by Felicien | Jun 11, 2018 | Education
For many business owners, Google’s announcement to switch over to mobile-first indexing comes as a real shocker. It’s a revolutionary thing to do in a world of disruptive technology. Since the beginning of the World Wide Web, a company’s desktop website was their first and foremost consideration when developing a marketing plan. With the new changes announced by Google, all that changes. Now, a company’s mobile website is what must be in prime condition.
For some business owners, this change will just be a bump in the road. For others, it’s a huge sinkhole where their profits could fall in and never be seen again. Many business owners still struggle to get their mobile website in excellent working order.
One business owner commented recently, “My mobile website comes up with these huge, looming images and you can’t really read much of the text.”
If this is you, then it’s time to get serious about fixing those issues. The top 5 problems that business owners face with their mobile website are:
Being denied access- Users hate getting those little messages that the mobile site they’re searching for isn’t viewable on their device. Or, some say, “Mobile support coming soon.”
Performance- Why can’t a mobile website just work the same as a regular one? That’s a big question with lots of answers. Sometimes the mobile device is at blame. Sometimes it’s the load speeds/internet connection.
Design- Many users have landed on mobile sites where the images overlay the text, so you can’t really read anything. It’s frustrating and it usually ends with the user going someplace else to shop.
URL redirects- This confounded message has been the scourge of surfing the web for many years. There are several reasons why you might get a redirect message. It could be that you typed the wrong thing in your browser. Sometimes links are broken. Other times, the website owner simply has several pages that refer to the same site and they need to do some maintenance. It can also be the result of phishing attempts.
Confusing apps- There’s no excuse for this but many business owners have attempted to save money by doing it themselves or hiring a non-professional to design their app.
Why is Google Doing This?
Back in November 2016, Google announced their initial mobile-first indexing effort. They called it “an experiment” and it seemed like a good idea on the face of it. However, no business owners could foresee that the Tech Giant might eventually decide that mobile sites were more valuable than desktop sites.
The reasons they give seem pretty concrete. Almost 60 percent of all searches are performed from a mobile device now. A report from 2015, verified that 56 percent of global search queries originate from a mobile phone. Mobile traffic was responsible for about 49 percent of all website traffic according to this report.[1]
These numbers are expected to rise significantly over the next ten years. Google has a long reputation of knowing where the next big trends will take place so you can trust their word when it comes to topics like this. The only thing left to do is make sure your mobile website is amazing!
The Good News
Google has repeatedly said that they will transition into this new phase slowly. That’s the good news. All this will not take place overnight. Instead, Google will give business owners time to fix whatever they need to so their mobile site will be first-class.
The other piece of good news is that Google has assured business owners that if they do not have a mobile site, the google bots will still continue to crawl the desktop version of the site. That means your revenue stream should not decline for lack of a high-performing mobile site.
The Google announcement says, “If you only have desktop content, you will continue to be represented in our index.”
Further Clarity Needed
Google also made it clear that mobile-first indexing does not mean that there will now be two separate indexes performed. There will still be only one and it will focus on mobile sites, not desktop sites.
The reason they cite for this is:
“…To better help our primarily mobile users find what they’re looking for.”
For those who don’t know, mobile-friendliness has always been a major factor in determining how a site is ranked. Of course, it’s not the only factor, but it is still a component of ranking your website. Google is quick to point out that if a non-mobile-friendly page has the best (most relevant) information, it will still rank higher than a mobile site with similar content.
The Bottom Line
All business owners should begin to see more traffic in their logs from Googlebot Smartphone. Google search results will contain snippets that have been generated from the content on the mobile version. Though Google has historically used the desktop version of your site for its indexing purposes, times they are a’changin’.
We can either get on board with the changes or be left out in the cold. Most business owners are already hard at work making sure their mobile website is the best it can be. For those who are willing to go the extra mile, this could be a great time of increases in traffic and sales. The sites that are ready to go are the ones that consumers will flock to for all their buying needs.
