Malicious software that uses encryption to hold data for ransom has become wildly successful over the last few years. The purpose of this software is to extort money from the victims with promises of restoring encrypted data. Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software or by tricking somebody into installing it. Ransomware, as it is known, scores high profile victims like hospitals, public schools and police departments. Now it has found its way into home computers.
The nefarious ransomware business model has turned out to be a lucrative industry for criminals. Over the years its ill repute has made law enforcement team up with international agencies to identify and bring down scam operators.
Most of the ransomware attacks that have taken place in the past have been linked to poor protection practices by employees.
There are a few dos and don’ts when it comes to ransomware.
- Do not pay the ransom. It only encourages and funds these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files.
- Restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
- Do not provide personal information when answering an email, unsolicited phone call, text message or instant message. Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your coworkers receive suspicious calls.
- Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of all the fake software out there.
- Do employ content scanning and filtering on your mail servers. Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.
- Do make sure that all systems and software are up-to-date with relevant patches. Exploit kits hosted on compromised websites are commonly used to spread malware. Regular patching of vulnerable software is necessary to help prevent infection.
- If traveling, alert your IT department beforehand, especially if you’re going to be using public wireless Internet. Make sure you use a trustworthy Virtual Private Network (VPN) when accessing public Wi-Fi like Norton WiFi Privacy.
Ransomware criminals often attack small and medium sized businesses. Among other cyber attacks, ransomware is one criminal activity that can be easily worked around with the above-mentioned solutions. Norton Security Premium coupled with education about these threats is an excellent protection plan for today’s cyber landscape.
Thank you to Symantec for this article: https://us.norton.com/internetsecurity-malware-7-tips-to-prevent-ransomware.html
A newly discovered exploit affects more than 30 widely used email applications, could allow attackers to spoof sender addresses and, in some cases, carry out cross site scripting (XSS) and code injection attacks. “Mailsploit” is the collective name for several vulnerabilities affecting email clients, including Microsoft Outlook 2016, Mail for Windows 10, Apple Mail (including macOS, iOS, and watchOS versions), Mozilla Thunderbird, and Yahoo Mail for iOS and Android.
Mailsploit was discovered by security researcher Sabri Haddouche, who published his findings on Tuesday December 5. Haddouche said Mailsploit had been found and confirmed in 33 different products.
What is Mailsploit?
If successfully exploited, Mailsploit allows an attacker to falsify the address an email appears to come from. It takes advantage of a flawed implementation of RFC-1342, a 25-year-old recommendation for displaying non-ASCII text in mail headers, and allows an attacker to create headers that insert various bytes into the “from” line in an attempt to mask the true sender.
This could allow an attacker to increase their chances of successfully delivering a malicious email to a target since the recipient is more likely to open it if it appears to come from a trusted source.
Spoofing email headers was once a fairly trivial thing to do, but the practice was curtailed by the rollout of new safeguards such as Domain-based Message Authentication, Reporting and Conformance (DMARC). Mailsploit could allow an attacker to create a spoofed email that will bypass DMARC.
Additionally, in the case of some affected email clients, Mailsploit also permits code injection and cross XSS attacks. These include Spark, a mail client for MacOS and iOS, MacOS clients Polymail and Airmail, and mobile apps TypeApp and AquaMail.
Mitigation status of affected software
To date, Mailsploit has been patched in eight products and triaged on 12 more products. Two vendors—Mozilla and Opera—said they won’t fix the bug because they consider it to be a server-side problem. Apple Mail, Mail for Windows, and Outlook 2016 are all listed as triaged. The bug has been fixed in Yahoo Mail for iOS and Android.
A full list of affected products and mitigation status is available here.
Question? Contact us.
Thank you to Symantec for posting this information: https://www.symantec.com/blogs/threat-intelligence/mailsploit-email-exploit-spoofing
“Good SEO work only gets better over time. It’s only search engine tricks that need to keep changing when the ranking algorithms change.”
SEO strategies are constantly influx. This is the very nature of the practice; perpetual evolution.
Because of SEO’s dynamic and uncertain nature, business owners need to regularly brush up on the discipline’s latest best practices and most important ranking factors.
