Protecting Your WordPress Sites With Good Passwords

Protecting Your WordPress Sites With Good Passwords

WordPress Admin Security

The most obvious security issue with WordPress is your administrator account logon information. By locking that down you can protect your website content and install information. 

But there are other security measures you should implement if you really want your site to be secure. We’ll talk about those on this episode 113 of the BeBizzy Break Podcast.

Protecting Your WordPress Sites With Good Passwords

by BeBizzy Consulting | BeBizzy Break Podcast

Your WordPress Admin Account

There are several ways for a hacker to gain control of your website or server. I’m going to start with the most obvious, then give you some tips on protecting the rest of your site and social engineering opportunities

  • Admin Accounts

    • Admin Passwords – choose a good password. I assigned a tough, 16-characters admin password today which was promptly changed by the user to a weak password. The client didn’t want increased security on allowing weak passwords, so now an admin has an easy password, which would allow total access to the site and the data.
    • Delete unused accounts – I recently killed a few accounts on a site that haven’t technically been active in over five years. However, if that person had really wanted to cause an issue, it would have taken no time to change that password, log in to the site and start causing all kinds of damage. And technically, it wouldn’t have to be the person who “owned” that account, it could be hacked by virtually anyone, especially if they had email access (see below)

Other Website Security Concerns

So once you have a handle on the admin accounts in WordPress, now it’s time to take a quick audit of the other weak links

  • Your email password – This is 100% the most important password you will even use. Almost every password recovery, confirmation, and communication from other systems come through your email. If someone gets your email password, they can get almost anything else including your bank, your credit cards, your mobile phone records, Office accounts, business files… everything.

    Make your email password as secure as humanly possible, set up two-factor authentication (2FA) where possible, and guard this password with your life.

  • Password Managers – Now that I’ve made it clear your email is THE weakest link, a good password manager like LastPass is essential is managing strong, unique passwords for all of your pages. And most modern browsers allow easy use to auto-fill or provide easy copy/paste of passwords into your web apps and pages.
  • Server login – Having access to a WordPress site is good, but getting direct access to a server WHM or Cpanel is even better. You could point the site at a different location, change up some of the settings, or even just delete everything. Lock that down with a good password.
  • Registrar – Hijacking domain name isn’t new, but it is relatively easy with access to the registrar. From here DNS records can be changed, contact emails can be changed, and domains can even be cancelled/deleted. Turn on 2FA and set a good password.
  • Other technical sources for the site – Make sure logins to your CDN, WooCommerce account, plugin sources and more are all protected with great passwords and 2FA.

Passwords will usually scrub off the casual hacker, but to ensure your site’s security to those with a little more skill you may have to take some additional measures. Set good passwords, utilize 2FA when possible, and change the passwords on a regular basis. 

Update on WordPress 5.4 which was released on March 31, 2020. Some issues emerging on the editor going full screen, and favicons disappearing or affecting load time. So at this time I would advise you not to update until an incremental update is released to address some of these concerns.

Have horror stories or tips on securing your WordPress or other website? Send them to me @BeBizzy on Twitter!

Protecting Your WordPress Sites With Good Passwords

by BeBizzy Consulting | BeBizzy Break Podcast

Best Methods for Sharing Files

Best Methods for Sharing Files

How Can I Share Files With Clients and Co-Workers?

Sharing files in an office environment is often easy. There’s often different email rules set up for internal sharing, an easy to use shared server environment, and company-provided usb thumbdrives.

But what if you need to share files with a customer, or now that you’re working from home and not inside that hardened corporate firewall? We’re talking today about some of the things you can use to share files without being on that safe company system (including VPN’s into the system)

Best Methods for Sharing Files

by BeBizzy Consulting | BeBizzy Break Podcast

Ways to Share Files

There are dozens, maybe hundreds, of ways to share files with co-workers and clients. Remember that you still have to get passwords to the end user, so sending that in the same email could be a security issue. Here’s just a few ways to share files:

  • Thumbdrives – Keep in mind there are some issues regarding thumbdrive safety so make sure the drive is yours and you have formatted it prior to transferring files. Also, some computers are locked down to getting files from thumbdrives.
  • Password Protecting – Microsoft Office and other files allow you to password protect the files prior to saving or sending. In Office click on File – Info – Protect Document –  Encrypt with Password
  • Zip & Protect – Similar to password protecting. Just add to a compression folder and add a password.
  • Google Drive – Save files to your Google Drive, and from there you can share the folder out via email or a shared link.
  • SendSafely – Two-factor authentication, expiration controls, even an Outlook plugin with “dropzones” for teams. Free and various levels of subscriptions.
  • DropBox or Sync -File sharing sending links or allowing a login. I use Sync which allows you to see when the file is downloaded and also to encrypt and password protect them better than Dropbox.

