Category: Uncategorized

Moving to “the cloud” is good business sense – the cloud makes financial sense as opposed to the costly real estate involved with server expansion and never-ending data needs. But how can you protect yourself and your data in something you can’t see, touch, or control?

“Change is scary.”

It’s a phrase often uttered in response to big news that means change on the grand scale; something big is looming. The reference to change being “scary” really has to do with human nature and the fear of the unknown. But are we really afraid of the unknown? Or is this more to do with apprehension over something we don’t yet fully understand?

You’ll pay a small fortune to a therapist to get the answers to all of those questions, but the bottom line really is just that change makes us nervous for all of those reasons. When the discussion turns to the cloud, this intangible and invisible “thing” that is ever-evolving and so adaptable that it’s seemingly different for everyone, our collective guard is up.

The reality is that the cloud is only invisible to us – these storage servers do physically exist somewhere, using another entity’s real estate and power supply. Hired staff maintain and protect these servers on your behalf. The cloud is scalable based on your needs, meaning you can secure more or less storage space as your business needs change. Win-win-win, right?

Yes and no.

Myth: I’m paying someone else to store my data, so the burden of security is on them.

Fact: It’s your data being stored in the cloud, so you still need to think about security. You have a duty to protect the information of customers and clients, and if there is a data breach or other cybersecurity vulnerability, there is still a liability.

Myth: Cloud providers are super high-tech and impenetrable.

Fact: Your data is stored on third-party servers and accessed via an Internet connection. Any reputable cloud solution provider employs incredibly strict security measures and keeps abreast of the latest cybersecurity news – so you don’t have to. That doesn’t mean, though, that you don’t need to worry about secure access and taking every precaution you can to prevent unauthorized access through a breach on your end.

Myth: My cloud solution knows what they’re doing, so I don’t have to.

Fact: You are paying an expert to provide you a service, but that doesn’t mean you don’t need to be aware or your team doesn’t need to be knowledgeable. More importantly, why would you not want to know how your cloud provider is protecting you – and your data. Would you be concerned if servers were stored in an unlocked and unguarded facility? What about if your data was backed up on hard drives that sat exposed to the elements or accessible to anyone? Or worse – if your data wasn’t being backed up at all? That’s like letting your staff keep passwords to their network or cloud access on a notepad on their desktop for the world to see! Don’t let human error be responsible for a breach – keep informed.

• Did you know that more than half of organizations, especially those classified as “small and medium businesses (SMBs)”, that experience a data loss, whether from cybersecurity breach or not – result in a catastrophic impact and aren’t able to recover? That means if there is a data breach, the odds aren’t in your favor to recover at all.

The most important thing to remember is that a 100% cybersecurity guarantee isn’t possible, but that every business can take steps to make sure they’re protected, and so is their cloud service access. How can you make sure your data is secure?

Establish a formal process with your team.

• Does each member of your team understand their responsibility as it relates to security measures? Maybe – but the only way to make sure every team member is taking every precaution is to define what measures are in place and what steps need to be taken to protect the brand, the organization, and its data.
• Ensure the formal process is part of the new team member onboarding so that all staff have the information and understand what is expected – including executives.

Follow the latest security best practices.

• Is your network secure? If your IT staff is in-house, make sure there is a process for continuing education. If your organization outsources your managed processes, make sure your trusted partner is employing these same best practices and communicates needs with your organization timely and clearly.
• Are passwords complex? Do passwords contain a mix of uppercase and lowercase letters, plus numbers and symbols? Are passwords routinely changed? Passwords shouldn’t be reused in multiple locations, either, and should be unique to users.
• Is data backed up? As many as 20% of back-ups are incomplete or corrupt, and some systems are fundamentally flawed. If your organization backs-up your own data, even a fraction of your stored data, make sure it’s stored in a secured location with these same best practices above.
• Are desktop workstations, mobile access machines, and remote technology all equipped with the latest in active antivirus software?

Proactivity and consistency.

• This is probably the most important part of any cybersecurity process.
• Does your organization provide ongoing training to team members to make sure security measures are kept updated and consistent? Operator error is the most common cause of a data breach!
• “An ounce of prevention is worth a pound of cure.” Never are these words truer than in the case of data security! Protecting your data is essentially protecting yourself from cybercriminals who seek to access your data for illicit gain. Proactive protective safeguards, consistently deployed, really will go the farthest in terms of protecting your organization’s future.

Is the cloud right for you? You may not have a choice. Recent estimates show that costs and other factors will require organizations to use the cloud in some manner within the next five years and that the next decade will see a massive migration to the cloud to leverage the technology and the many benefits that cloud services can offer.

Are you considering a move to the cloud but aren’t sure if it’s right for you? Prepare now, and when the time comes for you to make the change, it won’t seem so scary. Is the sky the limit on potential? Nah – we say there’s no limit!

As a parent, it can be difficult to keep up with the latest potential technology dangers facing our children. So, I was thankful to find the following information about one of today’s very popular Internet games – is your child playing Fortnite Battle Royale? Should you be worried? You might want to get up to speed on it.

More than 40 million children and adults play Fortnite Battle Royale, and it appears that many are obsessed with it. Fortnite was released last year (2017) by Epic Games. There are two different versions: Fortnite: Save the World and Fortnite: Battle Royale.

Fortnite: Battle Royale is the one that’s popular with children. It’s marketed as a free-to-play game on PS4, Xbox One, PC and iOS devices, but there are also paid versions. It’s one of the first games that let kids play together across numerous platforms. So, your child can be playing on an Xbox and compete with another person on their PC.

So, how popular is this internet game? The developer, Epic Games, rakes in over $1 million a day from Fortnite. And they are getting ready to release an Android version that they say could make $50 million by the end of the year.

What Is Fortnite Battle Royale?

It’s described as a mass online brawl. It begins with one hundred players leaping out of a plane onto an island where they are left fighting with one another, and they fight to the death. This doesn’t sound like something children should be playing does it?

The fighters run around the island looking for weapons like rifles, grenade launchers and crossbows that are hidden in buildings and amongst the landscape. They compete to find these armaments, so they can survive.

They also compete to collect items, so they can build structures to hide in or use for defense. As these resources are collected, the area they compete in is reduced, so the remaining players are forced to fight closer together. Essentially, if you kill everyone else, you win.

Fortnite Battle Royale is a multiplayer game, and in reality, kids are really competing against other kids (or adults). Players can chat with one another over text or headsets. Although Battle Royale is a violent game, humor is part of its appeal. Kids can dress their players in silly costumes and have them perform funny dance moves. They can team up with their friends’ players to fight in duo or squad modes. Up to 100 can play at a time, until one-by-one they’re eliminated and only one survives.

Is this game really for children? How does this prepare a young person to live in a civilized society? It doesn’t. Even though it doesn’t depict blood and gore, it’s simply too violent for children. This is a game for adults, disguised for kids.

Why Is It So Popular?

