Firstly to clarify, what happened to the people who have been impacted by the latest WannaCry Ransomware attack such as those having hospital appointments cancelled and suchlike is nothing short of a tragedy. I really do feel for the end users who have been impacted by this latest cyberattack that has spread so far and wide and has impacted people on a personal level. This rant below is not about the people who have been affected, this is about those organisations who quite simply have failed to protect their self against such threats due to poor security measures. Everything related to the latest WannaCry Ransomware attack is preventable.
Companies and organisations that have been impacted by the latest WannaCry Ransomware, I have one thing to say to you and that is that I honestly have no sympathy if you have been breached and have quite frankly failed to protect yourself. It’s the same situation whereby homeowners get burgled when they have left their front door unlocked and open, whereby car owners get their cars stolen in Winter when they have left the keys in the car running on the driveway for a chancer to take advantage of, whereby a car driver fails to wear their seatbelt, has an accident and injures their self. All of these things are preventable and most importantly, we all know what we should be doing in these situations so when the correct procedures and best practice aren’t followed, should we really have sympathy for those who have attacked by the latest WannaCry Ransomware?
Within 48 hours of being launched, WannaCry impacted over 200,000 computers in over 150 countries around the world. The WannaCry Ransomware was exploiting a known vulnerability in the Microsoft Windows operating system, a vulnerability that has been known about for at least 2 months publicly and much longer within the National Security Agency (NSA) which actually built a tool named EternalBlue which WannaCry is built upon.
This is a known vulnerability that organisations have simply failed to take seriously and act upon which is why I have no sympathy for those organisations impacted by the latest WannaCry Ransomware. The latest versions of Windows run automatic security updates and patches which means that as soon as vulnerabilities are known about, they are patched almost immediately and help to keep your company and organisation safe. In the situation with many of the NHS breaches, this comes down to computer systems and hospital hardware such as X-Ray Scanners running unsupported, vulnerable and unpatched versions of Windows XP. That’s right, an operating system that was launched in 2001, over 16 years ago, and has not been officially supported by Microsoft for over 3 years.
While organisations that have been impacted may indeed WannaCry while dealing with the fallout from this latest cybersecurity threat, personally I have no sympathy with those affected. Cybersecurity protection is a choice we all make. You choose either to protect yourself, or you choose not to. Clearly the right choice here is to protect yourself.
Have you been impacted by the latest WannaCry Ransomware? Then we can certainly help you resolve the issues your organisation is having and get you onto the right track to become a cybersecurity aware and secure organisation. Get in touch if you need help taking proactive measures to secure your business against cyberattacks.
You may have noticed, we take cybersecurity threats seriously which is why we ensure IT and web based systems are secure from cyberattacks. We help organisations like yours become a cyber aware and cyber secure organisation. We can only do so much ourselves, which is why we encourage organisations of all sizes to start investing in cybersecurity protection before you are the latest in a long line of statistics about the disruption and impact from cybercrime. If you don’t have the skills in-house to deal with issues like this, you need to be working with a company like ourselves to secure your business. You need to take the first step and reach out to IT security companies and ask them to help you to secure your systems. I write blog posts like this not to criticize and point fingers, but to raise awareness and encourage more businesses and organisations to become more cyber aware and secure.
We also sent out the email below to our mailing list who receive priority information on threats like this. If you aren’t subscribed yet, then make sure you fill out your email address in the footer.
WannaCry Ransomware and the NHS
As you will have likely seen on the news over the weekend there has been one of the largest Ransomware attacks in recent history which completely took offline the NHS, many local authorities throughout the UK and has now spread to over 150 countries around the world impacting over 10,000 organisations. As a business, you need to ensure you are protecting yourself against threats like this.
What is WannaCry and Ransomware?
WannaCry is the name of this specific piece of software that has been created by hackers which belongs to a group of cyber security threats known as Ransomware. Ransomware is when a piece of software holds your company to ransom by encrypting all of your data on your entire company systems (file systems, email systems, in-house servers etc.) and you can only gain access to this again by paying these hackers money for them to unlock your files. Money is often paid in cryptocurrencies such as Bitcoins as they are untraceable.