These have different levels of cost and security, but all will work. Some require direct access like a thumbdrive, and some are easier to hack than others. Some are easy to set up, and some might require some working with clients and co-workers setting up and sharing.

The important thing to remember is if you really need something to be secure, make sure you can control the source, encrypt end-to-end, and see who views/edits the file. Budgets, financial data, secure company data and items like that need more security than an birthday announcement. Think in advance and be safe!

What are your favorite ways to share files? Send them to me @BeBizzy on Twitter!

Best Methods for Sharing Files

by BeBizzy Consulting | BeBizzy Break Podcast

Time To Check If You Own Your Digital Real Estate

Time To Check If You Own Your Digital Real Estate

Do You Own Your Digital Business Real Estate

Your business probably has a domain, email addresses, SSLs and ton of other places you live your digital life. But do YOU have control of them, or does another company or employee own it?

Own Your Digital Real Estate

by BeBizzy Consulting | BeBizzy Break Podcast

There are several things you should own in your digital life. Among the main reasons for having control of this is when it needs to be renewed, YOU get the notice and can choose to do the update or not. What you should “own” is : 

  • Domain – your domain is your home. It is where your customers are looking for information, so make sure you have leased the domain and are the administrative contact.
  • Social Media Accounts – social media is getting more prevelant in your life, for better or worse. But it’s where many people live on the internet, so if you are posting and driving traffic from Facebook, Twitter, LinkedIn, etc, create the account yourself and have control of it.
  • SSLs – If you are using an SSL, and you should, again lease the SSL yourself instead of through your host, developer or other company.
    WordPress Plugins – Many websites lean on plugins to achieve certain tasks. Not renewing the plugin can cause the site to lose functionality.
  • Email Accounts – Whether you like to admit it or not, companies rely more on email than phone calls. Know, and own the location that hosts your email. Get admin rights as well.
  • Google Analytics Account – did you know Google Analytics accounts and information are not transferable? That’s right… if your previous developer or marketing team created the GA account there’s a good chance if you ever want to move it or take control of it yourself you get to start over. So create your own account and move now.

Some digital items are not critical or even beneficial to own yourself. Things the you can “own” but it’s ok for your marketing or technical team to own as well are: 

  • Admin access – Many relationships are known to be “over” prior to announcing it’s done. Having admin access to the site, or at the very minimum READ access, will allow you to download the files and databases in advance to something catastrophic from happening.
  • Hosting – it’s unusual for many small companies to lease their own server space since it can be expensive and put the management back on you as the business owner to handle when it goes down needs updating or has other issues.
  • Google Ads – Most of the time Google Ads are managed by marketing teams and can be accessed by the business owner and the marketing agency.
  • Social Media/Review Management – Admin access can be given to marketing teams or management companies, and it can also be revoked just as easily.

With “owning” these pieces of your digital  comes some great responsibility. If you choose to log into ANY of these items, make sure you do not make changes unless you are prepared for the possible issues. In many cases data and files may not be backed up and if deleted or edited it can be costly, or even impossible to recover.

I’ll use this to issue my standard warning of back up, back up, back up. Own your backups. Save your backups. Download and backup your social media posts and other info. Keep your email server backed up. 

Backups are normally portable and in an emergency you can set up a new server and site in days, not weeks. But if you don’t “own” your domain you are relying on someone else to point towards the new host, which can be an issue. By owning it yourself you still may need help but you just need to find THAT person instead of relying on a negative relationship to accomplish the task. Own your own digital real estate.

Own Your Digital Real Estate

by BeBizzy Consulting | BeBizzy Break Podcast

Comments or No Comments on WordPress?

Comments or No Comments on WordPress?

ShouId I allow comments on my WordPress website?

It’s an ageless question. Leave comments turned on in every page of my website, only leave them on the blog posts, or turn them off everywhere?

There are pluses and minuses to all varieties of answers, but on today’s episode of the BeBizzy Break Podcast we talk about should you leave them on, how you can protect yourself if you do, and how to remove them if you don’t.

Subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio

Some Things To Consider About Comments

In short, WP comments is feedback, positive or negative, left by visitors to your website. Usually they are at the bottom of the page and while they can many time require some data provided by the commentor, it doesn’t always provide a way to communicate with the person making the comments outside the page.