• It’s free (unless you want to use one of the paid versions).
• It’s silly and humorous, even though the intent is to kill everyone.
• It uses bright, almost cartoon-like graphics and comes with loads of funny items and outfits like dinosaur costumes and space suits.
• It has a cult appeal because it uses a variety of dance moves that are popular with kids.
• New features, play modes and items are added to the game on a weekly basis. This keeps kids’ attention and wets their desire to try them out. They like to “show off” their new gear to other players.

It appeals to children’s desire to be socially connected with their peers because they can chat and play at the same time. Children are forming real Fortnite teams and spending time together after school playing the game together.

It’s also a huge hit with video game YouTubers. They broadcast videos of themselves playing the game. What this means is that you have adults playing the game with your children. This is another reason to question whether your child should be doing this.

What Should You Do?

Check out the game for yourself. Only you can decide if it’s appropriate for your children. If you decide it’s okay for them to play, consider limiting the time they do so. When they comply, tell them that you’ll allow them to play another game tomorrow. The reward system usually works with kids. The games can last longer than 20 minutes if they succeed in “staying alive,” so keep this in mind.

Also, keep in mind that this game can be very stressful for children. They’ll always be worried that their character is going to be killed. Sit nearby and watch as they play. When you see how stressful this really is, you may decide it’s not something they should be doing.

If they play on a game console, there are parental controls you can apply. You can turn off the chat settings for the game if you’re worried about who they’re talking to. You can also limit how much time they can play. It’s wise to do this before they get “hooked” on it.

If your kids are allowed to purchase the paid versions, talk to them about spending limits and make sure they ask you before making any in-app purchases.

Also, teach them that it’s dangerous for them to share personal information with other players they don’t know, or with strangers online.

As always, try to keep the lines of communication open with your children regarding the online games they play, and their internet habits.

Is Chromium, the next browser from Google, trying to take over for Chrome?

At a recent I/O developer conference, Google’s senior VP of products, Sundar Pichai, announced that Google Chrome now has over 1 billion active users. Though Microsoft has pushed their Edge browser hard, consumers simply like Chrome better. So, why mess with perfection?

The Chromium browser project actually does not attempt to improve upon Chrome. It is an open-source browser that works more as a shell or window manager for the Internet instead of as a standard browser. The tabs work more as a title bar for desktop applications and are designed to manage groups of applications.

Chromium’s Quick Search Box simplifies the way people access the Internet, including their personal content. The Chromium OS combines these two common activities to make navigation faster and more intuitive.

How Chrome Differs from Chromium

Google has taken the basics of Chrome and added some important open-source bits that may attract those who love and use open source programs. A few of these include:

• Adobe Flash (PPAPI). Chrome includes this Flash plug-in that gets automatically updated each time Chrome is updated. In order to experience the best in games and graphics, computers need the latest version of Flash. Their sandboxed Pepper API (PPAPI) plug-in can be installed on Chromium, but this is not done automatically.
• Support for AAC, MP3, and H.264. Both browsers include the basic codecs, such as WAV, Opus, Vorbis, Theora, VP8, and VP9. Chrome provides licensed codecs giving users access to a wider range of media and content.
• Extension Restrictions. These days, many extensions have been released that can actually harm your computer and zap resources. With Chrome, all extensions that are not found in the Chrome Web Store are automatically disabled. A recent investigation found that some rogue extensions can highjack your computer’s resources and use them to mine cryptocurrencies. This will cause your computer to slow way down and behave in unusual ways.
• Updating Google regularly. Both Windows and Mac users have an app running in the background that keeps Chrome always up to date. Chromium lacks this convenient feature.
• Security Sandbox. One of the best features of Chrome and Chromium is that these browsers have the security sandbox enabled by default. A few browsers, including some Linux programs, will disable Chromium’s security sandbox, which can cause random issues.

Why Build Another Web Browser?

Google’s developers designed Chromium in an effort to build a better, safer, more reliable way for users to surf the web. By allowing developers all over the world to work on the project, they felt that Google Chrome could be significantly improved upon. However, this hasn’t happened.

Chromium is still largely misunderstood by the masses and has not generated the global interest that other open source products have. For instance, the Linux operating system has become a very trustworthy program that is used today by about half of all Internet servers. It’s reliable and secure. A number of programmers and developers will always be fans of Linux no matter what. It remains freely distributable, allowing anyone to create a distribution for any purpose.

A large community of developers worldwide worked on Linux for many years and their hard work produced an amazing family of free, open-source operating systems. These programs are used in education, business, finance, video games, and supercomputers, among others. Linux set the bar high for open-source software collaborations.

Today, users can still get excellent support from these developers. Companies like Red Hat and SUSE still offer commercial support as well. The dream for Chromium was that global developers would continually improve upon the program until it far surpassed other browsers on the market.

Why Chrome is Preferred

Today, in spite of the many good browser choices available to users, Chrome is hard to beat. This may add to Chromium’s lackluster appeal. Below, are a few of the reasons why Chrome users say they will continue to use this browser over Chromium and others:

• Extensions and apps are integrated seamlessly. Firefox takes months to add a new app or extension for new sites, programs, and content.
• Ease of use and installation. It doesn’t take a rocket scientist to install and use Chrome. It has a very clean, organized design that takes away the confusion that new users may experience. That makes it perfect for groups like the elderly who need programs that work without much ado.
• Bookmarks and favorites can be quickly transferred to a new computer, phone or tablet. Chromium and Firefox both use a more disorganized system of transferring your bookmarks that can be painfully inconsistent.
• Lack of understanding is another hurdle for Chromium. Because it is not a standard web browser, users may get confused about exactly how to manage applications and programs.
• Efficiency and speed. Today, people expect to assert almost no effort when using the computer. They want everything to work seamlessly without additional effort or education. The need to be user-friendly is a giant obstacle to overcome when creating new apps, computers, programs, etc.

Getting Started with Chromium

Chromium is still a good option for those who are looking for open-source software and who want to avoid closed-source bits. Linux distributions may incorporate Chromium instead of Firefox simply because it’s so much like Chrome, yet offers good open-source attributes. Of course, Chrome still offers a better Flash player and a few other good features. For instance, using Chrome on Linux, users can now stream Netflix videos, an attractive quality for those who love Netflix. Chromium does not offer support for HTML5 video content.

Despite its drawbacks, numerous users including developers are working on Chromium. Getting involved in this project is easy. New users might begin by visiting forums and developer discussion groups. There, you can meet some like-minded individuals and get up to speed. You can also get involved by volunteering to help with testing. Chromium developers are looking for reduced test cases that improve web compatibility.

There is always a wide range of issues from translation problems to file bugs that developers can help with. Submitting patches can be extremely helpful. In the end, Google’s hope is that Chromium will become a fast, responsive program that is secure and dependable. It remains to be seen whether this will happen or not. Though Google is a trusted brand globally speaking, the company does sometimes create an “Edsel” when it comes to new programs, software, products, and apps.