How to Protect Yourself Against Ransomware
Protection against threats like this is actually relatively straight forward. You must be taking proactive steps on a weekly basis to keep your IT systems up to date, patched and secure. Do not expect that either your IT person or your IT Support provider is handling this for you, you need to know exactly what processes are in place for these areas of protecting your business.
Secondly, staff training is extremely important to protecting your business from cyberattacks such as Ransomware. No matter how secure your IT systems are, if unaware staff open an attachment on an email or click on a link they believe to be genuine, this can bring down your entire company systems and stop work altogether. This in itself is not only costly in the form of not being able to work, it is even more costly to resolve situations like this after they have happened. Prevention and protection is always cheaper than the cure.
What to do Next?
As a business you should be investing in regular IT security support which helps to protect your systems from threats like this. This doesn’t have to break the bank either, the systems and technologies that are available today are a fraction of the cost they were 10 years ago which makes them affordable to businesses of all sizes. – Find out more
As a business you should be investing in regular staff training on cyber security threats to minimise the risk of one of your members of staff causing a damaging cybersecurity breach within your company based on lack of awareness. A workshop run at your premises or one of our group based sessions are prefect for companies of all sizes. – Find out more
We cannot stress this enough, when you are proactive dealing with cybersecurity threats, your organisation will be safer. Simply sticking your head in the sand and thinking that it will never happen to you has proven on many occasions to be a very bad decision and virtually always results in a cyberattack happening.
Travel is a competitive market, so it is important that your brand stands out from your competitors when customers are searching on Google for queries such as “Holidays to Kefalonia” and similar review type queries. Rich snippets are a great way to highlight your brand amongst your competitors which can generate additional traffic to your website from Google, leading to increased sales and enquiries.
So what are Review Rich Snippets and when do they show?
Rich Snippets are a form of structured data that simply helps Google to understand what the content on your website is about. There are Rich Snippets for a variety of areas and the one we are going to cover today is specific to highlighting review information on Google. What this means in practice is that when customers are searching for queries such as “Holidays to Kefalonia” or “Holidays to Kefalonia Reviews” there is a greater chance that Google will highlight your website with stars next to your listing as can be seen in the image below;
As you can see here, your eyes are instantly drawn to the listing that stands out from the others with the star ratings. In essence Review Rich Snippets require each individual Review to be marked up along with aggregating this data into an overall review based on all the review data. This information can be from your previous customers who have been on one of your holiday packages, so it is essential to be collecting this data from your customers at the earliest available opportunity.
How to Mark Up Review Rich Snippets
There are many ways to marl up Review Rich Snippet content which gets rather technical, so we’re only going to skim over this information as we don’t want to bamboozle you with the finer technical details. For the purposes of this blog post we’ll use the Greeka.com website as an example and take a look at what they have done to implement Review Rich Snippets on their travel website.
Firstly what you’ll notice when you visit their website is a listing of review information as you would expect to see as a user;
What’s important to note here is two pieces of information. Firstly, you will see the overall reviews listing at the very top which states that there are 71 reviews in total with the average being 5/5 for the reviews that have been left. Then beneath that you’ll notice an individual review that has been left by a customer. As a user, you’ll never notice Review Rich Snippets are there which is exactly why they exist. Review Rich Snippets for travel websites are in the code in the background which is telling Google that there are reviews associated with this specific item such as a holiday package, a resort, a restaurant or a specific hotel for example.
Here’s what this looks like in the background, the code below relates to the aggregate reviews which are what is showing on Google;
What you’ll notice is that there has been specific pieces of code wrapped around the content on the page which state that the destination has an average review of 5/5 from 71 people. When you read through the code you’ll notice there are specific pieces of information such as ‘best’ and ‘average’ and ‘votes’ etc. It is this information and more that Google is using to generate the visible star ratings on the Google search results that customers see when they are searching for travel companies.