On the plus side, comments are a great way for your visitors, customers and readers to leave a message about the content. That usually involves something positive or negative, a response back to a current comment, or a general comment about the site or author. These comments can serve as a “social proof” to other visitors that you have an engaged community and might prompt a newsletter signup, frequent visits, or even a sale.

However, the negative side of comments are distracting at best, and damaging at worst. Un-monitored  commenters can be aggressive, even threatening, at times. Comments can be very negative about the content, the author or the company hosting the page. SPAM commenters can come in and offer their services or products in the comment thread to supplement or replace the products offered on the page. Images and language can be used in the comments that could potentially be abusive, even illegal, if not monitored or combated.

So, you can see while comments can be a valuable way to increase reader engagement, sometimes they really should be turned off for the protection of the website owner, and the consumers of the content.

How Can I Protect My Comment Stream?

There are several things you can do to protect your website from malicious comments. 

  • Require an account with verifiable email addresses before commenting : This will sort out the low hanging fruit of people who do not want to be found after making negative comments. These folks don’t have “burner” email accounts and fake names, so supplying actual names and contact info can sometimes be enough deterrent.
  • Put a comment filter in place like Akismet : Akismet will look for obvious signs of spamming and put these comments in a held state waiting for approval. Then the admin (or you) can go in and either approve or reject. If rejected, you will have the option to block all from this user/IP.
    Version:4.1.7
    Requires:4.6 or higher
    Compatible up to:5.5.3
    Released:20 October 2005
    Downloads:180373127
    Last Updated:22 October 2020
    Ratings:
    4.7
    (4.7 star out of 5)
  • Use a comment system like Disqus : Moving away from the standard WordPress commenting system and use a system like Disqus will allow users to use the same information across several websites. So just logging into the Disqus system and making comments speeds up the process.

    Version:3.0.17
    Requires:4.4 or higher
    Compatible up to:5.1.8
    Released:28 August 2008
    Downloads:3746789
    Last Updated:04 March 2019
    Ratings:
    2.8
    (2.8 star out of 5)

  • Employ monitors or admins : No one has time to monitor website comments if the site is large and doing well. For smaller, less visited sites you can see every comment, respond and remove as necessary. But if the site grows, you will have to employ or recruit some people to help out. Often these are frequent commenters who volunteer or can be trusted, but occasionally you will have to pay for professional help. 

How Can I Turn Comments Off?

I’m a fan of turning comments off. I simply don’t have the time, or the desire, to look through every post, comment, article and page to look for valuable or damaging content. So I turn them off with a plugin for my website, and my client’s websites.

  • WordPress settings has a toggle to turn off “future” comments : This works great if you’re building a new site and don’t have any comments. But if you do, the old comments will remain
  • Disable Comments Plugin : simply my go-to comment killer plugin. This be installed and activated, then configured to turn off all, none, or some of the comments on the site. Want comments only on blog posts, not pages? Easy. Want to kill all of them? Even easier.
    Version:2.0.2
    Requires:5.0 or higher
    Compatible up to:5.5.3
    Released:27 May 2011
    Downloads:9388363
    Last Updated:01 December 2020
    Ratings:
    4.8
    (4.8 star out of 5)
  • Disable Comments and Delete Comments Plugin : A fairly new plugin that does the same thing more or less as the earlier disable comments plugin. Quite simply, it just deletes and disables all comments.
    Version:
    Requires: or higher
    Compatible up to:
    Released:01 January 1970
    Downloads:
    Last Updated:01 January 1970
    Ratings:
    0
    (0 star out of 5)

Comments can be a great way to measure engagement, have visitors promote or provide critical analysis of your content, and even allow pingbacks and other shares of the content. But they can also be a drain on resources, especially time, and even be distracting or abusive to your other readers. Use them with caution, put failsafes in place, and if it gets unmanageable, turn them off before they become damaging to your and your website. 

Have any questions or suggestions on website comments? Leave them below, or send them to me @BeBizzy on Twitter!

Subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio

Using Two Factor Authentication (2FA) For Better Security

Using Two Factor Authentication (2FA) For Better Security

What Is 2FA (two factor authentication)

In the most basic form, two factor authentication (2FA) is :

  • Something you KNOW – password, a PIN, answer to a security question
  • Something you HAVE – driver’s license, phone, last four of credit card
  • Something you ARE – face scan, fingerprints, voice

So realize it or not, you’ve been using 2FA for many, many years. Every time you enter a PIN for debit cards, or provide the last four of your social security number to bank, or even when you use a fingerprint to log into your phone, you are using a second “factor” to authenticate.

Subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio

Where Should I Use 2FA

Many “secure” web apps or websites offer 2FA as an option that has to be enabled. When you try to log into your bank or mortgage company you will often be asked a security question, have to enter a PIN, approve a security image, etc. But unless you enable 2FA in some places a simple password is all that keeps you and another user from your email, social media accounts or banking information.

How Does 2FA Work?

Traditionally on the internet or phone app, the user enters a password on the computer or device which triggers something to happen from the application. An SMS is sent with a code, you are prompted to engage the fingerprint reader, or it asks for another time-coded PIN from a secure authenticator application. The user than enters the codes, provides a fingerprint or other criteria and is logged into the application.

Of the more popular methods, SMS is the least secure. SMS can be intercepted, sometimes read on multiple devices, or in extreme cases even hijack the phone number. 

Fingerprints are the obvious most secure. Virtually impossible to fake, fingerprints are with you pretty much all of the time. Make sure you read several fingers from both hands. On occasion users can injure specific fingers or in the most extreme circumstances lose a digit, which would make reading impossible.

Authenticator applications are becoming more and more popular in recent years. These apps run on your phones and reset a code every 30-60 seconds. When you try to log into the app, it will ask for a password, then ask for a six-digit 2FA code. You pull out your phone, open the app and find the appropriate code, enter it into the field on the app, and if the two match, you are logged in. 

Possible Issues with 2FA

Well the most obvious is not having your phone or having it not usable. However, most services that use 2FA like Google and Facebook have “backup” codes. If you have the codes but not access to your device you can still authenticate. The danger of saving these backup codes is now you have an insecure printed code lying around, which sort of defeats 2FA.

Time is another issue. Most of us want access to information and entertainment now. Having to open an app, pull out a text, or even manipulate the phone for fingerprint reading can take precious seconds… but isn’t security worth that time. Think of the minutes, hours or even DAYS it would take to recover or repair a hacked account!

Authenticator Applications

Several times I’ve referenced authenticator apps in this discussion. These apps are fairly easy to use. When you turn on 2FA on your app or website, a code or QR Code will appear. You add a site to the authenticator, it will ask for the code or the QR scan, ask for a confirmation code, and you’re all set up! Below are some of the most popular authenticator for Android. Most are available on iOS as well and there are almost no differences in how these programs work. 

  • Google Authenticator – The most popular 2FA app. If you use Gmail or GSuite it has very easy integration to secure your email and other Google applications.
  • andOTP – Free and open source it’s a very easy to use application with compatibility of Google Authenticator 2FA.
  • Microsoft Authenticator – Google’s biggest competitor
  • Authy – Probably the most popular app NOT created by Microsoft or Google, if you want to steer away from those to giants.

So how do I know if I can use 2FA?

Most sites that use 2FA have it listed in a security section of your profile. Simply looking there or through frequently asked questions will usually tell you if you are able to use 2FA.

There is a great list of websites and apps that use 2FA at TwoFactorAuth.org. This website has an organized list of sites and which types of 2FA they support. Some use SMS (texting), phone authentications, email or hardware/software tokens. This can be really helpful if you plan on using 2FA as part of the decision-making process.

Bottom Line on 2FA

Two Factor Authentication sounds scary. When you start talking about fingerprints and things of that nature people get weirded out by movies and potential issues. The bottom line is by taking a few extra seconds to log into your favorite apps, cloud storage and banking sites you could be preventing endless hours of trying to recover those accounts. Who hasn’t heard stories of hacked financial accounts, or hijacked social media logins, or changed email passwords with no way to recover because the backup email account was changed.

While 2FA won’t completely stop this activity, it will keep a vast majority of hackers from trying further. It’s much more cost effective in money and time to move on to an easier target than to dig deeper on to a secure accounts.

Take a few moments and test on something easy like Facebook. Then your email, then banking, then your website. You will feel better knowing you’ve taken some steps to be more secure.

Do you use 2FA? Send questions or comments to me @BeBizzy on Twitter!

Subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio

Shared Email Inboxes – BeBizzy Break Podcast EP: 71

Shared Email Inboxes – BeBizzy Break Podcast EP: 71

Does your business have a shared inbox?

Most small, and nearly ALL large businesses have generic email inboxes that are logged into by two or more staff members. Sometimes it can get messy when everyone, or in some cases no one, log into the box to handle customer requests, questions, or just to clean it out.

Subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio

Why would you need a shared inbox?

Current and potential clients like to have generic email inboxes they can use to contact your company. Addresses like “info@”, “support@”, and “customerservice@” help them reach the right person. But sometimes it’s never just ONE person, but a group that keeps that inbox monitored. And this can sometimes cause collisions of two people working the same issue, or worse, ZERO people working the same issue because they thought it was being handled by someone else.

Ways to set up a shared inbox

  • Manual – An email gets sent to “info@” and several people all see it in their inbox. Someone has to accept that email, read it, respond back to the sender, then file that email in a different folder or use whatever process is mandated by the business to mark it as complete.The problem arises when the inbox is set up incorrectly and not everyone sees it being read so multiple people start working the issue, or everyone sees it and assumes it will be handled by someone else so no one helps the customer.In this case, there needs to be a documented process of who handles it and when. If rep A is gone, rep B works it. If it sits for more than “x” hours then the manager or someone else is specified to handle it. If there are no documented processes you will have breakdowns or cause extra work on certain issues.
  • Forms on the Website – Putting a form on the website does a couple of things. First, you don’t give out actual email addresses but you can still direct subjects selected by the client to a particular email address. This means all “info@,” “questions@,” or whatever goes to an actual person, not a group of people, but the client doesn’t see who gets it. This also allows some flexibility when someone leaves the company, is on vacation, or is just too busy to handle these types of requests.A second benefit of forms is they allow you to format the information being gathered instead of just letting the sender put whatever information they wish into the form. So you can ask for and even require names, email addresses, phone numbers, subjects, and just about anything else you want or need.Finally, many of these forms can be saved to a database AND sent to a person or persons, so in the event email goes down, a person’s address is terminated for whatever reason, or something just isn’t handled right away, you can look at the data and recover this request and fix the issue.The one drawback is this format requires the user to actually go to the website to submit the form instead of just firing off an email from their phone or email application.
  • CRM – Customer Relationship Management platforms are the next step beyond email forms. They are databases or applications that use form or email information to create tickets that can be handled by one or more people. Some potential CRM platforms in a wide variety of functions and price are Hubspot, Zoho and Freshdesk (what I use at BeBizzy).There are so many benefits to this type of system including:
    • Saved threads of communication with the client
    • Formatted questions that require the sender to provide necessary information to solve the issue like invoice numbers, usernames, phone numbers and more.
    • Many have the ability to add an FAQ, support forum, or other intermediary step where the sender can often solve their own problems or the group can solve it before you can.
    • Most CRM platforms are located off the website network, so it doesn’t affect the traffic or performance of the website
    • It provides an auditable trail to see how long it took to respond, how many interactions did it take before resolution, who handles how many tickets, and more.

Bottom Line

Shared inboxes are a great way to handle client request or questions. They allow your company to respond as a group instead of relying on just one person. But it more control is needed, the first step would be to create some forms on the website that send to specific people and save to a database. If the budget exists, or the need is great enough, a CRM is a great way to handle support tickets, general inquiries or other client requests. If the cost looks too big, weigh the option of what does it cost to lose a current or potential customer because something wasn’t handled right away.

Have any questions or suggestions on going paperless? Leave them below, or send them to me @BeBizzy on Twitter!

Subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio

What to do About Deleting Facebook

What to do About Deleting Facebook

BeBizzy News and Notes

  • Reminder, Tax Day is Tuesday, April 17, 2018.
  • WordPress 4.9.5 was released yesterday. It’s a small update, and just a few minor releases before the big one, Gutenberg, gets released.

Subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio

Should You (and your customers) Delete Facebook?

Some Background On The Facebook Issue

  • Facebook has been accused of distributing “fake news” since before the last US Presidential election.
    • The social platform was supposedly manipulated to send articles to those of certain political leanings re-enforcing those beliefs or inciting anger at opposing beliefs.
  • Recently it has been found that Cambridge Analytica obtained the Facebook data of 50 million users UPDATE!! I LIED! This afternoon (4/4/18) it was announced the leak was 87 million accounts!
  • Inside that data is your contact info, who you follow, what ads are clicked on, friends, your timeline, and much, much more.
  • So now that the cat’s out of the bag, what should you do as a consumer, and how does that affect you a as a business person?