If The Marketplace Distrusts and Has Moved Away From Legacy Anti-Virus and Switched To Next-Generation Endpoint Protection To Escape Ransomware Infection, Why Are You Keeping It?

All the way back in 2006, the word was getting out that Anti-Virus software must retire and make way for the Cloud, Next-Generation Endpoint Protection. AV served its purpose when systems were simpler. And hacking was a college prank, not a malicious attack for financial gain.

Ransomware, Malware, and non-Malware exploits were infants. Legacy AV could carry the load. But in this day and time, they’ve grown-up, and 53% of US organizations are blaming their tired, outdated Anti-Virus, as the cause for not preventing a Ransomware attack. Could your Legacy Anti-Virus be one of them?

It Takes A Cool Million to Plunk Down and Recover, From a Ransomware Attack.

$900.000 a year, is the average cost an individual company spends, on the Ransomware attack, paying the ransom monies, time used to respond, and productive labor time lost. In the US alone, the lost work time equals 44-man hours, responding to an attack, from attack to complete recovery.

44-man hours! That’s a little over a week’s work for one employee. The cost translates into paying that person’s salary, to do a job, you did not hire them to do. Is this good or wrong time management?

Do you know the percentages your Partners and Supply Chain suffered from your infestation?

Research recently provided by SentinelOne shows your affliction has a vast, direct and negative impact, on your Partners and third-party vendors. What happened to your company, magnified their loss and downtime, both in productivity and revenue, it’s the proverbial “domino-effect.”

Let’s look at those numbers SentinelOne provided:

• 46% Downtime – Your Partners and third-party vendors suffered;
• 35% Loss of productivity – Your Partners and third-party vendors suffered;
• 20% Loss of revenue – Your Partners and third-party vendors suffered.

So, who’s to blame?

Worthless legacy antivirus software? Careless employees? Decision makers? Yes. All three have a hand in it. And we’ll explain how.

Let’s start with the legacy antivirus software.

According to Business Wire, a Berkshire Hathaway Company, “Legacy vendors have failed to build solutions for new vectors – specifically, many legacy AVs still lack basic anti-exploit capabilities.” The key word here is “Exploit.” Exploiting is what a Ransomware programming-pirate knows and uses against you and your system.

Legacy anti-virus solutions are not able to keep up. Innovation is inadequate. The volume of attacks from:

• DDoS Attacks
• Malware Attacks
• Ransomware Exploits
• Viruses

Can not be charted. Hundreds of thousands of new strains appear daily. The best legacy anti-virus can’t keep up. It is overwhelmed. And here’s why.

AV infection solving depends on long-established signature-based identification methods to search for digital threats. What it struggles to overcome in today’s world, is the new strains. They are Signature-less and Fileless. The dangers go unchallenged and give a cyber-thief an easy way to access any unprotected enterprise networks.

The second culprit is the carelessness of employees.

According to Ponemon Institute’s 2017 State of SMB Cybersecurity report, sponsored by Keeper Security, The number one most significant cyber threat to your business is your employees. The cause of a breach was a whopping 54% from negligent employees.

But what makes them negligent? For starters device convenience. 50% of your data is accessible from a mobile phone. Not just a company-issued device. It could be a spouse or friend’s phone. A company, of any size, is a target. If your employee has 3 bars in the middle of the Sahara desert, your data can be accessed.

Secondly, your security and policies have gaps making it difficult to enforce your employees to follow proper protocols. According to the research, password policies lacked strict enforcement, 68% of the time. And 58% had no or unclear direction into password practices.

The third and final enabler.

I hate to be the one that says it, but the business owner or decision maker(s) prevent their protection from a Ransomware attack. They hang on to old beliefs. “It won’t happen to us.” Or “It costs too much to swap our legacy antivirus for endpoint solutions.”

45% in this group will pay the ransom, to get their files unlocked and returned, rather than the 55% that credit Cloud, Next Generation Endpoint protection. But those who spent to get their files back were targeted again and again and were attacked 73% of the time. The cyber-criminal sees that business as a bank atm. When they need some cash, it’s paid up or lose your files.

According to {company} Ransomware Specialists, “Cybercriminals will continually perfect their ransomware attacks. They will bypass your Legacy Anti-Virus. They will trick non-trained employees into infecting their organization. They will make you pay their ransom demands or sell your data to the highest bidder.”

Of the 70% who swapped from Legacy Anti-Virus over to Next Generation Endpoint protection, 96% are confident they will prevent future attacks.

To learn more about Next Generation Endpoint Protection and have 96% confidence you will prevent future Ransomware attacks give {company} a call at {phone} or email us {email} to speak to one of our Ransomware Prevention Specialists.

Most business owners are cognizant of the prevalence of fraud in the digital world today. According to Experian’s Global Fraud and Identity Report 2018, almost three-quarters of businesses believe fraud is a growing concern, and nearly two-thirds reported fraudulent losses over the past year.

What is Fraud?

Fraud occurs when an individuals’ payment information is used without their authorization. When hackers breach your network and access your customers’ or clients’ sensitive cardholder information, they have many opportunities to commit fraud numerous times. Anytime someone falsifies an identity and “tricks” a system into thinking the person making a purchase is someone other than who they actually are, this is considered to be fraud.

Fraud is Pervasive in Today’s Digital World

This is because the majority of business and consumer data remains vulnerable. As the value of digital information grows, so does the hacker’s motivation to develop methods to avoid detection from the latest technologies.

The existing account setup process requires consumers to provide extensive amounts of personal information along with passwords and secret questions. And data breaches provide this information to cybercriminals. When this data is stolen, it’s often used for fraudulent activities.

Fraud is a moving target just like the hackers. New tactics are evolving where criminals combine real and fake information to create new identities.

Most business owners just don’t have a handle on this – and they lack confidence in their ability to protect their customers and their companies from fraud.

One of the reasons for this is that their initiatives are mostly reactionary rather than proactive as many continue to use legacy cybersecurity technology rather than investing in new, more sophisticated data protection solutions. As a result, every month that goes by increases their vulnerability and exposure to data breaches and fraud.

Fraud is an ever-present and growing risk

For businesses in e-commerce, managing the risk of fraud is a delicate balancing act between providing an ease of use for customers vs. fraud protection. They struggle with mitigating fraud and providing a positive customer experience. Unfortunately, the customer experience wins out in most cases, and businesses are willing to risk fraudulent losses over losing customers to their competition. Ironically, they are setting their businesses up for reputational damage where they will end up losing customers anyway, fail to gain new ones, and possibly face financial penalties and litigation costs.

The 2017 Cost of Data Breach Study from the Ponemon Institute, sponsored by IBM, puts the global average cost at $3.6 million, or $141 per data record. That’s a reduction in the average cost in 2016, but the average size of data breaches has increased. It’s also worth noting that the average cost of a data breach in the United States is much higher at $7.3 million.

