Top 5 Website Security Vulnerabilities

By |2018-03-07T13:28:25-05:00March 7th, 2018|Uncategorized, Website Security|

The moment our world went online, and we started conducting business using websites, we became the primary targets for hackers. The situation worsened with the emergence of Content Management System(s) (CMS) – like WordPress, Joomla, Drupal etc., – which while offering an effortless way to build as well as customize websites, many loopholes like for example, plugins which could be easily exploited by the hacking community.

We’ve put together a list of the top 5 website security vulnerabilities that you should be aware of with your website:

1) Abandoned website and/or services: If your website is not being updated, it could get easily infected with vulnerabilities like SQL Injections or Viruses. A SQL injection is a type of web application security vulnerability in which an attacker attempts to use application code to access or corrupt database content. If successful, this allows the attacker to create, read, update, alter, or delete data stored in the back-end database.

2) Using untested or “hacked” applications/scripts: Applying an untested or “hacked” application/script eventually will break a critical application on your website. Bite the bullet and purchase the applications/scripts, but also build a test environment to make sure everything works before implementation on your live environment.

3) Lack of security products, such as firewall or SSL certificate: SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. If you do not have an SSL certificate, a secure connection cannot be established, that means, your company information will not be digitally connected to a cryptographic key. If the website is secure it starts with ‘https’ before the website link – so be aware of this.

4) Using antiquated technologies (old versions of ASP or PHP): All new versions of ASP or PHP come with security improvements, so the older a website version is, the more time an attacker has which they can take advantage of.

5) Improper server setup/configuration: Security misconfiguration encompasses several types of vulnerabilities all centered on a lack of maintenance or a lack of attention to the web application configuration. A secure configuration must be defined and deployed for the application, frameworks, application server, web server, database server, and platform. Security misconfiguration gives hackers access to private data or features and can result in a complete system compromise.

In conclusion, it is important to keep your website updated from everything from the theme, to the plugins, to the SSL certificates – it must all be current to the technologies of today. Here at E-Tech, we have a team of dedicated web developers ready to make sure your website is not vulnerable, whether you’re looking to have your website redesigned or just a brand-new website we got you covered.

Another good idea is to do quarterly website vulnerability scans (depending on the size of the website it could be more frequent). This scans your website and checks for any suspicious activity and any security problems. The moment the scanner comes across anything suspicious, it raises the appropriate alerts and brings the issue to the attention of the security experts, so that they can investigate and resolve it without affecting your business.

Feel free to Contact Us for more information.

7 Benefits of Redesigning Your Website

By |2018-03-07T12:53:18-05:00March 7th, 2018|Uncategorized, Website Design|

Thinking of redesigning your website, but you’re on the fence about whether it’s worth it? Here are some key factors to consider when making your redesign decisions: responsiveness, accessibility, updated user interface and user experience, improved SEO, increased social sharing, faster load times, and stronger security.

1. Responsiveness: It’s always important if someone needs access to your website that they can view it in a beautiful and scalable format. Whether it may be on the go, at home or in the office. Your users should be able to view your website on their mobile phones (iPhone, Android, Blackberry etc.), tablets, and desktop/laptop.

Responsive Web Design (RWD) uses HTML, CSS, and many times, grid systems to allow automatic adjustments by resizing, hiding, shrinking, enlarging, or moving the content to make it look good on any screen. No more zooming in!

2. Accessibility: In Canada (WCAG) and the United States (ADA), both private and public organizations (including non-profit) are to comply with WCAG/ADA requirements. Requirements include updating websites to modern appearance, functionality, and content.

Having Web Accessibility is a benefit for individuals, businesses, and society to allow all types of users to access and be able to navigate through your site with ease.

3. Updated User Interface and User Experience: First impressions are everything. This is why displaying information that is easy to find with a good flow throughout the website, users can find their way around the site with ease (User Interface/UI). If the User Experience/UX is negative or positive, this will affect reoccurring visits (loyalty), which will likely contribute to the boost or decrease popularity, exposure, and revenue.

