Blog

How Resilient is your Website?

by | Jul 12, 2017

website resilientIn the current climate it is essential that you have an understanding of the security issues surrounding your website.   Discuss security from the offset with your web developer and get them to explain how they will be protecting your site but also what you and all those using the site should be doing on a day to day basis to ensure security is upheld.

Know your hosting company and your server control panel login details

The first step you will need to take if your site does get compromised is to notify your hosting company, whether by you, your developer or a security expert, so do ensure you know these details as you will need to act fast if your website is hacked. A common control panel is cPanel. Whatever it is, make sure you know how to access it.

Website Back-Up

Discuss with your web developer what back up system will be set up for your website.  Keeping a backup may be your easiest and best protection against a security attack, as it will allow you to turn back the clock.  While this doesn’t prevent attacks, it does cure them when needed. Find out how frequently your site will be backed up and where those back-ups will be stored.

You should be backing up the files on your website and the website database.

This is normally done by the hosting company.

Website Usernames

Most default user names for logging in are “admin” and hackers know this.  Ask your developer to set up accounts with custom logins for each user rather than generic ones. Know who is logging in and who has access to your site.  It’s also wise to delete accounts as soon as they are no longer needed.

Also you can ask your developer to hide the name of the person who has added a post to your site, as that is also the user name.

Passwords

Use ‘strong’ passwords.  i.e. it should be 12 characters minimum and include numbers, symbols, capital letters, and lower-case letters. Use a mix of different types of characters to make the password harder to crack. Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0.  Ensure passwords are changed regularly. Don’t use the same password for more than one site.

You may find it useful to use a password generator or password manager. Password managers, like LastPass or even the in-built Google password manager, mean you can store passwords securely and not have them written down.

Be careful with your error messages

Keep error messages as generic as possible. Whilst you may want to be helpful to users, don’t give away too much information which a hacker can then exploit. For example, when entering a username and password, the error message should be a general error if entered incorrectly. Saying that the password is wrong but the username is right will mean the hacker can focus on that username.

Installing Hyper Text Transfer Protocol Secure (HTTPS)

Does your site need to operate with https? Hyper Text Transfer Protocol Secure is the way data is governed when it passes between the website and the user. It is advisable for sites that collect and transmit personal information to encrypt the data ensuring it remains private as it travels between the server and the user.

“You can make your site secure with HTTPS (Hypertext Transport Protocol Secure), which protects the integrity and confidentiality of your users’ data. For example, when a user enters data into a form on your site in order to subscribe to updates or purchase a product, a secure site protects that user’s personal information and ensures that the user communicates with the authorized owner of the site.” Google

 Installing additional security plugins

You should discuss with your web developer what additional security plugins they intend to install.  Security plugins can help reduce the risk of your website being hacked offering several features to make your website more secure from known vulnerabilities.

Some examples we use on WordPress:

  • Wordfence: offers a firewall which prevents the website from being hacked, it scans the site searching for malware and alerts the webmaster quickly in the event the site is compromised.
  • iThemes Security– Away Mode: as most cyber-attacks happen at night this plugin disables access to the WordPress Dashboard for a specific period. 

Google Console

Check your developer has registered your site with Google Search Console, this is a free service offered by Google that helps you monitor and maintain your site’s presence in Google Search results but also lets you easily monitor and resolve security issues, such as hacking and malware.  Once your account is set up then make sure you have access to the account log-in details in the event of your site being hacked.

61% of webmasters who were hacked never received a notification from Google that their site was infected because their sites weren’t verified in Search Console.”

Google

General Security practices for daily users

Keep your website software updated

Hackers use ‘script’ to scour the internet in an attempt to find website security issues in software. To help prevent this you should always make sure that your software version is up to date. Popular Content Management Systems like WordPress are constantly working to patch up security issues so keep a regular eye on your website dashboard which will notify you of the latest updates.

Update third party plugins

Keep third party plugins updated.  These are pieces of code added to your site that allow you to alter and add to your site, keeping your plugins at the latest versions will help prevent hackers finding weaknesses in the code.

Passwords

Keep your passwords safe, don’t share them with anyone.  You should also learn how to change your password so you can do this regularly.

Phishing Emails

If users receive an email asking to confirm their identity or to share sensitive information they need to be 100% confident the sender is legitimate.  It’s advisable to never give out confidential information like passwords, credit card numbers, or even your birth date.