More than 50 percent of businesses say they still rely on passwords as their top form of authentication.¹ And business leaders know that using passwords isn’t the most secure option. But customers are used to them, and business owners want to please them. They also complain that they lack the financial resources to adopt more advanced authentication methods when this would save them legal fees and penalties if/when their customers’ accounts are breached–not to mention their reputation and the future existence of their business. This, of course, is very shortsighted.

How data breaches and fraud are connected

Data breaches and fraud don’t usually occur at the same time and place. Cybercriminals won’t steal a customer’s information and turn around and use it for a purchase from the same business. So. it’s not easy for a business to detect when a breach occurs.

Data breaches are typically detected by using specific security tools that monitor all payment activity. Merchants should follow PCI/DSS Standards to identify and prevent breaches and remain compliant. PCI-DSS audits will help you find vulnerabilities in your system and reveal inadequacies that must be eradicated.

A successful case of fraud spreads like cancer

If a hacker can get one password, they may have the keys to other password-protected accounts. The more online accounts people open, the greater their risk. And most people have quite a few. If the hacker can figure out the password to someone’s email account, they may also have the key to their credit card and banking accounts as well.

You must remain vigilant to prevent data breaches and fraud.

What to do if you suspect fraud

A key indicator of evidence of fraud is in chargebacks where a customer disputes a charge on their credit card, and where you aren’t paid for the service or product. If your chargeback rate increases above a 1% margin, this is a good indication that you’re experiencing fraud.

In this case, you should hire a third-party auditor like an IT Managed Services Provider (MSP) to help bring you back into compliance and stop the thieves. They will detect where the problem(s) exist and if what they find indicates a data breach. PCI-DSS compliance requirements mandate that you do this to stop the fraudulent activity.

Of course, you should contact the card processor as well. They will connect you to the card providers who can often identify the point of access or detect a suspicious pattern of activity.

What You Can Do to Reduce Fraud and Data Breaches.

Use EMV Technology.

EMV (Europay Mastercard Visa) is the global standard to authenticate payment cards. EMV technology can help you protect your business from fraud. It ensures the card is legitimate and that the person using the card is the authorized user.

EMV chips are microprocessors that store and protect cardholder data. They use a unique cryptogram that’s validated by the card issuer. This makes it more difficult for hackers to break the code and steal card information to commit fraud.

Today, if you don’t use an EMV-capable terminal, and the transaction turns out to be fraudulent, you can be held financially liable for that transaction.

EMV has been used in the United Kingdom since 2004, and card-present fraud has gone down by 80% as a result. By comparison, without EMV in the U.S., fraud increased during this time by nearly 70%.

Protect Data in Transit by Using Encryption.

When credit card data is stolen, it’s considered a data breach. Considering the number of card payments your business processes in a month, hackers may view you as the “Pot of Gold at the end of a Rainbow.” In other words, your business is a prime target.

You can help stop the hackers from accessing data in transit by using end-to-end encryption (E2E) and point-to-point encryption (P2PE).

The advantages of end-to-end encryption are:

• That you don’t need a separate key for the decryption of the data.
• You have flexibility in deciding what data to encrypt.
• You can choose specific configurations for more functionality.
• The file size is small, and the processing time is minimal.

Point-to-point encryption encrypts transmitted data as it goes through a designated “tunnel.” This is used most often for credit card information that’s encrypted from the point-of-sale (POS) to the credit card processor.

With encryption, if a breach does occur, and data is stolen, it will be useless to cybercriminals in its encrypted state.

Protect Data at Rest by Using Tokenization.

Tokenization breaks up a sequence of data into pieces such as words, keywords, symbols, phrases, and elements called tokens. Tokens can be words, phrases or even whole sentences. In other words, tokenization keeps cybercriminals from using data by replacing it with meaningless characters. Tokenization is helpful for businesses that store sensitive card data for re-billing. It’s also one of the most effective and affordable ways for businesses to protect their customers’ confidential card data.

Combining encryption and tokenization is one of the best ways to protect your business from the devastating effects of a data breach.

Secure Your IT Environment

• Ask your IT Managed Services Provider (MSP) to set up a next-generation firewall, anti-spam, and anti-virus solutions.
• Ensure your POS and router are on different networks and separate from other systems that access the Internet.
• Don’t use your business POS for surfing the Web. This can expose it to viruses and result in vulnerabilities that can be breached.
• Assign separate login credentials for each user.
• Forbid sharing of login credentials and enforce this.
• Keep your user list up to date and disable accounts that are no longer needed.
• Only provide remote access for users with a clearly identified need.
• Don’t leave remote access software turned on when unattended.
• Keep all software and anti-virus, anti-spam programs up-to-date.
• Regularly run and review scans for malware.
• Regularly have your MSP run vulnerability scans.
• Ask your MSP to train your staff on the latest security threats and what to do if they come across one.
• Train your staff how to detect unauthorized skimming devices that could be installed on POS or credit-card terminals.

Have Your MSP Train Your Employees on Cybersecurity Awareness.

Teach your employees about password security and make sure you enforce this behavior:

• Don’t use words from the dictionary.
• Don’t use names of family members.
• Don’t reuse passwords from your other accounts.
• Don’t write down your passwords or put them where others can see them.
• Consider using a Password Manager (e.g., LastPass or 1Password).
• Use password complexity (e.g., P@ssword1).
• Create a unique password for work separate from your personal use.
• Change passwords at least quarterly.
• Use passwords with 9+ characters.
  • A criminal can crack a 5-character password in 16 minutes.
  • It takes five hours to crack a six-character password.
  • Three days for a 7-character password.
  • Four months for eight characters.
  • 26 years for nine characters.
  • centuries for 10+ characters.
• Turn on Two-Factor Authentication if it’s available.

Teach employees about ransomware and phishing threats. These appear to be from an official like the IRS or FBI. If a screen pops up that says you’ll be fined if you don’t follow their instructions, don’t! If you do, the criminal will encrypt all your data and prevent you and your employees from accessing it. Teach them to:

Beware of messages that:

• Try to solicit your curiosity or trust.
• Contain a link that you must “check out now.”
• Contain a downloadable file like a photo, music, document or pdf file.

Don’t believe messages that contain an urgent call to action:

• With an immediate need to address a problem that requires you to verify information.
• Urgently asks for your help.
• Asks you to donate to a charitable cause.
• Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.

Be on the lookout for messages that:

• Respond to a question you never asked.
• Create distrust.
• Try to start a conflict.

Watch for flags like:

• Misspellings
• Typos

Ask Your MSP to Help You with PCI Compliance.

PCI Compliance is not a one-time event but should be a continual process to ensure your IT systems are appropriately transmitting and storing sensitive data. It mandates that network and business practices are secure.

Failing to maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS) can ruin your small business if you get hit with a data breach.