First, let’s look at how to get your Facebook data

  • Computer – click on the down arrow to the right of your notifications and select “Settings
  • Under the General Account Settings is a link to “Download a copy of your Facebook data.” Click it.
  • You will be taken to another page (page views anyone) that asks you to click another button to “Download Archive.” Click THAT.
  • Next you will asked to provide your password. It is the same as your Facebook password, then click “Submit.”
  • An email will be sent to your login email stating your Facebook data has been requested, and a followup email will be sent when the data dump is complete.

Now if all that information scares you, you’re not alone. And thousands are deleting their Facebook accounts including Elon Musk, WhatsApp founder Jan Koum (who sold his company to Facebook for $16 billion), Jim Carey and more.

  • Deleting your account is easy, go here and click deactivate your account 
  • HOWEVER, before you do, remember that Cambridge Analytica and others already have your info, so deleting your Facebook account will only cut you off from sharing new info. They can already act on what they have.

So what does this mean to you and your business

Your customers could easily do the same, and once they see who they all follow, like and interract with, there’s a chance they will also either delete their accounts or remove some affiliations.

Instead of deleting Facebook, it’s suggested that users remove allegiances to Apps, Website and Games. You can also see what information is saved as “Your Ad Preferences” , where you can see what’s stored as Your Interests, Advertisers You’ve Interacted With, You’re Information and Ad Settings.

But if your customers go here, there is a chance they will “unsubscribe” to your ads and other information. So now what?

Well, if they do this, you could lose their attention. So there are a couple of things you can do to retain them now before another scandal prompted them to make changes.

  • Post Often – By putting quality, relatable, non-sale related content in front of them often, you could entice them to think of you as a needed resource, entertainment source, or wanted advertiser.
  • Advertise to a targeted list – Obviously when looking at your data you can see just how targeted your ads could be blasted. Be more selecting when you send out an ad instead of throwing it out to as many people as possible. It will save money and keep other timelines from being clogged.
  • Focus on things other than Facebook. Get your website’s SEO fixed, look at Twitter, Pinterest and LinkedIn as possible avenues of driving traffic, and look at marketing automation as an option.

If a user has made up their mind to delete Facebook you will simply loose that method of reaching them. If you have hitched your wagon, traffic and marketing to only Facebook, now is the time to start looking at other solutions.

WordPress Plugin of the Week

Mergebot 

Wish I would have sought this one out a few weeks ago before I moved a very large, active site. What it does is you install Mergebot on both your LIVE site and a DEVELOPMENT site. As your visitors interact with the site with sales, contacts and other things the information is passed through the cloud the Mergebot. Also, as you make changes to the development site these database changes are also sent to Mergebot, where the cloud database combines the two making it easier when the DEV site goes LIVE by syncing all the database changes in one place.

It’s not cheap, but if you’ve ever moved a large site or database and had to keep a version live while you migrate or change it can be a huge headache when it comes time to merge the data. Mergebot could help you with this.

Cost is $249/yr to migrate one site at a time, $349/yr for three, and $589/yr to do five sites at a time. Again, not cheap, but compared to the hours you could spend messing with database sorting and merging, it could be a lifesaver. Wish I would have used it before I migrated the last site, but I won’t make THAT mistake again!

Got a suggestion for a topic, interview or other show idea? Send it over at BeBizzy.com or on Twitter @BeBizzy

Disclosure: As member of a pretty cool team of influencing users, I received mobile devices with line of service from Verizon. No additional compensation was provided nor did I promise a positive review. All opinions are my own. By the way, many of us meet every Friday @ 2pm CT on Twitter (#MobileLiving) to discuss mobile phones and how you can use them in your daily lives. Join us! 

#BetterMatters #brandpartner

Subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio

BBP : Episode 56 – Capterra

BBP : Episode 56 – Capterra

In this episode we talk about how Capterra can help you find the right software solution to manage your business.

Subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio

Tech News

Windows 10 Fall Creators Update released on Oct 17

  • As always, running updates has certain risks, as talked about on last week’s podcast
  • Make sure you have plenty of time to run the updates, possibly a couple of hours.
  • Always back up and know there’s that small chance the backup may fail and you’ll either have to revert back, or it could cause your system to become unstable.
  • Features.
    • People Integration – You can now pin friends, co-workers, business partners, family members, etc to the task bar for easy access. It can even be used to contact via Skype
    • Fluent Design – a new design language from Microsoft regarding animations and effects. Some included changes are blur effects, easier resizing of apps and windows and a “shinier” design for the Start Menu.
  • You can also pin website shortcuts to the task bar. This was available in previous versions of Windows, and now it’s back.
  • New emojis – dinosaurs, genies, zombies and more are part of the Unicode updates for the fall creators update.
  • Cortana – Cortana notifications can now be seen on your Android phone. And you can control Windows a bit with Cortana, including locking, signing out, shut down or restarting your computer.