4. Improved Search Engine Optimization (SEO): Rank higher based on consistent content updates and use of keywords. Mobile optimized sites, having a single responsive website rather than separate desktop and mobile versions avoids the issue of duplicate content, which can negatively impact your search ranking.

When redesigning with RWD in mind, it will tie into great UI/UX and will likely promote longer ‘time on page’ by users. This is recognized as a fundamental indicator of a site’s value for any given query on Google.

5. Increase Social Sharing: Making sure links are relative to your content and up to date. Creating tags and categories helps organize content for different users, including on searches, whether inside the website or search engine.

Whether it may be on Facebook, Twitter, or LinkedIn – if people love how your site looks, feels, or enjoy the content they see, they are more likely to spread the word for you, free marketing!

6. Faster Load Times: Most mobile users have a need for speed: both in reality & online. Studies show that mobile visitors tend to leave the site if it takes longer than three seconds to load.

When you choose to redesign your website, you will also likely upgrade your server to allow faster load times. You can also optimize the images, layout, content, and code. The users would likely return to your site if they have had a pleasant experience.

7. Stronger Security: Have you visited websites that start with https instead of http? It’s because the site is setup using an SSL certificate, which will encrypt user connection and information that is passed to the website. This makes the website less likely to be hacked and provides peace of mind for your customers.

If updating server to latest encryption levels and if selling product online, please check the PCI Compliance.

Think of redesigning as more than “making it look good”. Think of it as a tool to help your business to get where it needs to be. You tell us where you want to be, and we’ll help you get there. It’ll be worth the investment.

Feel free to Contact Us for more information. 

WEBINAR RECORDING: How To Protect Against Ransomware – February 15, 2018

By |2024-01-23T15:08:39-05:00February 15th, 2018|Uncategorized, Webinars|

In this webinar, we discussed the following:

1. Definition of ransomware & its history
2. How it infects small business and non-profits around the globe
3. How to protect yourself & recover
4. Top stats in Canada & the world from 2017
5. Cybersecurity tips for employees
6. How human error is a leading cause of data loss

Feel free to Contact Us for more information.

How To Identify Phishing Emails

By |2018-02-08T16:57:22-05:00February 8th, 2018|Cyber Security Awareness, Uncategorized|

In today’s fast-moving technology driven world, one of the basic methods of communication is still used billions of times a day that we all can easily take for granted: emails. Coordinating with clients, customers, coworkers, and consultants from our offices using desktops or on the go with our smartphones, it’s easy to see why it’s still a go-to choice for many.

However, this also leaves us vulnerable to many different attacks, including one of the most actively used which is known as “phishing”.

To define Phishing: 

verb (used without object) 1. to try to obtain financial or other confidential information from Internet users, typically by sending an email that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one.

verb (used with object) 2. to make (someone) a victim in this way: If you’ve been phished, you should cancel your credit cards immediately.

Cite: http://www.dictionary.com/browse/phishing

So how does one figure out if the email in question is a phishing attack or not?

Here are 5 ways to tell:

1.) Spelling and Grammar Mistakes: This is the easiest way to spot a fake. Institutions with brand recognition spend a lot of money making sure every piece of marketing and customer interaction is 100%; especially when it comes to spelling mistakes and grammatical errors. Once you see a word is misspelled, or the flow of the sentence seems choppy, or non-professional, don’t click on any of the links inside of the email. Instead, call the institution on their direct line (if unsure, open a new browser window and search for their website; they always have some sort of contact us page) and inform them of this scheme. They may or may not ask for a copy of the phishing email. If they do, they have a direct email for you to forward the phishing email to them. After that, or otherwise, you should block the sender inside your email application.

2.) Generic or Generalization of User: Similar to the spelling and grammar mistakes, typically the company that’s emailing you would have your name inside of the introduction of the email. Cases of “Dear Company X Client” or “Dear Company Y Member”, or being referred to as an ID or number has a very high chance of indicating you are dealing with a phishing email.