It’s not always easy to do this on your own. Your MSP can help by:

• Performing scans of your network to identify and eliminate vulnerabilities that can lead to data breaches.
• Monitoring network activity and blocking malicious activity before it can lock down or steal your data.
• Providing you the tools and resources to promote compliance.
• Implement data-breach protection solutions.
• Help you sign up for a breach assistance/cyber insurance program that provides for reimbursement of certain card brand fees that are charged if data is compromised. Some cover the costs of a data breach, which can be upwards of $100,000 or more.

Protect Your Business from Data Breaches, Fraud, and the Resulting Consequences

When you take all of this seriously, you’re not just protecting your customer’s confidential information; you’re also protecting your business from fraud.

Most companies that experience a data breach will see a rise in cost to retain existing customers. And, they will also see an increased cost to acquire new customers. When you add these increases in cost to the loss of revenue from customers that choose take their business to your competitors, you’ll soon see how your damaged reputation dramatically affects your company’s bottom line.

You don’t have to face this alone.

The right IT Managed Services Provider can be your best ally against security threats. From helping you with integrated and compliant POS systems to implementing technologies like encryption and tokenization, and providing compliance and breach assistance, the right IT Partner is worth every cent when it comes to helping you secure your business against the devastating effects of credit-card fraud and data breaches.

The standard of next-generation telecommunication is no longer the future, but the present. You’re probably not using it, even though you should be, and you may have to wait.

When casual conversations bring up speed, it’s inevitable we hear the clichés about “faster than the speed of sound” or “faster than the speed of light”. Sometimes, if participants are up on pop culture, even “faster than Usain Bolt” is tossed around.

• Which travels faster, light or sound? Light travels at about 300,000 kilometers per second, and the speed of sound is usually around 300 meters per second.

What is the fascination with speed? Faster cars, faster jets, faster roller coasters…we are compelled to increase speed and speed capacity – you may even have the speeding ticket to prove it! We’re an impatient bunch – or is it a competitive drive that fuels us further in our quest for the next fastest “thing”?

When conversations turn to tech talk, the topic of speed is generally relative to a generation. No, we don’t mean Baby Boomers versus Millennials. The speed at which data travels wirelessly, whether it’s over an organization’s wireless network or a major wireless provider’s network, puts consumers entirely at the mercy of current technology and our data connection. Have you ever been on a Google Hangout and had your connection interrupted? It’s frustrating, possibly embarrassing, and potentially costly if the Hangout was a sales pitch.

There are currently five generations of wireless communications standards:

• 1G: The first generation of wireless cellular networks and technology was analog and considered the telecommunications standard since the 1980s.
• 2G: Wireless data networks go digital! This is the generation that data entered into our wireless world, with the introduction of the text message. There are sub-2G generations, but these didn’t have a noticeable impact on our daily wireless use.
• 3G: The third generation focused on telecommunication networks that supported faster data transfer speeds, regardless of the type of communication: voice calls, video calls, mobile or fixed wireless Internet. This was the generation that introduced the smartphone. This generation also had sub-generations with advancements to support faster speeds and better performance as a preparation of infrastructure toward 4G technologies.
• 4G: Fourth-generation technology increased data speeds again and established thresholds for speed to qualify.
• 5G: The future of wireless technology, implemented in December 2017 and anticipated to be available globally by 2020.

Note that last part: anticipated to be globally available by 2020. Currently, maybe five countries are using it based on wireless providers. Most of the larger providers are testing 5G implantation, including Verizon and AT&T in 2018. The complication is that the U.S. infrastructure doesn’t yet support 5G wireless technology, so even with the “Big Box” mobile service providers testing the technology, consumers won’t get the benefit – yet. But what’s crucial to keep in mind about the future is that 5G is more than faster data speed. The next generation of wireless technology seeks to enable new and incredible insights that drive efficiencies. In other words: faster and smarter! How is wireless technology smart? Glad you asked!

Given the explosion – not literally – of “smart” devices in the market, the Internet of Things reinforced the need for the new generation of wireless. In fact, beyond just wireless, 5G incorporates technologies like computing and the cloud for everything to be smart, and everything to connect – even smart vehicles! Technology is supposed to simplify our lives by finding ways to make things easier. Connectivity and integration further this notion, and underscores the direction of the future is with the Internet of Things.

• What is the Internet of Things (IoT)? The IoT is the network of connected devices that have internal components enabling connectivity, like electronic sensors and software, which allow for the exchange of data.

The wireless economy and data standards are experiencing a massive evolution. Consumer appetite is skyrocketing, and the next generation will support an overhaul of the service model that allows wireless service providers to reduce costs to accommodate data needs while simultaneously driving revenue with new services. Adversely, the current generation actually incurs greater costs for data in cases like autonomous vehicles compared to the costs of its fuel. 5G will fundamentally change this service model.

All this talk of evolution doesn’t mean the existing model will disappear. In fact, the next generation – 5G – incorporates many wireless technologies, and improves upon those we already use (4G). 5G is going to change the way we interact, work, and live in general. As full-scale monetization is recognized – the cost to produce smart goods decreases for manufacturers, and the cost to support increasing data needs decreases for service providers, thus passing these reductions on to consumers – we can expect to see ever greater numbers of smart goods. For example, hospitals are migrating to electronic health records in greater numbers due to the simplicity of the centralized patient records and access to complete history at-a-glance, but the ease of submitting prescriptions to external pharmacies has also been increasing with major metropolitan hospital systems. From cars to hospitals, the 5G model will not only support but become critical to data needs in this evolution.

The transition to 5G will require the U.S. infrastructure to transform to cloud-based architectures with a virtualized core, and it’s expected that companies will spend over $300 billion by 2025 to upgrade and become compatible with 5G demands, including new data centers, new network transformation gear, and new modems/IPs.

There aren’t currently any mobile devices supporting 5G capabilities, but we can expect an upcoming surge of announcements with new products flooding the market once 5G is more widely adopted. Hopefully, the United States isn’t late to that particular game!

Excited for the future generation of wireless telecommunications, Qualcomm debuted the first 5G modem in 2016, and in 2017 European leaders established a baseline for next-generation standards. It’s safe to say the world is not just open to 5G, but embracing the changes in technology this next generation is ushering in.

If you’re the owner or CEO of a small business, then you’re probably already functioning as the Chief Information Officer (CIO) as well. Most small businesses can’t justify paying for both. This means you have to take time from your priorities to manage your technology, ensure that it’s secure and decide what IT solutions to use. It’s not as easy to do this as it was in years past, simply because of the fast-evolving nature of technology, and the increasing incidence of hacking and data breaches.

But, did you know that you can “hire” a Virtual CIO (vCIO) at a fraction of the cost of hiring a CIO?

What is a vCIO?

A virtual CIO is a technology service provider who serves as your CIO. They help you develop an IT Strategic Plan, with up-to-date resources to ensure security, productivity, and efficiency. Rather than hiring your vCIO, you pay for the service on an on-demand basis.

