ve already left your company. Work with a trustworthy provider Last but not least, you’ll want to partner with a cloud services provider that not only gives you the best deals on cloud solutions, but also proactively monitors your account and warns you about any issues regarding the computing resources and storage space you’re using. If you’re looking to keep cloud costs under control, talk to us today. We’re certified and experienced with all aspects of cloud technology, and we can show you how you can truly benefit from it. Published with permission from TechAdvisory.org. Source.
Can private browsing keep you safe?
Privacy is a precious commodity in this era. Every website you visit or app you download leaves a digital footprint that can be tracked by anyone. Fortunately, major web browsers all offer private browsing features to keep your internet activity somewhat safe from prying eyes. What is private browsing? Your web browser — whether it be Chrome, Edge, Firefox, Safari, or Opera — remembers the URLs of the sites you visit, cookies that track your activity, passwords you’ve used, and temporary files you’ve downloaded. This can be convenient if you frequently visit certain pages, can’t remember your login details, or if you’re trying to recall a website you visited a few days ago. But if someone else uses or gains access to your computer, your most private (and embarrassing) internet activities are exposed for anyone to see. With private browsing — also called Incognito Mode in Chrome and InPrivate Browsing in Edge — all the information listed above does not get recorded. In fact, all the websites and information you accessed in the private browsing session is immediately discarded without a trace as soon as you close the browser. This can come in handy when you’re using a public computer because you’re instantly logged out of all the accounts after closing the window. Your cookies also won’t be tracked. In a normal browsing session, sites like Facebook will inundate you with highly targeted ads based on the sites and pages you’ve visited. But in private browsing mode, your internet activity won’t be used against you by marketing companies. Another benefit of private browsing is you can use it to log in to several accounts on the same site, which is useful if you need to log into two different Google accounts at the same time. Limitations of private browsing Although private browsing does prevent your web browser from storing your data, it doesn’t stop anyone from snooping on your current activities. If your computer is connected to the company network, system administrators can still keep track of what you’re browsing even if you’re in Incognito Mode. Also, if spyware or keylogger malware is installed on your computer, hackers will still be able to see what you’re doing online. Even though private browsing has quite a few benefits, you shouldn’t solely depend on it for online privacy. Your computers must be equipped with Virtual Private Networks that encrypt your internet connection and prevent anyone from intercepting your data. And don’t forget to scan your computer for viruses with a strong anti-malware program to keep spyware and other malicious web monitoring software at bay. If you want to know where you can get these solutions or learn more about web browser security, call us today. We have the tools and expert advice you need to prevent anyone from snooping on your internet browsing. Published with permission from TechAdvisory.org. Source.
The importance of HTTPS
Very few internet users understand the meaning of the padlock icon in their web browser’s address bar. It represents HTTPS, a security feature that authenticates websites and protects the information users submit to them. Let’s go over some user-friendly HTTPS best practices to help you surf the web safely. HTTPS Encryption Older web protocols lack data encryption. When you visit a website that doesn’t use HTTPS, everything you type or click on that website is sent across the network in plain text. So, if your bank’s website doesn’t use the latest protocols, your login information can be intercepted by anyone with the right tools. HTTPS Certificates The second thing outdated web browsing lacks is publisher certificates. When you enter a web address into your browser, your computer uses an online directory to translate that text into numerical addresses (e.g., www.google.com = 8.8.8.8) then saves that information on your computer so it doesn’t need to check the online directory every time you visit a known website. The problem is, if your computer is hacked it could be tricked into directing www.google.com to 8.8.8.255, even if that’s a malicious website. Oftentimes, this strategy is implemented to send users to sites that look exactly like what they expected, but are actually false-front sites designed to trick you into providing your credentials. HTTPS created a new ecosystem of certificates that are issued by the online directories mentioned earlier. These certificates make it impossible for you to be redirected to a false-front website. What this means for daily browsing Most people hop from site to site too quickly to check each one for padlocks and certificates. Unfortunately, HTTPS is way too important to ignore. Here are a few things to consider when browsing: If your browser marks a website as “unsafe” do not click “proceed anyway” unless you are absolutely certain nothing private will be transmitted. There are web browser extensions that create encrypted connections to unencrypted websites (HTTPS Everywhere is great for Chrome and Firefox). HTTPS certificates don’t mean anything if you don’t recognize the company’s name. For example, goog1e.com (with the ‘l’ replaced with a one) could have a certificate, but that doesn’t mean it’s a trustworthy site. Avoiding sites that don’t use the HTTPS protocol is just one of many things you need to do to stay safe when browsing the internet. When you’re ready for IT support that handles the finer points of cybersecurity like safe web browsing, give our office a call. Published with permission from TechAdvisory.org. Source.
What Is Single Sign-On and Who Is It For?