To help keep you up-to-date, here are the three most important ranking factors for your business to be focusing on right now.
Surprise! Content is still one of the most important ranking factors. This was confirmed by Andrey Lipattsev, Partner Development Manager at Google, in a Google Q&A session.
There is no revelation here. Content has topped the list of ranking factors for a long time. What has been evolving in this realm, however, is what Google looks for in great content.
There has been a shift away from keywords while greater emphasis has been placed on natural language and intent.
That doesn’t mean that keywords are dead. Keywords and their variants should still be included in the title of publications, meta descriptions, H1 tags, and in the body of the content. While the power of keywords is dwindling, they still need to be used.
When it comes to article length, there are no real guidelines here as Google has stated that, “. . . the amount of content necessary for the page to be satisfying depends on the topic and purpose of the page.”
This translates as: Don’t worry about length. Worry about comprehensiveness and satisfying the user’s intention.
This means that you should focus on seeking to meet the needs of searchers; this will often end up developing more comprehensive pieces, which will likely be lengthier and full of great keywords and variants.
2. Mobile-Friendly User Experiences
Again, no Earth-shattering news here. If you have been keeping up with SEO at all, you should know how important mobile-first everything is to Google.
This year, the search giant made of one the biggest and most monumental changes in the company’s history by announcing that it would shift its ranking focus toward mobile-first indexing. This means that your mobile site needs to be top-notch because this will soon take precedence over the desktop experience.
Because of Google’s aggressive push toward small-screen sovereignty, mobile optimization should be one of your company’s top priorities. This includes ensuring that your primary content is available and responsive on the mobile version of your site, serving structured markup across both desktop and mobile, as well as adhering to other guidelines Google expressed in its webmaster blog announcing the move to mobile-first indexing.
It’s critical that your brand prepares its online presence for the impending future that mobile will dominate. As of late 2016, Google noted that, “. . . 85 percent of all pages in the mobile search results now meet this criteria and show the mobile-friendly label.”
If your site isn’t one of them, make sure it is very soon.
It is important, however, that you don’t launch a mobile site for the sake of getting it out there. According to Google, if you release your mobile site before its finished, this could be harmful to your rankings.
3. Various Technical Elements
In addition to content and mobile-friendliness, there are numerous technical aspects to keep an eye on if you hope to rank well in the SERPs.
The first aspect to focus on is encryption. Various studies are still finding positive correlations between the use of HTTPS encryption and first page placement. While Google confirmed this as a ranking signal way back in 2014, those that have yet to adopt are being labeled as downright unsafe in Google Chrome. This label will have a significant impact on traffic.
The next component to be mindful of is your site’s anchor text. While exact-match anchors are still power players in influencing rankings, if they appear unnatural in any way, you run the risk of getting hit with a Penguin penalty. Always make sure that your anchors are organic, even if they aren’t an exact match.
The final element that I will touch on here is your site’s pop-ups and CTAs. As Google continues to emphasize the importance of mobile-friendliness, the company has been focused on providing a prime user experience. This means Google doesn’t take too kindly to intrusive pop-ups.
As of Jan. 10, Google has made it clear that, “…pages where content is not easily accessible to a user on the transition from the mobile search results may not rank as high.”
If your mobile site employs any elements that obscure content with an ad or CTA, be sure to remove that immediately or risk getting hit with a penalty. There are some exceptions to this rule, however, so visit the company’s blog to gain a deeper understanding.
SEO is always in motion, but great content is also always in style. While it can be hard to keep up with the SEO updates, making this a cornerstone to your marketing efforts is one of the smartest commitments you can make to your brand’s success.
“The day I woke up and Reddit was working on its own was just the most incredible feeling.”
– Steve Huffman, CEO of Reddit
If you have an Internet connection, you probably know what Reddit is.
For those who don’t know much about this edgy community, Reddit is a multilingual social news and entertainment platform that calls itself “the front page of the Internet.”
Reddit is the eighth most popular website in the world, according to Alexa, drives roughly 1.5 billion unique visits a month, and houses more than 250 million active members.