This frees you from the daily worry about technology and whether it will run as it should. It also frees up your limited internal resources and allows your employees to concentrate on their core responsibilities.

A vCIO Will:

• Gain an understanding of both your business and your technology infrastructure and make sure your IT is aligned with your business goals.
• Help you with IT budgeting and cost control strategies to achieve your priorities and avoid unnecessary costs.
• Analyze any inefficiencies in your existing IT infrastructure and centralize/consolidate resources and operations to promote considerable financial savings.
• Advise on Organizational IT Design and replace outmoded processes so you can pursue market opportunities and overcome business challenges through updated, value-based technologies.
• Effectively incorporate technology into your operational processes and ensure security at all times.
• Develop and IT Strategic Plans that aligns with your budget.
• Learn about your competition, and what new IT solutions they are using.
• Interface with your managers and users to ensure that you meet your IT goals.
• Identify and evaluate the impacts of your technology decisions.
• Conduct ongoing evaluations to assess your IT needs and provide service performance metrics.
• Manage technology needs for specific projects, whether they are new ones or ongoing.
• Deliver monthly updates to your management, provide Quarterly IT Summaries that reveal the condition of each component of your network, and prepare other reports as required.
• Provide procurement assistance to ensure you get the best prices on hardware and software.

Your Virtual CIO Will Help Your Achieve These 10 Technology Priorities for 2018.

 Cybersecurity

Security is an essential factor for any organization, and small businesses like yours are the biggest target for hackers today. Risk assessment, data protection, training awareness, and third-party security practices are necessary to ensure maximum security and protection. Continuous diagnostic monitoring is required to view your network, identify risks, quantify attacks and/or breaches, and mitigate them. Digital forensic tools are especially important for companies that require regulatory compliance and incident management. Identity and access management is a security practice that enables only authorized individuals to access resources to comply with security and compliance requirements. These are crucial elements for any business. Your vCIO will manage all these and other cybersecurity requirements for your business.

Disaster Recovery and Business Continuity

Disaster recovery and business continuity refer to your organization’s ability to recover data after a disaster occurs and when IT services are shut down or compromised. Both practices involve the process of backing up data and preparing policies and procedures to implement in the event of a disaster. Your vCIO will confirm your business can stay up and running no matter the IT disaster, manmade or natural.

Mobile Workforce Technologies and Solutions

With the BYOD (bring your own device) trend, organizations are using mobile devices more than ever. Your business is competing in a mobile, technology-driven economy, and you must rely on your mobile workforce to ensure customer satisfaction and product/service innovation. The right mobility solutions ensure secure and simple access to data, tools, and applications from any location. Your vCIO will help you consider applications, support, ownership, security, and communication issues and policies that will ensure your mobile workforce is always productive, and your data is secure.

Cloud Computing, Software as a Service (SaaS) and Virtualization

Software as a Service utilizes a cloud-computing infrastructure to deliver a single application to your employees no matter their location. This is opposed to relying on the traditional one application per desktop. Cloud services are available to your employees via the Internet from a cloud provider’s servers and used instead of your company’s own on-premises servers. Virtualization refers to the creation of virtual servers, desktops, storage devices, applications, and computer network resources. You can virtualize your entire IT infrastructure or just specific aspects of it. Cloud services and virtualization provide easy, quick, scalable access to resources, applications, and services, and simplifies your overall IT infrastructure to promote efficiency.

Enterprise Resource Planning (ERP)

Enterprise Resource Planning involves the use of business management software that combines a variety of integrated applications to store and manage data for all aspects of your business operations. It includes product planning, manufacturing, marketing, inventory management, shipping, invoicing, accounts receivables and payables, and more. Software as a Service Enterprise Resource Planning (SaaS ERP) supports remote hosting of business IT services. It’s also known as Cloud Enterprise Resource Planning (Cloud ERP).

Strategic IT Planning

Strategic IT planning focuses on your organization’s specific needs and how to best use technology to meet them. IT is a strategic capability to be used and integrated into planning and projections with consideration of future IT innovations and business growth. Your vCIO will work with you to determine how technology will help you achieve your business priorities and prepare guidelines and policies that support your vision with the right IT solutions.

Networking: Data and Voice Communications

Data communications refer to the electronic transmission of information for storage and processing, while voice communications refer to systems such as mobile devices and VoIP systems. Your vCIO will help you implement the best communication solutions to keep your organization connected and up and running.

Legacy Application Modernization/Renovation

Legacy application modernization is the process of refactoring, re-purposing, or consolidating legacy software programs to align with a company’s current needs. This enables you to benefit from the advantages of new development without the risk and cost of replacing legacy systems.

Business Intelligence and Analytics for Big Data

Business intelligence, or BI, is a term that refers to a variety of software applications used to analyze an organization’s raw and big data (massive amounts of data). Business analytics is the process of exploring and investigating an organization’s data with emphasis on statistical analysis. This is becoming more important for even small businesses today. They are relying on software solutions like Microsoft Power BI (Business Intelligence) to transform data and create interactive reports to help them analyze data to reach their goals.

Shared Services

Many parts of an organization use the same services and resources. Shared services involve the consolidation of business services and resources used by multiple parts of an organization. For example, with service portfolio management, organizations can define and manage services and resources. By incorporating automation, virtualization, advanced analytics, and other digital technologies into your operations, you can streamline processes. These technologies also may enable you to make better decisions and improve the quality of customer interactions.

By taking advantage of the services a virtual CIO provides, you’ll enjoy all the benefits of a CIO without the added costs. Your vCIO will protect your important data, help you get the most from your technology budget, provide customized reports and recommendations, and ensure you meet the technology challenges of 2018 and beyond.

Dangerous cyberattacks have been released by a group of hackers known as The Shadow Brokers. These exploits will lock up your data for good – no ransom, no return.

But this isn’t all they do – they’ll also leave behind a parasite that lets them “hang out” inside your computer, infect others, and re-enter through a backdoor.

What’s really scary is that these attacks are getting past traditional next-generation security measures. In 99 percent of the cases, security researchers found that these threats bypassed security tools.

EternalBlue (the worst-ever recorded ransomware strike): In February 2018 EternalBlue was ported to all Windows operating systems. By exploiting a vulnerability in Microsoft’s Server Message Block (SMB) protocol, EternalBlue allowed the dangerous ransomware virus WannaCry to propagate and infect 230,000 computers.

EternalChampion and EternalRomance are two other exploits that were also reported at the same time EternalBlue was.

And then there’s EternalRocks, also known as MicroBotMassiveNet, which is a computer worm that infects Microsoft Windows. It uses seven exploits that were developed by the NSA and unknowingly leaked to hackers. As a comparison for you, the WannaCry ransomware program only uses two NSA exploits. Experts tell us that EternalRocks is much more dangerous.

EternalRocks installs the Tor anonymous network to conceal Internet activity. Your server then downloads EternalRocks to your computers. To avoid detection, it calls itself WannaCry. But unlike WannaCry there’s no kill switch.