Google Advanced Protection

  • Meant for high-profile celebrities, politicians and other possible targets for hacking.
  • Advanced security features for your account (gmail, google drive, etc)
  • Need a physical key to unlock your data (USB)
  • It also locks down your files and email to ONLY Google apps, eliminating the possibility of using 3rd party programs to attain the data.
  • This will make using Google’s products a bit more tough, but if you’re concerned about information security more than you are about ease of use, this may be a good solution.

Capterra

Capterra is a website with a mission to match up businesses with the right software to optimize any part of the operation. Whether it’s project management software, bookkeeping, marketing, testing or just about anything else, Capterra can suggest the right software taking into account budget, ease of use and more.

  • Guest : Claire Alexander – General Manager of Capterra
  • http://capterra.com
  • Facebook : https://www.facebook.com/Capterra/
  • Twitter : https://twitter.com/capterra
  • Website to help find a software solution for your business
  • Capterra has been around since 1999
  • Virtually any sort of software for your business organized by software type, then displaying the most used, best cost effective or easiest to use.

Have any questions or suggestions on going paperless? Leave them below, or send them to me @BeBizzy on Twitter!

Subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio

BBP : Episode 55 – Have You Updated Today?

BBP : Episode 55 – Have You Updated Today?

In this episode we talk about managing your passwords and updating technology to stay secure.

BBP : Episode 55 – Have You Updated Today?

Tech News

Yahoo Email Hack – Now up to 3 Billion accounts, apparently every yahoo account. – announced by the new owner, Verizon

  • No credit card information in the breach, but
  • Suspect part is that the new intelligence was just recently obtained AFTER the deal closed to buy Yahoo.

Equifax update – there’s a good chance the company will have to pay penalties to affected consumers going north of $1B.

  • For the record, $1B comes to just over $7 per possible affected user.

Cortana is now rollout out into Skype. You should start seeing it appear in private and group chats to offer assistance for scheduling and other items.

  • Will also appear in the Android and iOS versions soon.
  • Still not sold on voice systems like Google, Amazon or Siri, but I hope to become more reliant on it when the new Pixel 2 phone arrives
  • Microsoft claims 141 million “monthly” users of Cortana. I use it only when I accidentally click the button on my desktop toolbar, so that probably counts at least once a month.
  • Siri – 41.4 monthly, 19% daily.
  • Google claims 20% of mobile searches are voice searches – couldn’t find a published #
  • Becoming more popular
  • Would love to discuss voice searches and voice control on a future episode, so if you’re an “expert” please contact me.

Today’s topic – You are Responsible for Updating Your Technology

  • In the last month, I’ve had to do the following:
    • Rescued three websites from obvious hacking
    • About six months ago I got a call that a WordPress site built over five years ago had NEVER been updated, and now stopped working.
      • That required updating WP, finding out what, if any of the existing plugins would still work with the new WP, and we had to find alternate solutions for outdated, un-updatable, or costly upgrades to certain plugins.
    • Two months ago I worked on a computer that was full of malware. The client was still running Windows XP and didn’t want to update. Windows XP was abandoned by Microsoft in April 2014, meaning there was no further development on the operating system and it would be exposed as insecure.
    • In all cases, there was a massive cleanup, one new install of WP, and a complete forced re-indexing of the website by Google and other search engines.

ALL of these could have been avoided if the core functions would have been maintained. By following just a few steps, your computer, phones and other devices can stay up to date and minimize the danger of being compromised.

Remember, criminals will most always take the low-hanging fruit, like the computer not updated in over 5 years, the WordPress site with outdated plugins, or the FTP password that hasn’t changed in half a decade.

A word of warning… updates can sometimes fail, and even cause larger issues. BACK UP YOUR DATA before running updates, or just in general. However, the risk of something bad happening during an update is nothing compared to the possible issues that can happen by running an out-of-date system.

