We are all independent animals, the human race. We love to do things ourselves, to figure things out. This applies to the male of the species particularly. In the pre-SatNav days the male driver would invariably ‘know’ how to get where he was going. He didn’t need a map, nor would he demean himself by asking directions of anyone.

When something breaks in the home, or at work, just ‘Google It’ and the answer and step by step instructions on how to fix the problem would miraculously appear.

Utopia.

Until you try to fix some of the more complex problems, that is.

And how long do some of these simple solutions gleaned from Google actually take to implement?

And do you really have the skillset to implement them?

The point is that if we were so skilled at doing all the things we attempt to do there would be no need for the specialists who spent many months, if not years, acquiring the skills necessary to ‘fix things’.

This is where a service contract is invaluable. Instead of struggling endlessly to find out ways to fix problems, you can focus instead on your core business of making your clients happy and your business profitable. The minor cost attached to a service contract is your ‘insurance policy’ against things going wrong. Work out how much your time is worth and apply that against the time cost of trying to solve the problem.

February has been a mega month for client problems. One of our long-term clients has been the victim of a major DDOS (distributed denial of service) attack which resulted in her website being offline for days at a time. No matter what we did, every time the site went live, it was attacked again and the host server had to close it down.

After several rebuilds, security reinforcements, database purges, IP Blocks, firewall implementations and everything else we could think of we managed to get the site up and running again. From the log files we could see that the site was being attacked big style with over 14,000 requests a day, so we had to find out where the attacks were emanating from, block the referring IPs and install some pretty hefty measures to counteract the problem. In total we spent five days resolving the issue (five individual days – as soon as we implemented a fix, the DDOS attacks circumvented it and brought the site down again). The five day’s work alone would have cost the client £3000 as multiple staff members had to be allocated to the tasks of bringing the site back online.

 

The incident was covered by the support contract that the client had in place with us.

It was the second worst incident we have had to deal with and really took some effort to resolve, but our worst was late last year when a client was the victim of a ransomware attack that locked up two computers.

 

The hijackers demanded Bitcoins to unlock the files to the value of £550.00, but even though the client was willing to pay, we had to explain to him that the site he was directed to in order to pay the ransom was an insecure site which was asking for his credit card details! Even if the site was secure, and the ransom paid, the chances of the hijacker handing over the decryption keys for the computer were exceedingly slim.

Instead we had to isolate the data, delete the hard drive and reinstall all of his programmes. His data is safely stored, but encrypted, in the hope that one day we can obtain the decryption keys to unlock it.

Again two day’s work that would have cost £800.00. But covered under his support contract.

Since January we have become members of CISP, The Cyber-security Information Sharing Partnership (CiSP) is a joint industry/government initiative to share cyber threat and vulnerability information in order to increase overall situational awareness of the cyber threat and therefore reduce the impact on UK business. CiSP allows members from across sectors and organisations to exchange cyber threat information in real time, on a secure and dynamic environment, whilst operating within a framework that protects the confidentiality of shared information.

CISP

CISP

CiSP allows members from across sectors and organisations to exchange cyber threat information in real time, on a secure and dynamic environment, whilst operating within a framework that protects the confidentiality of shared information.

CiSP sits as part of CERT-UK – the UK National Computer Emergency Response Team, formed in March 2014 in response to the National Cyber Security Strategy.

To aid us in this initiative, we have taken on-board an IT specialist to assist both us and our clients in creating and maintaining a robust and safe working environment, with the ultimate aim of protecting all of our clients’ assets. This has involved a major overhaul of all of our in-house procedures including a big health check on our IT following some recommendations from our new IT department. We have also acquired an information security company to keep us and our clients safe from cyberthreats and we will be rolling out updates and recommendations as the weeks progress.

But perhaps our most significant advances from the point of view of our clients is the adoption of a comprehensive website management and reporting system for our support clients. This new system checks for vulnerabilities and insecurities, module updates, site visitor statistics, page speed loading, backup and restore point data and a host of other key information points about client websites and incorporates them into an easy to read, graphical report that we can then email to clients each month.

As you can imagine, this has taken a lot of investment of money, time and effort to achieve, but it does provide a very detailed report on the status and performance of a client site and illustrates the lengths we take to manage and support a client’s digital assets.

Another significant change to websites is the weighting given to an SSL certificate on a website. An SSL (Secure Sockets Layer) certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key.

A certificate serves as an electronic “passport” that establishes an online entity’s credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the user’s browser accesses the server’s digital certificate and establishes a secure connection.

An SSL certificate contains the following information:

  • The certificate holder’s name
  • The certificate’s serial number and expiration date
  • A copy of the certificate holder’s public key
  • The digital signature of the certificate-issuing authority

You can identify a site that is protected by SSL quite easily; normal sites have the address http:// , while sites that have SSL enabled begin with https://. The browser bar – the very top of a web browser that normally shows you the address of the website you are visiting will also display a closed padlock, indicating that a website has been secured with SSL (see below).

The search engines hold great store in these certificates and from January this year have been displaying ‘not secure’ alongside the web address if a site has not been secured with SSL. They are also giving less SEO importance to websites that DON’T have an SSL certificate, effectively causing them to lose rank and appear lower in the search engine rankings.

The cost of certificates can vary enormously and the least expensive SSL offered by our favoured hosting company costs around £50 per annum. They have to be bought and configured on the site to protect the websites pages, but installation can often throw up additional ‘failures’ on the site that need to be addressed to make it fully compliant.

Many ecommerce applications and payment systems demand the installation of SSL. Our current favourite payment system, Stripe, will only work on SSL-enabled sites, so if ecommerce is part of your website’s offering, you should really be looking into having an SSL Certificate implementation.

In fact if you have a website there are significant advantages to having SSL installed, so it is something that we recommend everyone investigates.

If you need any further information about SSL, website security or support contracts, please call us on 0191 516 6262, or email us on info@glass-frog.com