IMPORTANT ALERT ABOUT RANSOMWARE AND YOUR SITE
Ransomware, once a menace mainly for consumers, has recently become a significant threat to business websites, even small ones. Please read the following important notice about this new risk and our recommendations for mitigating it.

WHAT EXACTLY IS RANSOMWARE?
Ransomware is a form of malware that encrypts or hides a victim’s files. The attacker then demands a ransom from the victim to restore access to the data, usually via bitcoin payment so the attacker can remain anonymous.

HOW RANSOMWARE WORKS
Hackers, employed by sophisticated criminal enterprises and governments like China and Russia, continually attack websites until they gain access. Once inside a website’s administration panel, they kidnap the site’s data files (by moving them or encrypting them) until a ransom is paid to release them.

In the case of most Desktop Solutions clients, the files affected could be a database of items in inventory system, or simply pages in a WordPress website. But the most important thing to know is that at the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker. The user is presented with a message explaining that their files are now are now inaccessible and will only be decrypted if the victim sends an untraceable Bitcoin payment to the attacker. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.

THOUSANDS OF ATTEMPTED ATTACKS IN THE LAST TWO WEEKS
Unfortunately, we have experienced thousands of attempted attacks in the last two weeks. Through diligent monitoring and mitigation tactics, we have been able to thwart all the attacks to date and keep our clients’ sites protected. Part of this Since attacking small business websites is a very new phenomenon, we have reported our findings to the OWASP and the FBI.

WHAT WE’RE DOING TO PROTECT YOUR SITE
In an effort to protect our clients’ data, we have made significant changes to our data back-up systems. We are now storing all site back-up materials on a separate server, so your data is better protected in the event of an attack.

ADDITIONAL SECURITY MEASURES WE RECOMMEND
Although we have taken measures to protect our data servers from these attacks, we strongly advise that all clients take the following actions:

Improve passwords and update them monthly:

1. Make sure your password is a combination of alphanumeric characters, symbols, upper and lower case characters and is at least 12 characters long.
2. Do not use the same password for all your different website logins.
3. Change your passwords monthly to keep them doubly secure.
4. Store users’ passwords in encrypted form. This ensures that even if there is a security breach, attackers do not get their hands on actual user passwords.
   Upgrade to two-factor authentication
   We recommend that all client sites implement two-factor authentication for all logins. That means we’ll install an additional security feature on your site, that requires you to enter an additional code to login to the site, usually sent to your cell phone via text message.

More frequent back-ups
We currently back-up all sites daily. If you’d like us to increase the frequency of back-ups, we can prepare an estimate to accommodate the frequency of your changes.

Add a web application firewall to your hosting package
A Web Application Firewall (WAF) inspects incoming traffic and weeds out malicious requests –- before a hacker gets to your site. These could-based systems are available to add to your site for a small monthly fee added to your hosting.

WHAT HAPPENS IF YOU DON’T IMPLEMENT THESE RECOMMENDATIONS?
Implementing these recommendations can allow you to avoid or mitigate the effect of a ransomware attack. Without them, should an attack occur, your site could experience prolonged downtime (24 hours or more) while we work to restore your data. And, without a recent back-up, some of your data could be lost forever. We also reserve the right to charge standard hourly labor rates for restoration of your data.

To learn more, please consult the following article, courtesy of ZDNet.

To discuss options for your site, please contact Lyn Nielsen at [email protected] or 631.428.4654.

We’ve been working remotely since 2007, so we’d like to share some tips on making your work-at-home experience as productive as possible.

Hardware: Most people have a laptop that they can use in any room of the house, but some people will need additional hardware like pcs, printers and scanners for team members to work effectively from home. Companies like Xerox are offering surprisingly inexpensive work-at-home packages to get you up and running quickly.

Online Meeting Software: Most people are using Microsoft Office at this point, but not everyone uses the Teams tool. For internal meetings especially, this tool is great for group chats, group voice calls and screen sharing. The old saying, “A picture paints a thousand words”, holds true. Sometimes there is no substitute for seeing someone else’s screen when trying to explain something.

Another great tool is Slack. It has some additional tools for classifying projects, organizing conversations and storing information and files in a searchable archive.