Statistics show that the average enterprise uses more than 90 cloud services. Even if small businesses use less than half that number, securely managing account logins is still a huge problem for users and administrators. Single Sign-On (SSO) is an excellent solution to this issue, so let’s dive into how it works. What is SSO? Single Sign-On solutions allow you to create one username and one password that thousands of websites will recognize. If you’ve ever clicked ‘Login with Google’ on a non-Google website, you’ve already enjoyed the benefits of SSO. It’s faster, simpler, and more secure. Now, small businesses can accomplish the same level of efficiency between their employees and cloud platforms. Instead of asking everyone in the office to track separate accounts for Office 365, Slack, Quickbooks, and whatever other cloud applications your company relies on, you can give them one set of credentials and manage what they have access to remotely. Employees come to work, enter their ACME Inc. username and password, and they’re set for the day. Why is SSO more secure? There are a number of ways to set up a small-business SSO solution, but most of them focus on removing login information from your servers or network storage. Usually, you’ll provide your employees’ logins to an SSO provider (sometimes referred to as an Identity-as-a-Service provider) and each employee will receive a single login paired with a secondary authentication — like a fingerprint or an SMS to a personal device. Each time one of your employees visits a cloud platform, such as Office 365, the SSO provider will verify the user’s identity and the security of the connection. If anything looks amiss, your IT provider will be notified. Should your network or any of its devices be compromised, hackers would find nothing but logins to your SSO accounts, which are meaningless without fingerprints or mobile devices. How to get started with SSO The first step when setting up a Single Sign-On solution is making sure you have a healthy and responsive IT support system in place. You need a team that is constantly available to review suspicious alerts and troubleshoot employee issues. If you don’t currently have that capacity, contact us today and we’ll help you out! Published with permission from TechAdvisory.org. Source.
Is Bing the right search engine for you?
Have you ever tried asking your search engine something to no avail? With many of us facing this problem, Bing has been updated with four new features that give users more thorough answers and enable it to respond to broader search terms. Validating answers using many websites Before the recent update, Bing would answer questions based on what it found on a single website. Now, it scours several sites and aggregates results before replying to your query. For questions that have two different perspectives, answers from both sides will be compiled and displayed at the top of the search page. A compilation of answers will also be given for questions with numerous answers. Analogies Have you ever gotten an answer you couldn’t comprehend? Search engines have a relatively easy time finding answers, but they don’t always display the simplest ones. For example, knowing that Syria is 71,498 square miles isn’t the same as learning that Syria is approximately as big as Florida, but depending on where you live one is much better than the other. With Bing now providing relevant analogies and comparisons, information has become easier to understand. Answers are based on things search engine users are familiar with, making the search experience far more user-friendly and empathetic. Clarifying questions Bing is now able to provide a more specific answer when being asked broad or conversational questions. To accomplish this, the search engine will ask the user follow-up questions to refine search results. Microsoft has also an advanced image search, which allows users to search based on specific objects within images. For example, if you wish to purchase a shirt you saw in a picture, Bing’s advanced image search allows you to select it and locate a store that sells it. Partnering with Reddit Bing has also partnered with Reddit to display information from its threads to Bing’s search page. What this means for users is that certain topics in Reddit or subreddits can be searched through Bing search. Answers found in the site will also be displayed on the search page. With these four new features in Bing, searching for your answers has never been easier. To find out more about other web and cloud services, give us a call today. Published with permission from TechAdvisory.org. Source.
Is your browser safe from Spectre?
The Chrome, Safari, Microsoft Edge, and Firefox browsers may not be as safe as you think. Security researchers recently discovered that computer chips manufactured in the past two decades contain major security vulnerabilities. One can be used by hackers to gain access to sensitive data. Read on to learn more. What is Spectre? To understand this unprecedented vulnerability, you need to know some computer chip basics. Modern chips try to speed up their work by storing information related to predictable and repetitive processes. Whenever CPUs perform calculations ahead of time that end up being unnecessary, the data is thrown away into a supposedly secure storage cache. Hackers can gain access to the discarded data by using malware to create digital backdoors. From there, they can simply sneak in, sift through the private information, and even trick the processor into throwing away even more sensitive information. This is known as a Spectre attack. Though the exploit is highly technical and difficult to execute, researchers said Spectre affects all modern processors, including those developed by Intel, AMD, and ARM. How does it affect browsers? As mentioned, hackers would need to install malware on a device to perform a Spectre attack. One tactic experts found effective is if hackers build a malicious program and embed it on a website. Should anyone visit the rogue website, their browser will automatically run the malicious program. Once inside, the attacker can use Spectre to gain full access to keystrokes, encryption keys, and login credentials. So far, there is no evidence of Spectre attacks actively being used to steal data from web browsers, but they are difficult to detect. Experts also predict hackers will likely develop specialized malware now that this information is available to the public. Is there a way to protect myself? Fortunately, major browser developers were quick to release updates as soon as the Spectre attack was discovered. Mozilla also has security features to prevent some Spectre attacks, but announced a full-blown solution is in the works. As for Chrome, users can expect an update as early as January 23. But for the time being Google recommends enabling the Site Isolation feature, which limits how much access browser plugins have to your computer. This feature can be enabled by going to your address bar and entering: chrome://flags/#enable-site-per-process. Even though the updates may affect browser performance, it’s a small price to pay compared with having your credit card or social security number stolen. Like it or not, Spectre is just one of the many threats targeting your web browsers. That’s why you should call us today. We offer expert advice and cutting-edge solutions to make sure your browsing experience is a pleasant and safe one. Published with permission from TechAdvisory.org. Source.