[1] https://searchengineland.com/report-nearly-60-percent-searches-now-mobile-devices-255025
by Felicien | Jun 8, 2018 | Education
Data protection and compliance is a major concern for organizations worldwide. With the introduction of the Service Trust Portal, organizations working to support or protect the privacy rights of individuals in Microsoft’s online environment can now rest easy.
Defining the Service Trust Portal
This is a one-stop shop for security, regulatory compliance, and privacy information related to the Microsoft Cloud. The Service Trust Portal, also referred to simply as STP, is a service feature available within Microsoft Office 365 that provides current and prospective users of the platform with a wealth of insight into how the tech giant manages privacy, compliance, and security.
This platform is the location where Microsoft shares information that organizations need to perform due diligence and evaluate all of Microsoft’s cloud services. Microsoft has launched this service as a way to help improve transparency, enhance understanding, and simplify assessments for its users.
What is contained on the STP
The Microsoft Service Trust Portal (STP) contains quite a bit of useful information aggregated from all across the Microsoft cloud services. It also has tools and other resources that organizations need for all things concerning security, compliance, and privacy.
Detailed information
STP is home to in-depth information regarding Microsoft’s way of managing security and how you can access it as a user. The portal has information about compliance and privacy within the Office 365 environment, with the goal of making it easier for users to understand how Microsoft cloud services safeguard data so they can meet their own regulatory compliance objectives.
These include audit reports from independent third-party service providers. Users can find information regarding the ways in which Microsoft’s online services may be able to help organizations comply with regulations and laws. The following standards are included:
NIST, or the National Institute of Standards and Technology
FedRAMP, or the Federal Risk and Authorization Management Program
ISO, or the International Organization for Standardization
SOC, or the Service Organization Controls
General Data Protection Regulation, abbreviated as GDPR
The regulatory environment is just as dynamic as business risks. With all the compliance-related documents in this platform including audit reports, frequently-asked questions, white papers, and more, you’ll be able to learn everything you care to know.
Assessment tools
There are a rich variety of tools on the platform. These include the resources you’ll need for data protection, risk assessment, and compliance management. These resources should simplify your compliance journey.
Microsoft Cloud compliance resources
STP is also loaded with other resources about Microsoft’s security, privacy, and compliance practices. Essentially, these are centralized resources for all of Microsoft’s Cloud services.
Accessing the Service Trust Portal
STP is a free resource available to everybody; both existing Microsoft online services customers and those who are simply evaluating the cloud-based platform.
To access the Microsoft Service Trust Portal or any of the STP materials, you must be logged in to the platform with your Microsoft cloud services account.
Whether you have an Azure Active Directory account or a Microsoft account, log into that account to take advantage of all the tools and resources now available. You will be asked to accept their Non-Disclosure Agreement for Compliance Materials, so click on “Accept” to move forward.
If you are a current Microsoft cloud services registered user, you can access the Service Trust Portal at https://aka.ms/STP with any of the following internet subscriptions available for both trial and paid users:
Office 365
Microsoft Azure
Microsoft Dynamics 365
Microsoft Intune
New customer sign-up
If you are just considering Microsoft online services for the first time or as a new user, you have the option to create a new account or create a trial account. Either of these should allow you to access the Service Trust Portal.
That said, you can use any of the following sign-up forms to gain access to the Microsoft STP. Ensure that you enable Azure Active Directory at the time of signing up to support your access to the STP.
New Office 365 Business trial account sign-up form or a new Office 365 Enterprise trial account sign-up.
New Microsoft Azure trial account sign-up form.
New Microsoft Dynamics 365 trial account sign-up form.
After you are logged into STP, you can access any of the content available on the platform by navigating to the section containing the item you’re looking for and clicking on it.
To review content on the STP, pick an option from the menu: Audit Reports, Data Protection, Azure Security and Compliance Blueprints, Poland Compliance, Romania Compliance.
Once you locate the item you need, you can click on it and download it locally for your own use. Other resources such as the FAQs are serviceable from within the STP, so you won’t have to constantly download documents to your hard drive.