For outside clients, online meeting tools are a great way to do make presentations, address technical support issues, do product demonstrations, and present proposals. I have used almost every tool out there including Gotomeeting, Skype, and Zoom. I prefer Gotomeeting personally, as I like its ability to switch back and forth between presenters, draw on the screen, and record important meetings. I rarely use the webcam feature on any of these systems, as I feel they are a bit jumpy and distract from the meeting content.

Create an agenda: Ever been on a conference call where the presenter rambles on with seemingly no point? Me too. It’s one of most people’s biggest pet peeves. Whatever technology you are using, stop to create a quick agenda of topics to cover before you begin the meeting. I will keep everyone on track and help you develop a reputation for being focused and professional.

Know when to use what tool: It’s great that we have this technology available to us, but let’s face it, sometimes it gets on the way. I often find that for quick questions, a phone call is often faster than a lengthy email or an online meeting. Most people are busy, and appreciate brevity when it’s called for.

Minimize Distractions with a Structured Day: For some people, the flexibility of working at home can also mean being distracted by kids home from school, household chores, and other day-to-day things that you don’t have to worry about in your office. To keep you focused, I recommend using what I refer to as a ‘structured day’. This simply means dividing up your day into a few different parts. How long you spend on each section depends a lot on what you do, so keep that in mind.

Part One – Responding, organizing and meetings. The couple of hours of each day, I spend my time reading and responding to emails, making phone calls, having meetings, organizing tasks, and getting things in place to move to the next part of the day, which I refer to as ‘groove time’.

Part Two – Groove time. This is the part of the day where I produce work. For me it could be writing a marketing plan, doing research, designing something, writing copy, or posting on social media. For you it may be totally different, but regardless of what you do, it is supposed to be uninterrupted time to concentrate on whatever you are working, without distractions like the answering the phone, checking email, having meetings or dealing with the kids. It can be as short or as long as necessary – whatever it takes to accomplish what you’ve set out to be done that day.

Part Three – Clean up, more meetings and planning. I usually reserve a couple of hours toward the end of the day to respond to emails and calls that came in throughout the day, have more meetings if necessary, and organize tasks and materials for the next day.

For more information about tips for working at home, NPR has a great article.

Due to some recent court decisions in California and Florida, we are advising that all clients consider making their websites ADA compliant. Although no definitive regulations exist yet, two of our clients have received letters from attorneys seeking damages on behalf of blind clients
who cannot access their websites. According to the legal experts we consulted, the combination of these court decisions in the absence of specific laws, means that these suits may have merit.

To avoid incurring costs for legal fees and damages from sight impaired visitors, we strongly recommend that you consider revising your site to be compliant with ADA guidelines before you receive a demand letter. The scope of work required for your ividual site will probably require a quotation based on its functionality and design. To get an idea of the steps required, feel free to test your site herehttp://wave.webaim.org/

To receive a complimentary estimate to make your site compliant, please contact Lyn Nielsen at [email protected] or 631.428.4654.

Recent changes in Google Chrome might mean you should purchase a secure certificate to prevent your search engine rankings from declining.

What Is HTTPS?
The “s” at the end of the “http” part of a URL means the website is secure. When installed on a web server, an SSL certificate activates a secure protocol that allows secure connections from a web server to your browser. This ensures that a user’s activity cannot be tracked, that their information stolen, and that data files cannot be corrupted as they’re transferred. But having (or not having) an SSL certificates can also affect search engine rankings!

How does HTTPS impact SEO?
Google has encouraged webmasters to make the migration to a secure site for a while now and is now giving an increasing amount of weight in ranking boosts to websites that are HTTPS. Although only less than 1% of all websites are secure 40% of Google’s page one organic search results feature an HTTPS site.

We can convert your site to SSL for as little as $149.99, which includes the cost of an SSL certificate plus the labor to update all your page addresses. Call Lyn Nielsen at 631.493.3422 x 101 for more information.

Why Video Marketing?
Because of its ability to inform, entertain, motivate and inspire, video is one of the best ways to build your brand, engage new customers and improve your search engine optimization. With approximately 500 million viewers per month, YouTube is currently the second largest search engine on the planet proving that customers like and are looking for video. Statistics show that video helps customers engage with your site more effectively and spend more time on your site once they get there.