Think before you click:

  • If you receive a strange or suspicious email containing a link or attachment and you’re uncertain of who it’s from or exactly what it is, do not click on it. A quick call to the person who sent you the email can clarify if it’s legitimate. If you receive something you believe to be a scam email – delete it and remove it from your ‘deleted emails’ folder.
  • If you suddenly find that there are files that you can no longer open, or that appear corrupted, or if a warning appears on your screen saying your files are encrypted, turn off your machine and let your IT support provider know immediately so that they can take the correct measures to reduce the security risk.

What to do if your website is compromised?

  • Your first action should be to contact your hosting company as they may be able to help you recover your site more quickly
  • Get your website taken offline, this will help to prevent any further damage to your search rankings but also prevent any users being infected if malware has been installed.
  • Ensure all your user accounts are checked, that there are no unknown users and reset all passwords
  • Check to see if you have any out of date software
  • Log into the Google Search Console and review the Security Issues to find out the details of the attack.
  • Get your site scanned & cleaned of all the hacked content, consider using a security expert who will be able remove tiny scraps of malware and also detect how the hackers gained entry and secure your site.
  • Submit a request and review in the Security Issues section in Search Console when your entire website is clean and secure. After Google checks that your site is fixed, they’ll remove the “This site may be hacked” message.
  • Google is not going to rank websites which are unsafe so it is best to get it sorted as soon as possible.  Once your site is back up and working you should keep a close eye it to make sure you have properly fixed the issue and the hackers cannot regain access to your site.

Twitter for Schools: Practical Tips To Help You Manage Your Account

by | Jun 21, 2017

Twitter for Schools: Practical Tips To Help You Manage Your Account

Red Desk have been working with Islington Schools and have developed this document called “Twitter for Schools” as a one-stop checklist to help you manage your school’s Twitter account in a practical manner.

  1. Optimise your profile: Your Twitter profile creates a first impression, so it’s important that you optimize your online presence. Consider your twitter account an extension of your website & an important part of your online reputation. When creating a twitter ID make it as similar to your website url as possible, this will assist with your online presence.  When you are creating your twitter account you can decide whether to make it public or private, this will depend on how you wish to use twitter.
  2. Connect with other professional bodies and organisations: As well as using twitter to connect & share with parents & the local community you can also use it to connect with other schools & educational bodies to share ideas.  Follow other like-minded accounts that you can engage with in the future.  
  3. Hashtags: Hashtags ensure that your content is as discoverable as possible, and enable you to connect with like-minded users. Create your own hashtag for your school or project but be sure to search the hashtag before you begin using it and make sure it is not being used for an unrelated conversation.
  4. Create lists: Lists allow you to group relevant accounts you follow. Once you have grouped important accounts you can go directly to those lists ensuring you don’t miss any relevant content.  
  5. Mentions: If you see content that adds value, give credit where it is due. ‘Favourite’, ‘quote’ and ‘retweet’ tweets that you find helpful, this practice will help you gain followers and build online relationships.
  6. Notifications: This is where you will see any tweets that have mentioned you, check your notifications feed regularly & respond where necessary. Twitter have recently introduced new filtering options for your notifications to give you more control over what you see from certain types of accounts, like those without a profile photo, unverified email addresses or phone numbers.
  7. Use images: It’s a fact that Tweets including images receive more engagement, which is reason enough to make sharing images and videos on Twitter a priority. Ensure that you adhere to your school policy on publishing pupil photos. IF you post pupils photos you need to have signed permission to use those students (and staffs) photos online.
  8. Scheduling: To save time, it’s a good idea to schedule tweets. By planning for Tweets to go out at peak times, you can ensure you are improving visibility. Use a social media dashboard such as Buffer or Hootsuite
  9. Pinned Tweet: Important content can be pinned to your profile.  A pinned tweet will remain just under your profile rather than moving down your profile feed, ensuring anyone viewing your profile will see it.
  10. Share responsibility: Decide who will be tweeting, having more than one member of staff responsible for tweeting will not only spread the work but make for a more interesting account.

 

twitter for schoolsOther Useful Tips:

Follow @TwitterSafety: Tweets the latest safety tools, resources, and updates from @Twitter.

Moments: Twitter Moments are curated stories – create your own Twitter Moment. You can access Moments at the top of your profile page. To get started all you need is a title, description, tweets, and a selected cover image.