Wrap up
You’ll be happy to know that Microsoft is regularly adding more tools to STP to empower organizations. So, you’ll want to keep checking back to STP for the latest available information.
by Felicien | Jun 8, 2018 | Education
The concept of Code Signing SSL Certificates includes protecting users against phony software and assuring that the software is not infected with a virus. Most reputable companies require this certificate before accepting a product and using it. In today’s world, it’s the safest method of guaranteeing that software has not been altered or compromised.
Types of Code Signing SSL Certificates
There are several types of Code Signing SSL Certificates. The Business Validation SSL certificate requires that the software manufacturer or developer provide verification documents to the Certificate Authority. Once these documents are submitted, it can take three days for approval. This approval guarantees the authenticity of the digital program.
Code Signing SSL Certificates for Individuals are used less, though still important. If an individual programmer creates an app or software product and wants to include a Code Signing SSL Certificate, then the programmer must provide documents that prove his/her identity. The Certificate Authorities check to make sure this person is who he says and that he is the author of the digital work.
What is a Code Signing SSL Certificate?
This certificate is a way for the programmer to digitally sign his or her work. An authentic Code Signing SSL Certificate includes a company or individual’s name, their signature, and often a timestamp, though this is not required. With this certificate, end users can feel confident that the program will work as promised. SSL Certificates are used on software programs, applications, script, code, and drivers.
Improving Internet Security
Security on the World Wide Web has become an important commodity. There are phishing attacks launched daily. Along with that, ransomware has become quite prevalent. Attackers lock your computer files then demand a ransom be paid, usually in Bitcoin. Add to that so many computer viruses and worms hidden within suspicious links that it’s difficult to keep up today.
In spite of the great amount of publicity about these attacks, many are successful due to a poorly educated public. Most users admit they sometimes click on links or visit sites they probably shouldn’t. It’s human to think that bad things only happen to other people.
Large reputable companies like Microsoft simply can’t take chances with their security or risk exposing end users to harm. The cost in both time and money would be too great; not to mention the damage to their reputation. That makes the Code Signing SSL Certificate very critical to businesses with a strong reputation to protect.
With this certificate, we can be assured of two important elements:
Content Source Authentication — ensures the developer’s code legitimacy
Content Integrity — verifies that the code is authentic and has not been tampered with
How to view the SSL Certificate
To authenticate a software program, click on the certificate that has been issued. You should be able to view the publisher’s name. There may be other information such as a timestamp. If it isn’t there, then the software originates from an “Unknown Publisher”. It may or may not be authentic. It could contain spyware, ransomware, malware, or other viruses. In some cases, thieves download authentic-looking programs onto your computer with a dangerous script running in the background. These lines of code can allow the Software Pirate to steal passwords and/or personal information.
How do Code Signing SSL Certificates work?
Just like other SSL Certificates, the Code Signing Certificate is created based on the public-private key pair. Though a key pair is related mathematically, the private key can only be decrypted by its original owner. Public keys are made available to anyone with access to the public repository. If you have a message that you only want one person to be able to read, this can be done using a private key. It always remains confidential and private to its respective owner.
This history of Cryptography
The concept of cryptography began as early as 1874 when William Stanley Jevons wrote a book called The Principles of Science. In it, he described various ways of creating a message that could only be read by the intended party. His theory was to produce a long random number that could only be known by one other person. For years, various mathematicians worked on the idea until 1970 when a British cryptographer working for the UK government came up with what he called, “non-secret encryption”.
Cryptographers and scientists saw the important applications for military use. Being able to send messages that the enemy could not read became a vital function of national security for all governments. Though this type of cryptography is still used today, it’s more common usage now is to protect software programs from alteration.
Why are SSL Certificates necessary?
When an application or program does not have a Code Signing SSL Certificate, any programmer can go into it and change lines of code however they want. This leaves everyone vulnerable. Maybe the programmer improved the software but maybe he added a Trojan worm. Individuals and especially companies have a lot at risk and simply cannot afford to download malware or ransomware that would lock up all their files.
Reputable software manufacturers want to ensure that their products are free from tampering and the Code Signing SSL Certificate makes alteration impossible. It’s the perfect way to let users know that the software or app is authentic.
