April 2015 - Top Speed Web Hosting

We saw it for the first time this weekend and because the devil is in the details, I mean in the Terms of Service, with Web.Com we just had to go look and see how this one will be biting unsuspecting business owners in the rump later.

For those who haven't seen the commercial click here.  The gist of it is they'll build you a "free" Facebook page, get it likes and manage it.  The "free" word is thrown in there a lot, but hopefully most of you realize it's not free, as in without money changing hands.

By appearance the page itself may be created at no charge, but everything after that is definitely charged for and, like other services created for business owners at Web.Com, is not owned as your intellectual property, but rather that ownership is retained by Web.Com.

Here are the clarifying bits out of their Terms of Service for "Facebook Boost and Custom Facebook Page Services":

• "with the exception of content you provide for inclusion on the Facebook Page, ownership interest to the Facebook Page, including, but not limited to, the URL address, HTML coding, scripting, copyrights, domain names, and all other intellectual property rights, shall remain exclusively with Web.com and/ or Facebook.com;"
• "if you limit Web.com's access to the Facebook Page, via changing your login credentials or otherwise, you will still be responsible for paying Web.com the related monthly service fees;"
• "upon cancellation of the Services, the Facebook Page will be deleted and will not be recoverable under any circumstance."

Well there it is in a nutshell - it's not really free, you don't own it, and should you decide to no longer utilize their service it will be permanently and completely deleted. How many business owners just got duped by the offer for a "free" Facebook page?  How long will they work to cultivate their social media presence and build followers only to one day figure out it's not really their Facebook page?

So you're a small business owner you'd really like to be on Facebook and eventually some of the other social media platforms, Google+, LinkedIn, Pinterest, Instagram, etc, but if Web.com isn't the way to do it, where do you go to find the right company to help you?

For starters stay local, it may be an online world, but it is still good to do business with someone you can meet face to face with. In every community there are numerous companies that work with businesses social presence every day.  Some may specialize in social media management, some may do social media management along with website development.  If you're struggling to find the right company for you, call a local computer repair shop they should be able to provide you several names of companies in the community to talk to.

If you've discovered you're in need of these services Right Now, in the Reno area take a looking at Waking Girl or MarkUBiz, if you're in the Las Vegas area take a look at NetMouser.

Late last year Google made an important change in their ranking system that has received relatively little coverage.  Google has added to their search ranking algorithm a query to determine if a site is being served over HTTP or HTTPS. If a site is being served over HTTPS it ranks higher.

Here's an example of HTTP vs HTTPS:

Now I'm sure you're thinking - great I can see the "S" but what does it mean?  HTTP stands for Hyper Text Transfer Protocol, when you add the "S" you're adding Secure to the Protocol.  Simply put the "S" means the site has been validated and adds a layer of encryption between your device and that website.  

The additional security has 2 main purposes, the first is to verify you are communicating directly to the server you believe you are talking to; take your banking for example, as that is probably the most important secure connection you make on a regular basis. See the examples below of a secure bank connection and a spoofed bank website, that obviously does not have security.

The second website may look like Canada Trust, but is actually going to the URL microscopix.ch and as it is not who it claims to be does not have secure protocol.

The second purpose of the additional security is encrypting the communications (i.e. your username and password, etc) and ensuring that only the server you're sending to can read what you've sent.

In a release last year Google said, "we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."  To that end they've added the HTTPS to their ranking algorithm to encourage all website owners to add an SSL Certificate to their sites.

This begs the next question, what kind of SSL Certificate does your site need?

You'll want to consider a few questions before deciding which SSL Certificate is right for your website:

1. Is your site just informational so having an SSL is really about pleasing Google?
2. Do you collect user information, through comments to your blog, or embedded forms on your site?
3. Do you accept credit card or other online payments through your website?

If your site is adding an SSL Certificate just to add to your Google ranking, adding an Easy Trust SSL for $89 will be plenty. This kind of certificate uses Domain Validation, which is quick, but only verifies the purchaser against the whois information on file for the domain the certificate is being purchased for.  If the information lines up then the Certificate is issued.

If you're collecting user information or payments you'll likely want a more robust SSL Certificate that uses more intensive validation, either Organization Validation which verifies the actual existence of the business, or Extended Validation which takes the longest, but takes the time to prove the brick and mortar existence of the business and verifies business details.  Extended Validation is the type of validation banks have, see the example above of Bank of the West's website, notice it has a green bar and lock sign showing the highest level Certificate. These cost anywhere from $179 up into the thousands of dollars per Certificate.

Here are a few scenarios to help you decide which SSL Certificate is right for you:

• You're a home based service business that does not accept online payments, but would like to improve Google ranking. Best option - Trustwave Easy Trust for $89 annually
• You're a home based product business, you sell items locally and online.  Best option - Trustwave Premium SSL with Organization Validation for $129 annually
• You're a brick and mortar based business who sells, products or services, in store and online. Best option - Trustwave Premium SSL Extended Validation for $179 annually or GeoTrust True BusinessID with Extended Validation for $199 annually
• You're a home based business that sells online using multiple sub-domains*. Best option - Comodo Wildcard SSL for $249 annually
• You're a brick and mortar business that sells online and in store using multiple sub-domains*. Best option - thawte Wildcard SSL with Organization Validation for $369 annually
• You're a brick and mortar business with multiple domains you need covered. Best option GeoTrust True BusinessID SAN SSL with Extended Validation $350 annually

*An example of sub-domain use would be in our case, where we have tsis.net as our main domain, but we also have store.tsis.net for selling computer equipment and acc.tsis.net for selling our web based services; a Wildcard SSL allows us to cover all 3 using a single SSL Certificate.

SSL Certificates can be ordered directly from Top Speed, to order now click the Buy Now button.  If you'd like to talk to someone about which SSL Certificate is right for you, call or email us now - 775-852-1811 or This email address is being protected from spambots. You need JavaScript enabled to view it.. 

While not in person, this kind of email is as much an attack using social engineering as some unknown tech who shows up saying they are there to repair your copier when you weren't expecting it, but is really there to gain unauthorized onsite access to your network.

The desired outcome is the same - access!  Their weapons is social engineering, cunningly forcing the person in front of them to suspend doubt and allow them access to the building (in the case of the copier repairman) or access to launch an attack on the company's network (in the case of the zip file).

The response to this email is natural, what do you mean my account was declined?!?

And before common sense kicks in the zip is opened the files extracted and wham the malicious content of the zip file is let loose on your company's network.  

Rules for the new world of infected Zips:

• If you are presented with a Zip that you were not expecting do not open it until you are able to verify it's legitimacy.  
• If an employee comes to you and tells you they have opened a Zip that did not contain what it was expected to contain, or appeared to contain a file that would not open or nothing at all immediately turn it off and call your tech support.
• If you find yourself face to face with one of the now numerous Ransomware screens demanding money for your data, call in an expert like Top Speed.  Not all hope is lost, depending on a number of factors your company may not need to pay the criminals.

Depending on the Ransomware variant there are options that may be available in your situation.  Or if you are running an Enterprise Backup Solution, where multiple versions of files are backed up, recreating a short amount of work is likely to be far more cost effective than converting USD into Bitcoins and paying the ransom.