Set Up Twitter Analytics: Use Twitter Analytics to see how your tweets are performing, you can pin successful tweets to the top of your profile or create similar content to improve your account.

Networking Hours

You can virtually “network” on Twitter by using certain hashtags at specified times ie #NorthLondonHour (Monday 9-10pm) so do research which hours might be relevant to your industry/area.  It’s a great way to gain new followers and increase your content reach.

Be consistent

When users want to clean up their twitter accounts the first thing they do is unfollow accounts that have not tweeted in the last 30days (Tools like Manageflitter can be used to do this ) Whether running a personal or professional account, commitment to posting is important to ensuring you continuously add value to your followers.

Focus on quality over quantity

As with most things in life, when it comes to your Twitter strategy you should place more importance on quality over quantity. While it is, of course, tempting to focus on your number of followers, ignore this number and instead dedicate time to building quality relationships with other users of relevance.

Have patience

While we all love instant gratification, patience with your social media approach is key. In recognizing that you will not instantly gain thousands of followers, retweets, or favourites overnight, you are able to concentrate on building value through engagement and content, which will help your number of quality followers and interactions flourish organically.

Keep it short

We’ve all seen those unfortunate tweets where the 140 characters are mostly used up by a lengthy URL. Use a tool like Bitly to shorten your URLs

Initiate conversations

While it’s all well and good to simply favorite a tweet that somebody mentions you in, by taking it that one step further and initiating an actual conversation with that user you are showing a dedication towards engagement that many others neglect.

Even in offering a simple “thank you for sharing!” or asking them what they took away from your post, you are helping open up windows of communication that would otherwise remain closed, thus establishing irreplaceable rapport that will potentially help you in the future.

 

Twitter Glossary

Tweet: A Twitter message. Tweets can contain up to 140 characters of text, as well as photos, videos, and other forms of media. They are public by default and will show up in Twitter timelines and searches unless they are sent from Protected Accounts or as Direct Messages.

Retweet: the full Tweet appears in your timeline in its original form, complete with the author’s name and avatar.

Quote Tweet: A way to retweet where a user can include their own comments along with the tweet.

Feed: The main place where the steady stream of updates and information from other users is presented to you. On Twitter, your Twitter feed shows updates posted and shared by those you follow.

Handle: Handle is another way of saying your account name. It’s important that you try and maintain consistent handles on all of your social network profiles, since people who follow you on Twitter might want to find you on Instagram or Pinterest. A consistent handle helps with discoverability.

Mention: The act of tagging another user’s handle or account name in a social media message. Mentions typically trigger a notification for that user and are a key part of what makes social media “social.

Trends:  A list of the top tweets for that day, based on your interests.  You can edit this list if Twitter is not showing you relevant tweets.

Direct Message: A direct message (DM) is a private Twitter message sent to one of your followers. Direct messages can only be sent to a Twitter user who is already following you, and you can only receive direct messages from users you follow.

Hashtag: The hashtag is a word or phrase preceded by the “#” sign. Hashtags are a simple way to mark the topic (or topics) of social media messages and make them discoverable to people with shared interests.

Quote Tweet: A way to retweet where a user can include their own comments along with the tweet.

Mute: Muting a user on Twitter means their Tweets and Retweets will no longer be visible in your home timeline, and you will no longer receive push or SMS notifications from that user. The muted user will still be able to favorite, reply to and retweet your Tweets; you just won’t see any of that activity in your timeline. The muted user will not know that you’ve muted him/her, and of course you can unmute at any time.

Block: This feature helps users in restricting specific accounts from contacting them, seeing their Tweets, and following them Accounts you have blocked cannot follow you, and you cannot follow an account you have blocked. Blocked accounts do not receive a notification alerting them that their account has been blocked. However, if a blocked account visits the profile of an account that has blocked them, they will see they have been blocked (unlike mute, which is invisible to muted accounts).

Verifying : The blue verified badge   on Twitter lets people know that an account of public interest is authentic. Twitter approve account types maintained by users in music, acting, fashion, government, politics, religion, journalism, media, sports, business, and other key interest areas. If you believe your account is of public interest and should be verified you can request verification.

 

Useful Links: 

https://blog.twitter.com/2017/our-latest-update-on-safety

https://support.twitter.com/

Get In Touch

07989 683569
mel@reddesk.co.uk

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

Get In Touch

07989 683569
mel@reddesk.co.uk

Share This
Call Now Button