Likewise you’ll also notice when reading through the code on the page that each individual review also has specific Review Rich Snippet data marked up around it too as you can see in the image below;
With information such as ‘reviewRating’ and ‘worstRating’ and ‘ratingValue’ for example being some of the key pieces of information Google requires to be able to see how the overall review ratings have been calculated.
Ok, that’s enough code for now. In essence, to get Review Rich Snippets and star ratings showing on Google it is important that you implement the code correctly which ties in closely with the technology that is powering your website. There is no one-size-fits-all approach here as every website is different.
If you’d like to implement Review Rich Snippets on your travel company website then get in touch and we’ll work closely with you to implement Review Rich Snippets so you can stand out from your competitors and boost website traffic and sales.
By default MySQL FULLTEXT search will not search for words that are less than 4 characters in length. For many things this can be great as many words less than 4 characters are generally stop words such and often aren’t valuable, for example words such as, the, and, if, on, etc. Although this isn’t always the case and in certain circumstances small words are actually really important. For example, let’s say you’re looking for a new developer job using any of the following technologies, ios, php, C#, .Net, ASP, etc. In these cases, the default MySQL FULLTEXT search default minimum characters actually prohibit results being found, which isn’t a great user experience. As such, you may want to update your MySQL FULLTEXT search functionality to enable smaller words to be searched for while quality results are being identified.
Edit My.cnf File
The my.cnf file on your web server generally sits under /etc/my.cnf and allows you to customise your MySQL configuration. You can edit this file by logging into your web server using SSH, navigate to the correct folder and run the command pico my.cnf which will allow you to edit the file.
Now you need to add the following line of code at the bottom of the fie which will allow MySQL FULLTEXT search to search for words with a minimum word length of 2 characters, ft_min_word_len=2
Once you have completed this, save the file.
Next you need to restart the MySQL service using the following command, service mysql restart which will ensure that the MySQL service will use the new configuration data once it has restarted. Should you experience a problem restarting MySQL, then remove the code you just added in the my.cnf file or comment out the code with a # at the start of the line. If you’re not aware, the following commands also exist which can come in handy should the MySQL service not restart smoothly, service mysql stop and service mysql start.
Rebuild All MySQL FULLTEXT Indexes
Finally you need to rebuild all your MySQL FULLTEXT indexes that you are using on your database. If you only need the smaller words to be searched on specific tables, then you clearly don’t need to rebuild the ones that aren’t relevant, although it can be handy as this could save you hours of debugging further down the line if different tables are using different minimum word lengths. Login to your phpMyAdmin if you’re running this on your web server to access the MySQL database then run the following command on which ever table you want to update, REPAIR TABLE <TableName> QUICK;
All done! Now your MySQL FULLTEXT Search will be able to search on smaller words than previously.
Some additional resources that can come in handy include official documentation about how to fine tune MySQL FULLTEXT searches.
Digital technologies, online marketing and cyber security is at the forefront of the world we live in for businesses looking to connect with their customers, grow their market share and keep customer data secure from cyber criminals. What this means is that many of the services we offer can often be confusing to businesses who aren’t heavily involved in this work on a day to day basis. That’s why we’ve hugely simplified our service offering to help businesses like yourself understand what we actually do and most importantly, how we can help your business grow.
Sectors We Help
We work with businesses of many varying shapes and sizes. We understand the following industries through and through which means that if you are working in one of these industries, then we can help your company with digital services;
What We Actually Do
In essence, we do three core activities, we build things, we make them perform with digital marketing and we keep your customers data secure online.
As can be seen as you browse around the website, high quality work with a results driven focus is at the forefront of what we do as we work in partnership with companies like yourselves who are ready to take your business to the next level. We don’t built cheap websites and we don’t offer cheap discount services because quite simply, you get what you pay for when working with cutting edge technology for your business. We pick up a lot of projects when others have failed to deliver.
Ready to take your business to the next level? Then drop me an email directly, firstname.lastname@example.org. I’d be happy to meet for a no obligation consultation and talk through where you are looking to take your business over the next 12 months and how we can help you along that journey.