3.) The links inside of the email go to suspicious URLs or try to “hide” the suspicious URLs: This one takes a little bit of finesse (remember, never click on the links!) but if you see links inside of the email, you can hover over them, and it will reveal the address those links are connected to. If they go to: an IP address, shortened URL (bit.ly or ow.ly are the common ones), extended versions of the real company’s URL (for example: visa.com is the real website, visa-secure.com is NOT), non HTTPS links, or even domains that show “redirect” anywhere. If you’re still unsure whether or not these are real links, you can either call up the company directly, or in a new browser window, go directly to the company’s website. Again, do not click on the links!

4.) The sender’s email seems suspicious: This one also takes a little bit of knowledge, but sometimes the sender emails are blatantly off-base from the real company’s email. That in itself gives you instant knowledge that the email you’re currently viewing is fake. Other times, it seems like a reasonable email address and has a correct @company.com domain. A good tell if it’s a spoof email that seems legit, is to hover over the sender’s email address like you would for the links inside of the email. If the email you see is different than the “supplied” email address, you’re dealing with a spoofed email address, and therefore, a fake email.

5.) Never open email attachments from emails you’re not expecting an attachment for: No company would email to their customer with an attachment unless there’s been prior communication between you and that company. If you randomly get an email that looks like it’s from your financial institution and the email has an attachment, this is a tell-tale sign that the email you’re looking at is a phishing email. You should contact the business this email is spoofing directly and let them know. Again, businesses spend a lot of money on brand and marketing perfection, they will be able to investigate the phishing email and put a stop to it. They may or may not request a copy of that email, but afterwards, you should block the sender and delete the email.

For visual representation, refer to the graphics below:

Phishing Email Sample

Phishing Email Sample

Remember: Never click on the links!

To learn more about protecting your non-profit against phishing emails, Sign Up for our upcoming webinar.

Feel free to Contact Us for more information.

COPA Affiliate Partnership

By |2024-01-23T15:30:14-05:00January 17th, 2018|Press Release, Uncategorized|

OUR STORY

E-Tech has been providing system support and information technology consulting services to our clients since 2005. We attribute our strength and success to our close working relationship with each and every one of our clients – regardless of size. We design our services specifically to help our clients succeed in today’s complex business environment, keeping in mind our client’s goals, objectives, and bottom lines. Since our inception, we have been establishing a strong bond with small to medium businesses and not-for-profits by delivering cyber security protection, website hosting services, IT support solutions, and website design services.

E-Tech is among the world’s 501 most elite managed service providers and #1 in Canada for 2020, according to Channel Futures MSP 501 Worldwide Company Rankings.

“Wow, I am so proud of my staff for their phenomenal work this past year. We continue to get stronger as a team every year. To get top 20 in the world is astounding, but #1 in Canada is truly special.”
– Ian Evans

Dark Web Monitoring
IT Support
Network Security
Cyber Security Awareness
Office 365 & G Suite
Business Continuity Solutions
Website Security

WordPress Hosting
Kentico Hosting
iMIS Hosting

WordPress Website Design

iMIS Consulting
iMIS Hosting
iMIS Maintenance

Why Use a Managed Service Provider?

Hiring an MSP can propel you to streamline your workflow and dedicate more manpower to mission-critical tasks.

With a team of well-supported experts who are highly dedicated to customer service, we  have the capacity to take an enormous load off of your IT team’s shoulders and deliver value over and above your current state.

A managed service provider is perfect for a small or medium-sized business with limited in-house abilities yet the resources to pay up-front costs.

Over time you’ll pay back a significant portion of this capital expenditure, with studies showing that MSPs can save you 50% of your annual IT costs.

Contact Info:

Title

ABOUT US

201 Consumers Road
Suite 204
Toronto, Ontario
M2J 4G8
(647) 361-8191

EXPERTISE

HELPFUL LINKS

E-Tech. All Rights Reserved 2024.

Accessibility by WAH
Go to Top