When leveraged correctly, Reddit can be an incredibly powerful source for driving massive amounts of traffic to your website. For instance, Eddy Arza was able to increase his site’s daily visitors from 41 to 4,266 literally overnight. Similarly, Ryan Stewart was able to grow his traffic by 33 percent by learning the ins and outs of the platform.
It is extremely necessary to become familiar with how Reddit works before you start trying to plug your brand because the community’s members (called Redditors) are sometimes known for ruthless behavior; particularly toward outsiders.
Part of why Reddit is such an effective tool for increasing blog readership, sales, and overall traffic, however, is that the site is essentially one massive aggregator.
For the most part, Redditors submit outbound links to various niche communities called subreddits. There are a seemingly infinite number of subreddits, so I’ll cover this more in a bit.
Before we dive into how to drive traffic from Reddit to your site, a quick public service announcement:
You Must Participate Before Plugging!
The first step to leveraging Reddit is the most vital and the most time-consuming: You must participate within communities – a lot – before posting anything about your brand or website.
Truthfully, Reddit hates marketing.
If you just create a new account and try to promote your site, prepare to be eaten alive. Redditors are notoriously suspicious of new accounts and they can sniff out an advertisement like digital bloodhounds.
To gain the trust of Redditors, you need to start off by posting relevant (non-promotional) materials and engaging in various discussions.
Here are three ways to leverage Reddit to drive tons of traffic to your website.
1. Engage the Right Subreddits
As stated earlier, Reddit has tons of niche communities called subreddits.
While not all will be relevant to your cause, you are likely to find dozens that are. Before you start targeting specific communities, however, ask yourself:
- What is my target audience interested in?
- What is my expertise?
- What value can I provide potential followers?
The answers to these questions will help you develop a blueprint in selecting which communities to join. If you fail to conduct this short exercise, you’re more likely to join subreddits that don’t provide you much value to you, and vice versa.
While this may seem to conflict with the above paragraph, you may also want to consider some smaller, more overlooked communities as these folks tend to be highly engaged. This is the exact strategy that Gfycat used to build its audience and become the largest user-generated GIF platform in the world in a mere two years.
To find subreddits that will be valuable for your brand, search relevant keywords that your audience would use to find information about product or service like yours. For instance, if you run a gaming blog, you might join the r/Games subreddit whose goal is to, “. . . provide a place for informative and interesting gaming content and discussions.”
Depending on what your brand does, you might want to join subreddits that are a little more marketing-friendly such as r/deals where you can post discounts, coupon codes, and all sorts of other offerings for savvy consumers.
2. Use Reddit As a Source for Content Creation
Content is one of the top Google ranking factors. While creating a wealth of great content is necessary, it certainly isn’t easy.
Reddit provides content marketers with an endless pool of inspiration for great content. By engaging in conversations and mining comment threads for hot topics, pain points, curiosities, etc., business owners can gain an abundance of quality topics to write about and then post back to those same communities, effectively driving traffic to their site.
Additionally, there are often individuals within subreddits who share interesting insights or perspectives on certain topics. Depending on how informative the individual seems, you might want to consider reaching out to them for a podcast or interview that you later craft into a blog post.
Alternately, businesses can uncover some common themes of what users desire and run content within a subreddit, driving traffic to a dedicated landing page on their site. Prizes should be relevant to the community’s wants and needs. You could offer products or services from your business, Reddit Gold, or various other payoffs.
Before utilizing this tactic, however, be sure to reach out to the subreddit’s moderators and gain their approval. Otherwise, you could be banned from the community.
3. Host an AMA Session
This strategy should be saved for after you have developed something of a name for yourself within the subreddits you subscribe to so that users know who you are and that you have value to offer.
AMA stands for Ask Me Anything. AMA’s are essentially interviews where the whole of the reddit community can ask you, well, anything.
These are often a prime opportunity to share information about your business without coming off too promotional.
The key to these group conversations is to provide the community with lots of in-depth, valuable knowledge. Think about things like behind-the-scenes stories, struggles and solutions that most would never consider and other intimate details that only an industry insider would know.