The process of creating a Code Signing SSL Certificate
There are multiple steps required in the process of creating the Code Signing SSL Certificate. The process begins with the actual code signing itself. This confirms the identity of the person or company that created the software. The steps are briefly outlined below:
The software developer requests a Code Signing SSL Certificate.
The identity of the developer is certified.
A special Code Signing program is used to attach the SSL certificate to the software as a digital signature.
The developer can now send the program out to publishers.
Publishers double check to make sure the digital signature is authentic.
A time stamp is often entered so that the certificate doesn’t expire.
by Felicien | Jun 8, 2018 | Education
Local government agencies are concerned by the lack of cybersecurity awareness among government employees and end users. This was a shocking discovery learned from a poll conducted by the Public Technology Institute back in September 2017. The poll found that there were two major factors that were working as obstacles to better cybersecurity. The number one issue was training employees and end users. The number two problem was financial constraints. The survey targeted Public Technology Institute’s city and county government membership as respondents.
The quick poll which was titled, How Secure is Your Local Government?[1] found that:
42% of the respondents have not performed a network security audit within the past 12 months.
62% do not have a formal breach response policy.
48% do not provide comprehensive security and awareness training to end users/government employees.
54% of the responding organizations do not have cyber liability or data breach insurance.
Only 55% have an enterprise-wide cybersecurity plan.
71% have a staff person responsible for managing their cybersecurity efforts.
Good news and bad news
Though some of these statistics are alarming, some do show that the government is beginning to take cybersecurity seriously. They understand the importance of protecting the personal information of the public.
The topic of cybersecurity has been ranking as a top of priority in other forums, such as the National Association of State Chief Information Officers (NASCIO). In their “State CIO Ten Priorities for 2017” report[2], security and risk issues were ranked as major concerns.
Nick Wilding, head of cyber resilience and best practice at AXELOS, argued that “Staff should be a business’ most effective security control, but are typically one of their greatest vulnerabilities.”
He warned that “Organizations need to be more certain that they are engaging their people effectively.” He went on to say that the person or entity with the most to lose in case of a security breach should bear the majority of the responsibility for sound security procedures. This can be achieved by training and equipping the stakeholders with important knowledge and the tools they need to deal with the threats that loom on the horizon.
Relevance of training
Cybersecurity is dynamic in the sense that it can be likened to a deadly virus that keeps changing in form and improving its own composition against attacks from antidotes. As soon as the cure is found, it has already changed itself and the new cure is no longer sufficient to kill it completely. That is why employees and end users must be better equipped with the ability to anticipate the ever-changing methods used by hackers. Training employees and end users must be completed at regular intervals. It will not work if it’s only conducted once or twice. This is the most effective way to ensure that cyber breaches will end someday.
Best practices
The awareness training provided should be directly related to the job description of the recipient trainee with consideration to the information security risks they face. Users should be aware of threats such as phishing and social engineering. They should also be taught the importance of having strong password protection. Too many people still use easy-to-discern passwords and/or the same passwords across multiple accounts. They must be taught new techniques for creating passwords that are difficult to crack. This can only be achieved by conducting the training periodically.
Financial Resources
Most local governments have adopted their cybersecurity framework from the National Institute of Standards and Technology and that of the FBI’S Criminal Justice Information Services. These agencies offer important security guidelines.
However, local and federal governments have suffered massive data breaches in the past, which have led to the erosion of public trust. Though government agencies have learned a great deal from these experiences, the general public may still not trust that the government has it all together when it comes to cyber threats. In their defense, the government is working continuously on programs and procedures that will anticipate attacks in advance. They’re using the best technology to find and close loopholes in their security grid. And lastly, they are starting to train employees on cyber security best practices.
Conclusion
Human error has been responsible for some the worst data breaches, but local governments are still seen as the culprit when it comes to the mishandling of important data. The public has a right to expect its government to work harder and do more to protect the personal information of citizens. Consumers believe that the government has unlimited resources when it comes to solving problems like this, so there’s no excuse for them to stumble. Of course, the issues are much more complicated than that, but the sooner every organization has the best cyber security available on the planet, the sooner we can all go back to buying and selling online without worry.