For those of you using Microsoft Exchange for your email platform, be aware of the latest phishing email going around telling you that you;
“Your email have exceeded maximum disk quota allocated, we require re-activation to continue using mail service…. Our system will automatically purge out mail that have exceeded quota, to avoid this please kindly follow our instruction.”
As always, if any email looks suspicious, never click on any links that you see. In this particular case, the email ‘from’ address which has been blurred out above is clearly not from Microsoft, it was from an IT company based in Australia. It is likely they have been hacked their self then their web server was used as a way to attack more businesses. While the ‘from’ email address can be easily faked, when the from email address is clearly not from where you would expect, this is a clear sign that this email is fake. In addition to this, when you hover over the link in the email, the link URL is to a strange website with a lot of random characters which is another clear sign that this email is a phishing scam.
Always keep an eye out for phishing scams like this
You may have recently received an email from Google Search Console warning you that your website is being flagged as Non-Secure Collection of Passwords as can be seen below;
If you have been sent a message like this, you need to act before it is too late. You have received this message because your website is running over HTTP instead of HTTPS on pages that you collect sensitive information. Whenever either you or your users enter sensitive information on any website using HTTP, i.e. http://www.contradodigital.com/wp-login.php then this information can be seen in transit by anyone listening in on the network.
What you need to do
The solution to resolving these warnings is actually relatively simple. If you want to have a go at this yourself, then make sure you claim your free SSL certificate and update your website accordingly. If you need any help implementing this then get in touch and we can help you with the process.
Google Search Console, formerly called Google Webmaster Tools, has started to inform WordPress website owners when security updates are available. This is a great effort by Google to help website owners and businesses keep their websites safe and secure with regular WordPress security maintenance.
While this is a great step forward, as a business owner you must not wait until you see these kinds of messages from Google until you take action to update your WordPress website. These messages are purely focused at the WordPress Core files, which is only a small part of WordPress security. If you think of security like you would with a building, imagine WordPress Core files being your front door. Just because your front door is locked, it doesn’t mean that you haven’t left your windows, back doors, side doors and garage unlocked and open. It is the same concept with WordPress security. You must be taking proactive measures to protect your website against hackers.
If you aren’t sure how to go about dealing with WordPress security, then fear not, drop us an email and we can talk you through the options available.
WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. If you are unsure how to deal with WordPress security updates, get in touch and we can manage your WordPress security updates for you.
WordPress versions 4.7.1 and earlier are affected by three security issues:
- The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
- A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.
- An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint. Reported by Marc-Alexandre Montpas of Sucuri Security. *
Thank you to the reporters of these issues for practicing responsible disclosure.
Download WordPress 4.7.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.2.
Thanks to everyone who contributed to 4.7.2.
* Update: An additional serious vulnerability was fixed in this release and public disclosure was delayed. For more information on this vulnerability, additional mitigation steps taken, and an explanation for why disclosure was delayed, please read Disclosure of Additional Security Fix in WordPress 4.7.2.
This is a question that has been bugging me for a while, and you know what, I still don’t have the answer to this fully. You see, working with technology and user experience on a daily basis while improving digital platforms for companies, I can’t help but get used to continually improving all aspects of a business. Yet when I look around at most companies, I see the same old companies doing the same old things time and time again, often getting busier and busier without being more efficient or growing. Now here’s the thing, it is not like there is a barrier to entry to using technology throughout a business. Costs have come down quite considerably over the last few years and there is now more than ever an enormous pool of digital expertise to tap into. Albeit, there is a hugely varying quality of digital expertise, but there is a lot available never the less. So why is it that companies fail to innovate?