  1. Back up everything on a regular basis – Always have a way to reset if something bad happens, even if you lose some data.
  2. Turn on automatic updates for plugins and incremental WordPress updates.
  3. Use a service to update multiple sites if needed.
  4. Turn on notifications for major WordPress or theme releases, and run them after you back up, update plugins and prepare for possible downtime.
  5. Also change your FTP and Cpanel passwords on a regular basis, or when someone leaves the organization.
  • Windows Computers
  1. Back up on a regular basis. Services like Dropbox, OneDrive, Google Drive and others offer cheap, or even free secure cloud services that will back up your data.
  2. Turn on automatic updates in the control panel. This will run in the background, and prompt to reboot when larger updates appear.
  3. If you can update your operating system to at least Windows 8.2 you will at least be receiving regular security updates. There was a time you could have updated to Windows 10 for free, but you most likely missed that if you’re still running an older version.
  4. Keep your software like browsers, office software and other major applications like Photoshop and others up to date by regularly checking, or selecting auto-updates if prompted.
  • Mobile Devices
  1. Back up on a regular basis (notice a theme here?). Most carriers have this available, but you can keep your music in the cloud, photos backed up to Google Photos for free, contacts saved to Gmail or Gsuite, again for free, and other data can use Dropbox, Carbonite and other services.
  2. Go into the Play Store or Updates on your mobile device and click Update All on a regular basis.
  3. Always accept operating system updates when prompted, your device is properly charged or connected to a power source, and you have the necessary allotted time to accomplish the update. Do a full reboot once in a while to clear the device and also to re-engage auto-updates when the phone reaches back out to the carrier or app store.

Updates are an easy way to keep your site and devices secure. Criminals are looking for the easy targets when you’re dealing with electronic crime, so stay on top of your systems and update regularly.

Don’t forget to send us any suggestions for apps to review or people to interview. And subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio

And as always, leave the technical stuff to us!

Equifarked – BeBizzy Break Podcast : Episode 54

Equifarked – BeBizzy Break Podcast : Episode 54

In this episode we talk with Sara Hawkins about the Equifax breach and what you can do now.

BBP : Episode 54 – Equifarked

Tech News

  • Apple Announced three new iPhones yesterday at the new Steve Jobs auditorium at the spaceship
    • Wireless charging
    • New A11 Bionic Processor
    • Glass backs
    • 2GB RAM ??
    • No OLED
    • Camera can shoot in 4k
    • $699 and $799
    • Preorder is Sept 15 and available Sept 22
    • FaceID failure during demo, but basically it will unlock with the camera and your face
    • Black, White, and new gold color
    • iPhone X
      • Bezel is all but gone
      • No home button
      • Case is glass and stainless stell
      • $1000 sale 10/27 with shipment on 11/3
      • Screen is an OLED display made by…. SAMSUNG!
      • The home button and power button are combined to be the Side Button
        • Long press for Siri, double click for Apple Pay
      • Two hour increase in battery than the iPhone 7
      • Better flash, slow motion  recording and of course 4k
    • Other phones cost
      • S8 : 700
      • Note 8 : 900
      • Pixel and Pixel XL : ??  Pixel was $650 & $850

And now to the even bigger issue in the last several days, the Equifax breach.

  • Equifax announed 143 million customer records exposed.
    • Just in ND, the attorney general has stated over 248k exposed http://www.kfyrtv.com/content/news/ND-AG-says-more-than-248000-North-Dakotans-affected-by-Equifax-data-breach-444010593.html
    • Rick Smith, Chairman and CEO of Equifax on the breach
    • Issues
      • Breach occurred in May – July, found in July, made public in Sept
      • Three executives sold stock. On 8/1 and 8/2 the CFO and two other execs sold $1.8million in stock, which dropped over 10% on the announcment. Equifax claims the officers had no knowledge of the hack
      • Your information could be in Equifax because they gather information on nearly everyone to sell to credit checking agencies. It knows everything about your credit cards, bank accounts, mortgage, auto loans, everything.
      • The website to find out if you’re affected has some issues
        • Stock WordPress
        • Site was flagged by OpenDNS as a potential phishing site
        • WHOIS showed domain wasn’t owned by Equifax
        • Site asked for six of nine numbers of social security number
        • Can state you’ve been breached using some test info… I believe this is residual from testing, but could show a larger issue.
    • What to do
      • Can check to see if you’re affected
        • Be advised the FREE service may turn into a PAID version after a time
        • Also, read the T&C’s on what rights you are giving up before you agree…. Rumors of being limited on legal actions against Equifax. It’s now being reported that the verbage has been removed, so you are NOT giving up legal rights.
      • Put a credit freeze on accounts
      • Don’t respond to phishing attacks to give out personal information via text or email.


Don’t forget to send us any suggestions for apps to review or people to interview. And subscribe to the BeBizzy Break Podcast on iTunes and Stitcher Radio.
And as always, leave the technical stuff to us!