Video Gets You Ahead of Your Competition

Multimedia content has a big impact on your company’s credibility. For instance, consumers are more likely to retain information when it’s alongside some form of visual medium. According to a recent survey by Animoto, “71 percent of consumers say that videos leave a positive impression of a company.” Cisco estimates 80 percent of consumer Internet traffic will be made up of online video by 2019.

Video Increases Customer Engagement.
Social networking sites such as Instagram, LinkedIn and Facebook (to name a few), have the ability to provide video to massive audiences and increase customer engagement because we like, comment and share on the things we find helpful, entertaining or informative. Some social networks even have the ability to target specific types of customers or industries making video an excellent way of marketing and communicating with your customers.

If you’re looking for video marketing in the New York City or Long Island area we are here to help. We can help you produce high quality, affordable videos, create and optimize your YouTube Channel, and develop a video internet marketing strategy to build your audience.

If you are interested in an affordable digital video package, please feel free to call us at 631.493.3422 x 101.

Given all the news of late about hacking and its potentially harmful effects, we thought outing together a useful guide to hacking would be helpful to our clients.

In computer networking, hacking is any technical effort to manipulate the normal behavior of network connections and connected systems. A hacker is any person engaged in hacking. The term “hacking” historically referred to constructive, clever technical work that was not necessarily related to computer systems. Today, however, hacking and hackers are most commonly associated with malicious programming attacks on the websites, email accounts and other computer networks.

Common Network Hacking Techniques
Hacking on computer networks is often done through scripts and other network software. These specially-designed software programs generally manipulate data passing through a network connection in ways designed to obtain more information about how the target system works. Many such pre-packaged scripts are posted on the Internet for anyone – typically entry-level hackers – to use. More advanced hackers may study and modify these scripts to develop new methods. Hacking techniques on networks include creating worms, initiating denial of service (DoS) attacks, or in establishing unauthorized remote access connections to a device.

What do they want with my website?
You might now be wondering what this has to do with your company website that does not store users’ credit card information or nude pictures of Scarlett Johansson. Well, hackers can turn your website into an advertisements for questionable products like designer-imposter handbags or porn sites. By injecting your site with their content, they are hoping to use your good search engine positioning to improve theirs, by leveraging Google’s in bound links algorithm. They can also hijack the hosting server to be used in botnet DDoS attacks on other servers, meaning that they use your server’s address to cover their trail. And even worse, they can hack into your website databases and destroy or manipulate important information, or even send sensitive user data to other hackers.

Protecting Against Hacking
Luckily there are things that you can do to secure your website from hackers and becoming a target for online vandals. Here’s a roundup of the easiest steps you can take:

1) Keep All Software Updated
Whether your website was built from scratch by your development team or you chose to create a DIY site on a third party turnkey platform, as a site owner it’s your job to ensure that every piece of software you run is up to date. At Desktop Solutions, we run round the clock diagnostics on all of our servers, and install regular security patches and updates to all content management systems to make our sites less vulnerable to these attacks.

2) Use Strong Passwords, Change Regularly
Using strong passwords is an effective way to limit if not completely eliminate brute force and dictionary attacks. Strong passwords are not just a requirement for your email or financial transactions online, they are also imperative for your website server, admin and database passwords. Make sure your password is a combination of alphanumeric characters, symbols, upper and lower case characters and is at least 12 characters long to prevent brute force attacks.
Do not use the same password for all your different website logins. Change your passwords regularly to keep them doubly secure. Store users’ passwords in encrypted form. This ensures that even if there is a security breach, attackers do not get their hands on actual user passwords.

3) Switch to HTTPS
HTTPS or Hyper Text Transfer Protocol Secure, is a secure communications protocol that is used to transfer sensitive information between a website and a web server. Moving your website to the HTTPS protocol essentially means adding an encryption layer of TLS (Transport Layer Security) or SSL (Secure Sockets Layer) to your HTTP making your users’ and your own data extra secure from hacking attempts. While HTTPS is a necessity for all online transactions, the rest of the website is usually on HTTP in most cases. However, all that is about to change with Google’s recent announcement that HTTPS will be a search ranking factor. Besides the security aspect of things, it now makes even more sense to shift your entire website to HTTPS to improve your search rankings simultaneously.