I decided to write this blog post after seeing another “Look at how amazing our new website is, let us know what you think…” post on LinkedIn by a proud owner of a business. So I decided to chip in. The site was WordPress based, so far so good. Then it all kind of went to the usual problems, not using Child Themes and not using HTTPS, both of which are an absolute minimum when building WordPress websites. Yet still, the business owner shrugged off the feedback stating that they are working with a “world leading company, I’m sure they know what they are doing”. And in this case, I can honestly only say that this is purely ignorance that is leading this particular company not to innovate. Look, I’m not saying that building a website is in any way innovative, but it does tell you a lot about a company based on the way their website is built. Firstly, in this instance I can tell you that this website was put together on the cheap in an “all fur coat and no knickers” type of way. I see this a lot, and we generally work with companies around 2-3 years after they have gone down this route and realised that it doesn’t work. And what that tells me about companies who go down this approach is that they are still very much in the mindset of cost over value. Purchasing anything based on cost is a losing battle and one that will cause you no ends of problems in the long run, businesses who eventually realise this start to enormously innovate throughout their organisation which starts them on a path to significant growth as an organisation.
This is by no means a lone example though. I’d argue that most organisations fail to innovate throughout their organisation. And this is not because the innovative technology, processes or systems are either not available or expensive. I’d argue that it is because people are so busy doing what they have always done or busy talking about how busy they are that they fail to realise the opportunity that sits right next to them as a solution to their many problems. This clearly is not a technology problem, it is a people problem. It is the decisions that people make on a day to day and minute by minute basis which prevent their own organisation from innovating by keeping their self busy doing the same old same old. This is by no means a unique situation though, this is what is known as the productivity problem in the UK and something which the UK government is looking at as a priority to grow the economy. Businesses need to step up and as what one minister said “Stop being lazy”.
For anyone who is too busy to look at new opportunities, I wish you well, but for those smart enough to stop and take 5 minutes to look at new opportunities, you will be amazed about what is available when you open your mind a little and speak with companies who can help your organisation significant improve throughout. Happier, leaner and more innovative companies are the companies that people like to work with. What is clear to me on a regional basis is that cities like London and Manchester are clearly leading the way when it comes to implementing innovative solutions throughout their organisations, whereas non-city regions and counties are often much slower to adapt. I’ve come to the conclusion that this is due to the majority of businesses being run by small teams and/or families that they struggle to think differently because they make decisions purely based on their own personal past experiences, which limits their thinking. As the quote goes, “To the man with a hammer, the solution to every problem is a nail”. Often true innovation comes from talking with people who are significantly different to you, even if you completely disagree with their way of working and their beliefs. I know that personally, some of the more innovative solutions that we have implemented have been a direct result of the random conversations I have had with people who I normally wouldn’t connect with. Instead these ideas have come based on making time to speak with different people and learn from their experiences. You can learn an awful lot from others when you stop and think about a problem together.
Innovation is key throughout every aspect of your business and the more businesses I speak with I can guarantee that I could walk into any organisation and improve their efficiencies throughout their organisation, whether that is through digital solutions or process improvements. This is not being over confident, this is based on seeing so many problem which are blatantly obvious to me that never seem to get fixed or improved. Often its the simple things that make the biggest difference. The challenge is always getting companies to change. As they say, you can lead a horse to water…. To finish, I’d like to open this invitation to any businesses who is stuck in their ways and unsure what to do to grab a coffee with me. Let’s look at how we can re-shape your organisation to become more efficient whether that is through digital technologies or otherwise. We can’t do this for you, but we can help you open your mind. Let’s chat.
We’re working on exciting projects with forward thinking companies as always. Becoming a forward thinking company is simply a mindset change required from those at the top of the organisation.
There has been a fix come out which patches a sever vulnerability in the OpenSSL technology in use on many Linux web servers. Be sure to update your web servers to prevent this vulnerability being exploited. For a full technical write up on the vulnerability, head over to Threat Post who have covered the topic in great detail.
The vulnerability was first identified by an information security engineer at Google.
What do you need to do?
Install the latest OpenSSL patches available on your Linux web server. Speak to your web hosting company to get this updated. Clients hosting with us, our web servers have been patched as soon as the vulnerability patch was made public.
We strongly recommend running a manual server check if an automatic patch isn’t available to you. If you have any questions regarding the vulnerability or your solution please contact me and I can talk you through the solution.