EternalBlue and these other exploits use a backdoor implant tool to infect your systems. Plus, EternalRocks is self-replicating worm and leaves the back door open via DoublePulsar so that other hackers can load malware on your computer.

Backdoors leave you exposed to a multitude of cyber threats.

A backdoor is a port or malicious application that provides access to a server or network. It provides hackers with unauthorized remote access to your network by exploiting security procedures and authentication. Backdoors can be used for cybercriminals to gain remote access to your computers.

Backdoors work in the background and are hidden. They are much like other malware viruses and, therefore, difficult to detect.

A backdoor is one of the most dangerous types of computer parasites. It gives a criminal the ability to perform any possible actions on your computer.

The attacker can:

• Spy on what you do,
• Take over your files a user,
• Install additional software or malicious threats,
• Control your organizations’ entire PC system,
• Implement keystroke logging and screenshot captures,
• Infect files,
• Encrypt your data, and
• Attack other hosts on your network.

Plus, the parasite can work automatically on its own and do what the hacker wants.

A backdoor not only allows the hacker to access your computer and network, but it also lets them come back and enter your system again and again.

Backdoors are complicated for system administrators to deal with. In most of the cases, it’s very difficult to find out who is controlling the parasite. In fact, all backdoors are really hard to detect.

Before they can find out how hard it will be to block the hacker’s access, system administrators have to figure out the methods hackers will use. There are so many exploits now that makes this a very difficult, if not impossible task.

Plus, some of these backdoors can’t be detected because of the way they’re designed.

Even if your admin changes passwords when an attack is discovered, backdoor utilities can be programmed to give the hacker repeat access to your system.

They do this via computers on your IT system that don’t log on to the network very often. Because it appears that no one is using the machine, your system administrator doesn’t detect that a hacker is actually using it.

There’s another kind of backdoor utility that lets the hacker return to the network within a short period of time. This way they don’t have to find a vulnerability to exploit in order to gain access. But if your system administrator does detect them, they’ll just take the time to look for another vulnerability. As you can see, this can be a constant battle.

Password cracking is the most-used method of backdoor hacking to breach network security.

The hacker locates your accounts that use weak passwords. These are accounts that aren’t used often. The hacker creates an access point by changing the password. When the system administrator searches for the fragile accounts, the ones that have weak passwords, the passwords have already been changed won’t be visible.

Backdoors can degrade your Internet connection speed and system performance. They prevent you from removing them by hiding in files. Plus, there are no uninstall features to delete them.

There are 5 ways backdoor threats can get in:

1. You can accidentally install them on your computers. Sometimes they come attached to phishing emails or file-sharing programs. They look safe and can trick you into opening and executing them.
2. They get installed by viruses like spyware or Trojans without your knowledge. Then they infect each profile for those who use that compromised computer.
3. They can be manually installed by malicious insiders who are authorized to install software on your computers. Then the backdoors can spread by exploiting remote systems with security vulnerabilities.
4. Some backdoors come with applications, including legitimate ones. Once the hacker gains access to a computer and access to the software installed on it, they have the authorization to take control and infect the software.
5. Backdoors can infect a computer by exploiting software vulnerabilities. They work just like computer worms and automatically spread without you knowing it. You won’t be alerted by warnings, setup wizards or dialog boxes when this happens.

What can you do to protect your business from backdoor threats?

Backdoor parasites are extremely dangerous and must be removed from the system. It’s essential that you contact your Technology Solutions Provider so they can do the following:

1. Block external access to all Server Message Block ports on the public internet.
2. Patch all Server Message Block vulnerabilities.
3. Block access to C&C servers (ubgdgno5eswkhmpy.onion) and
4. Install a DoublePulsar detection script.
5. Make sure to use an up-to-date analytics tool to monitor for insider threats.
6. Monitor your system for any newly added scheduled tasks.

 Contact our cybersecurity experts. We can “shut your backdoors.”

NIST has recently released a quick start guide that outlines the procedures used to place test data on a mobile device by forensics experts during an investigation. In many criminal cases, the authorities can gain valuable information by examining smartphones, computers, and tablets belonging to those involved. The NIST guide provides important directions, guidance, and techniques for setting up a device for use with mobile forensic tools.

 

Criminal Investigations and Legal Trials

Recovering data from digital devices has become an important part of many criminal investigations. The information found on a phone can prove helpful in providing clues as to the whereabouts and activities of suspects. This data is often used during trials and should be as accurate as possible since a legal verdict could be determined based upon what is found on the suspect’s computer, cell phone and/or tablet.

Even the best forensic investigators admit that data extraction from mobile devices can be tedious. This is due to the many differences in the types of data and formats used from one device to the next. Testing can be performed by anyone in the law enforcement community, but the official Federated Testing software must be utilized.

Tools for Law Enforcement

For years, law enforcement and forensic experts have used the data found on mobile phones and computers during the course of their investigations. As this science has moved forward and evolved, it has become necessary to create guidelines for populating mobile test devices. This eliminates much of the guesswork and helps a forensics team to be consistent with their testing procedures. This, in turn, helps to guarantee more reliable results. Consistency and reliability are key aspects of the type of data that can be used during a legal trial.

The two basic strategies for populating a mobile phone, computer or tablet with testing tools are:

• Place test data on a new or sanitized device
• Place test data on a user device and adjust as needed

Mobile forensic tools are primarily used with Federated Testing, but can be used with other test methods. By undergoing these forensics tool tests, investigators can ensure greater accuracy and easy sharing of their results with others in the forensics community.

Contents of the NIST Guide

The NIST Guide begins by describing the primary types of data found on a mobile device or computer, including, but not limited to:

• Text messages
• Photos
• Emails
• Social media posts and information
• Call logs
• Contact lists

A mobile device may contain hundreds of data elements that could be helpful to investigators. In many cases, it’s best to narrow down the search to data that seems to be most relevant to the specific case. This can prevent investigators from wasting valuable time on unimportant information. As the case progresses, investigators may determine that other data could also be helpful to uncover. Testing can be performed as necessary on those.

Divided Sections

The NIST document is separated into sections and appendices that describe the various methods of populating and documenting data found on a mobile device including the SIM/UICC. These are outlined below:

• Section 2: Document Device Data
• Section 3: Personal Information Management (PIM) Data: Contacts, Calendar & Memos
• Section 4: Stand-alone Data Files
• Section 5: Call Logs
• Section 6: Text Messages
• Section 7: MMS Messages
• Section 8: Location Data
• Section 9: Browser/Email Data
• Section 10: Social Media Data 214
• Section 11: Other Applications of Interest
• Section 12: SIM/UICC Card

How to Begin

The guide provides step-by-step instructions for populating and documenting a device. The guide recommends performing these steps for each mobile device tested.

Begin by choosing the most relevant data types that seem pertinent to your inquiry or investigation. If this data does not result in the information hoped for, testers can always go back and perform these steps on other types of data found on the form.