4) Web Application Firewalls
Just as you lock your doors before leaving your house and install antivirus software on your desktop computer before browsing the web, you should also have a security system to serve as your website’s first line of defense against hacking attacks. A Web Application Firewall is that first line of defense. These solutions are designed to inspect incoming traffic, provide and weed out malicious requests –- offering protection from SPAM, brute force attacks, SQL Injections, Cross Site Scripting and other OWASP Top 10 threats.

Until just a few years ago, Web Application Firewalls were only available as hardware appliances, but today providers are revolutionizing the industry by using cloud technology to cut down prices of security solutions previously found only in enterprise level setups.
Consequently, all website owners can now “rent” a cloud-based Web Application Firewall, without committing to pricey security appliances or even owning a dedicated hosting server. Better yet, these plug-and-play services don’t require you to hire security experts or attempt to learn every aspect of web security. (Most of us just don’t have the time to become cybersecurity experts too.)

With hundreds of thousands of websites hacked every year, it’s becoming clear that even well-managed sites and vigilant hosting firms are still vulnerable to these attacks. Cloud-based Web Application Firewalls are filling that void.

Conclusion
Most of us go through life with the philosophy ‘It won’t happen to me’. However, that philosophy has been proven not to be true in the world of online security. A successful attack on your site not only leads to compromising of users’ data and your own information, it can also lead to a blacklisting of your site by Google and other search providers as your infected site risks spreading malicious content throughout the web.
Erring on the side of caution works best in this area. Implement at least these basic steps right away, to avoid being a soft target for malicious hackers.

Desktop Solutions is proud to announce the launching of a new online brand for LIMBA, the Long Island Metro Business Action. LIMBA’s new look includes an redesigned logo and clean, mobile-friendly website. The new site is designed to highlight LIMBA’s great line-up of government, education, business, scientific, and environmental leaders that present their ideas to improve the quality of life for Long Islanders.

A new look is not the only update to this important organization. LIMBA announced recently that it will partner with premier law firm Campolo, Middleton & McCormick, LLP, Suffolk County’s premier law firm, LIMBA has expanded its reach in the community. Future meetings will feature an updated format in which CMM Managing Partner Joe Campolo will interview representatives from various levels of government, municipal agencies, and the local economy on issues of importance to Long Islanders. The first joint meeting will feature U.S. Congressman Lee Zeldin on Friday, March 3, 2017 at the Courtyard Marriott in Ronkonkoma at 8:00 a.m.

LIMBA officers and hosts Ernie Fazio and Bill Miller also announced the expansion of LIMBA’s Board of Directors to include representatives from various segments of the community including Desktop Solutions own Lynellen Nielsen.

Thanks to professor Tony Scarlatos from Stony Brook Computer Science Department for asking Desktop Solutions’ Frank Imburgio and Lynellen Nielsen to guest lecture on web interface design. We were honored to speak with seniors in the multimedia lab about user interface best practices and real world design challenges.

When Wacoal America’s e-commerce division was searching for a more effective email marketing platform, they called on Desktop Solutions to help them source, select and implement a new solution. After an exhaustive discovery and research process, Desktop Solutions was happy to recommend Bronto Software, the leading worldwide supplier of commerce marketing automation software.

What exactly does Bronto offer?

Deep customer insights – Bronto helps capture a complete picture of the customer, including demographic data, shopping and purchasing behavior, and order data. Use the data to create more targeted, behavior-based marketing.

Effective targeted messages – Bronto allows you to use customer’s profile to design and deliver the most relevant, automated omnichannel marketing campaigns.

Effectively engaged customers – Bronto uses simple drag-and-drop tools to create sophisticated, omnichannel campaigns based on customer behavior, order history, and product availability and price, and always deliver the right message at the right time.

Measure success at every step – Auto-calculate the performance of campaigns to get the insights you need to continually improve your messages – and increase revenue.

If you are interested in getting more out of your e-commerce marketing, please feel free to call us for a complimentary consultation at 631.428.4654.