[1] http://www.pti.org/news/
[2] https://www.nascio.org/Publications/ArtMID/485/ArticleID/441/State-CIO-Top-Ten-Policy-and-Technology-Priorities-for-2017
by Felicien | Jun 8, 2018 | Education
Tune into our complimentary GDPR training online.
Watch our GDPR Training Video here.
The rise of cybercrime has led to the increasing need for protecting data from these criminals. Countries all over the world are working incessantly towards finding a lasting solution to cybercrime. In this regard, the EU has enacted a new directive, the General Data Protection Regulation (GDPR) which governs member countries on data protection. These regulations also promote privacy for persons in the European Union and address export of data from outside the European Union. The main aim of these regulations is to give power to individuals over their data, thus to ensure the protection of personal data to the extent agreeable to individuals. Adopted in 2016, the deadline for compliance with this regulation is 25th May 2018.
The Statistics
Various organizations dealing with data are hurriedly working to comply. To date, there may be as many as 90% of these organizations that are just not ready. In fact, a majority of these organizations have not put in place the required protocols to ensure the smooth transition into compliance.
What you need to know about GDPR
These regulations apply, basically, to all organizations which have access to the internet and which provide data services to members of the European Union. It also applies to persons and organizations that reside outside the European Union if they collect and process the personal data of those residing within the European Union.
What this means in simple terms is that if someone from a European Union nation visits your website and fills out the contact form, then you must follow these regulations when processing their personal information.
Member States of the European Union are also required, pursuant to these rules to establish an independent supervisory authority, which will be mandated to hear and investigate complaints and to sanction administrative offenses.
In accordance with these regulations, in certain circumstances, data can be lawfully processed. Lawful processing of data occurs when:
An individual has given consent to have their personal data processed for one or more specific reasons.
Processing of data must be done in order to fulfill a contract or in circumstances where the data must be processed before a contract can be entered into.
There is a legal obligation to process the data.
Processing must be carried out in order to protect the interests of a person or entity.
Processing must be carried out in order to protect public interests or the official authority vested in the controller.
Processing is necessary to achieve the fundamental rights and freedoms of an individual, especially a child.
Requirements for compliance
In requiring compliance with the GDPR, large corporations are the main targets. This does not, however, mean that small businesses that deal with and process data can easily get away with non-compliance.
To ensure the implementation of these regulations, rather severe penalties have been adopted. With such significant penalties, businesses should work hard to be in full compliance.
Compliance and business size
The bulk of businesses which will be affected by these regulations are the big corporations that process a great deal of information each day. Though small businesses must also comply, they are not seen as primary targets or at as much risk of having to pay the penalties for non-compliance. Small businesses should not be too comfortable as to wait for the deadline before beginning the process since compliance may be somewhat complicated, especially when it comes to putting in place the necessary protocols for compliance. Though some experts see large organizations more as targets for GDPR watch groups, small businesses can also be fined for non-compliance.
Getting ready
Before one can attempt to comply with these regulations, one must completely understand them. People affected by these regulations are required to understand their scope and particularly, the type of data protected. The data covered includes identity, web, health and genetic info, biometric data, mental, cultural, economic, and social and political identities.
Goal of GDPR
Over the years, and with the advancement in technology, the need for data protection has increased. Cybercriminals are constantly creating new ways of breaching confidentiality and stealing and manipulating data. Affected countries are therefore put to task to ensure that these practices are prevented. This is the goal of the GDPR. Its main purpose is to protect the data of individuals. This need was advanced by the Cambridge Analytica scandal. Following the revelations of this group, the need to protect data became much more real. Lack of appropriate measures ensuring cybersecurity can have dire effects to individuals and to nations.
Final thoughts
With the deadline for compliance already passed, it is important that all those affected by these regulations do comply. These regulations are meant to protect individuals, businesses, organization, and even governments from cyber theft and data manipulation. Having considered the penalties for non-compliance, it is imperative that organizations avoid the last minute rush and put in place measures now to ensure their full compliance.