Appendix A-Acronyms

Appendix A explains all acronyms used in these testing procedures. It is necessary to assign an acronym to each item to reduce the amount of writing or typing. These can be confusing since some are so similar. Therefore, it is recommended that testers keep Appendix A handy to make sure they’re using the right terms when filling out their paperwork.

Appendix B-Mobile Device Documentation

Next, fill out the template found in Appendix B for each device to be tested. This template will ask common questions about the type of equipment including the name of the subscriber, device make, and model, IMEI for the phone and other identifying info. The IMEI can be found by going to Settings, then choosing About and scrolling down to where the IMEI is shown. Enter the number with no spaces or dashes on the form found in Appendix B. In this area, there are many other identifying numbers required on the form.

Appendix C-Mobile Device Data Example

This example form has been filled out for one “Stevie Ray Vaughn”. Though it is somewhat humorous, it shows the types of data to be placed in each portion of the form. His full name, address, email address and birth date are shown. If a photo of the phone’s owner is available, that should also be included. Calendar data can be important because it shows the daily routine, meetings, and people that a suspect might be associated with. It can help investigators create a timeline for the last few days of a person’s life.

Appendix C is quite lengthy due to the fact that SMS and EMS messages are recorded here along with call logs. Many people exchange dozens of text messages with friends each day. Include information about who sent the message and its contents. Make separate entries for unread messages and voicemails. Deleted messages and calls should also be recorded.

Federated Testing Project

The Federated Testing project at NIST is an extension of the Computer Forensics Tool Testing (CFTT) Program. This program has been successful in helping laboratories and forensic experts accurately uncover important information from mobile devices and computers. It enables consistent reporting and sharing of results across various labs and law enforcement agencies found across the United States.

The term, “meta description” may seem foreign to some but we all see these descriptions each time we search for something online. The meta description can contain up to 320 characters and should be an interesting summary of what your website is all about. It shows up in the search results as those first few words/lines that explain the essence of your website or post.

How Meta Descriptions Work

Each time we type a search term in the browser, a number of results will come up. For each one, there’s a 320 character description of the site or page. People usually decide which site to click on based on what these meta descriptions say. That means it has to be snappy and fresh. The wording needs to grab your attention. It has to sound enticing. Think of it as a short, but powerful sales pitch. Potential customers are far more likely to visit a site that sounds unique, interesting or entertaining than one that sounds boring.

Though search engines make it clear that there’s no direct advantage from writing good meta descriptions, there is a very strong indirect benefit. If you’ve written a good meta description, then this will improve your click-through-rate (CTR). As visitors click-through to your site, the search engine uses that information as a way of determining that your site was aptly and well described. This will improve your position in the search results.

It is important to point out here that Google will not always show your unique meta description. Sometimes they generate their own description of your business based on factors like the search term and type of business it is. This is where keywords come into play. Most business owners now understand at least the basics of keywords and how they work. If your content is well-optimized, then it should reflect that by serving as a great meta description.

Google changes the way their search engine works at times and this can certainly throw a wrench in all your good plans. However, that should not stop business owners from doing sound keyword research and creating unique content with those keywords. It goes without saying that keyword stuffing is bad and should be avoided at all costs. Always observe the current standards for keyword density in a page of text, which usually runs around 2 to 2.5 percent.

Yoast Free or Premium?

Yoast offers a free and a premium SEO service. With the free service, you get one keyword for each page of content. The premium service allows five keywords for each page. The premium service also does a readability check using the Flesch Kincaid test which measures the grade level of your writing. Since the world wide web is filled with people from all backgrounds and educations, Flesch Kincaid usually recommends writing copy that would be easy reading for a third to fifth grader.

Use short concise sentences. Avoid big words that are not readily understood unless you are writing technical information for a specific audience, like IT experts. Try to use action verbs instead of passive verbs. Use subheadings and catchy taglines. Whatever you can do to make your site more attractive, unique and fun, will help. You can count on getting more traffic and higher conversion rates.

How to Use Yoast SEO to Write Meta Descriptions

If you don’t write a unique meta description, Yoast will produce one. Usually, it simply takes the first three lines of content on your page or post and uses that. If you’d like to edit that, then click on the “edit snippet” button. This opens the snippet editor. There are fields there to edit the SEO title, slug and meta description. As you type, your new meta description will show up. You can make changes until you feel it’s just right. The snippet editor has an orange bar at the bottom that will become green once you’ve typed enough information.

Many site owners use the first few lines of content on their page or post as the meta description. If your site has good, professionally written content on it, then there’s nothing wrong with that. However, if you feel you could improve the text, then, by all means, do so. If you can get the hang of this and really write powerful meta descriptions, it can greatly improve your click-through rates.

How to Write a Superb Meta Description

Once you’ve decided that this is something worthwhile that could improve your bottom line, it’s important to put your best foot forward. In order to write effective meta descriptions, you may need the help of a good copywriter. Copywriting is all about utilizing words to persuade searchers to click on your page. With only 320 characters or about two to three lines of text, it’s important to make every word count. Below are two writing examples to show you the difference between professionally written text and that of an amateur.

Good Meta Description:

Apple

https://www.apple.com/

Discover the innovative world of Apple and shop everything iPhone, iPad, Apple Watch, Mac, and AppleTV, plus explore accessories, entertainment, and expert device support.

The above meta description from Apple does contain some good keywords but it doesn’t feel awkward or forced. It’s informative. It’s also important to note that this meta description was written using the older rules where 155 characters were the rule. Today, we’re seeing longer snippets that contain more information to help searchers decide what to click on.

Bad Meta Description:

Mary’s Bakery

https://www.marysbakery.com/

Get some good donuts and cakes at Mary’s Bakery located in downtown Minneapolis. We cater and deliver. Our baked goods are tasty and made with quality ingredients.

Though the above meta description does contain some valuable information, it’s boring. The shop owner wastes valuable space here to tell consumers where they’re located. This is something that many searchers will not care about in their initial search. Use this space to talk about delicious pastries, cakes, and donuts. Talk about your award-winning cupcakes with buttercream icing. This is how you get people to visit your site and look around.

Caution!

Be sure that your meta description accurately describes your page or post. Yes, the wording can be flowery, powerful, strangely attractive, etc. But it should also be truthful. If you make promises you can’t keep, then searchers will quickly hit the “back” button. This can cause your site to fall in the search listings.

As mentioned above, avoid keyword stuffing. Just about all web visitors today understand what keyword stuffing is and most don’t like it. The reason? Keyword stuffing makes a section of text read awkwardly. It is typically not well-written content and it doesn’t make sense to your human visitors. Remember to write your meta description for humans, not for search engines.

Instead, focus on writing interesting descriptions and unique content for your human visitors. In the end, search engines will not be purchasing your products and services. Humans will, so cater to their needs, wants, desires, whims—and you’ll be rewarded with higher click-through rates and stronger sales.