For an Ask Me Anything session, you can target the dedicated AMA subreddit, or you can simply conduct it within one of the subreddits you subscribe to — most will allow for these types of conversations.
Holding the talk within a subreddit that is relevant to your audience might be the best option. This increases the likelihood that you’ll have an interested and engaged audience.
Reddit is a goldmine for generating awareness and traffic for your website. Familiarize yourself with the platform, its lingo, and interact with the right groups before promoting your brand. If you do this prior to leveraging the tactics listed above, you stand a far greater chance of achieving the outcome you desire.
We’ve been waiting for this for quite a while, haven’t we? That moment when we can say that we know for sure what Google bots like about our website and what they don’t like.
Well, the following metrics aren’t exactly coming from Google, but close enough. The Moz experts think they have unveiled the mystery. If you have anything to do with SEO, you already know that the closest you can get to Google is Moz.
This edition of Whiteboard Friday was filled with epiphanies and confirmations of things I already suspected. So I decided to resume it for you. Here it is:
Top 4 metrics you should care about (because Google does!)
The Moz experts assume that the organic ranking metrics are somewhat similar to the AdWords quality score, the algorithm that Google uses to rank ads and determine costs. Of course, the organic ranking algorithm itself has to be quite sophisticated, but I think the simplifications below can help a lot of businesses and SEO writers.
1. Actions taken on your website
They came, they read, then what? According to Moz, Google loves to see people click a button on your website after reading or scanning one of your pages. If they do nothing, then Google assumes your website wasn’t all that interesting.
What to do: Add CTAs to each of your posts. You may think it is common sense for people who love what you write to go to the contact page and ask for a price quotation. But it’s not. We tested this on multiple websites for our clients and on our own website. Irrespective of how many clicks they got and how well they ranked organically, blog posts with no CTA gathered very few (if any) leads.
2. Bounce rate
You already know that a huge bounce rate isn’t something to be proud of. Google doesn’t like it either.
Think about it: People search for something and arrive on your website. Then they immediately bounce back to search results. What does that signal? Obviously, that they didn’t find what they were looking for. In other words, that your website isn’t very relevant for the keyword in question.
What to do: CTAs can help guide people to deep clicking aka browsing a lot of pages on your website. Inbound linking also helps to keep people engaged.
3. Time spent on page
Are you starting to see a pattern here? Good.
You may think that you can fix all of these through the bounce rate. But it’s not exactly the same thing. People could spend a few seconds on a page, be distracted by a link at the top and click on it. This tells Google that your website may be interesting (given your low bounce rate), but that particular webpage is not.
According to a recent study, people scan webpages, they don’t read them word for word. So what can you do about it? Can you change behaviors? Of course not; but you can offer them something to scan for longer periods of time and captivate them.
What to do: Avoid clutter at all costs. Don’t be afraid of the white space and add as many photos or videos as you can to break down the text. Subtitles, spaces between paragraphs and bullet points are also must-haves. If people see a huge wall of text, they will most likely move on. But if they are interested in the topic, they will at least scan the text (when written and formatted properly).
4. Links to your website
This one is confirmed by a Google representative (finally). The more links you have on your website, the better you will rank.
It’s quite obvious: when people cite you, it means that you are doing a good job. Andrey Lipattsev, the Google representative in question clearly stated that content and links are very important for ranking. Which gives us an idea about how to tackle this.
What to do: I’ve said it in many of my articles here: great content is your gold mine. If you create it, links will come. Not overnight, but they will. One of the greatest joys for me is receiving e-mails from clients who tell me they discovered tens of new links to the blog posts we wrote for them.
Similarly, I love it when our clients are asked for permission to translate their articles in other languages or use parts of them by complete strangers. This is the link building power of great content. Oh, and if you were thinking about buying links, forget about it – they have absolutely no value. Influencer outreach and guest blogging are much better solutions when you’ve just launched your website and have very little traction.
Wrapping things up
If there is one thing all these metrics have in common, it’s content quality. Write good content and people will stay on your page longer, they will click more to get to other pages or articles and they will link to your blog because it will be a trustworthy source.
In a nutshell, write it and they will come.
By Adriana TicaOlder Posts »