Montana Technical Solutions Website Development Design Maintenance Kalispell

Montana Technical Solutions Computer Workstation Security Primer

Local Workstation Best Practices

Local workstations on a corporate LAN  represent an important attack vector for hackers.  They are attractive to attackers due to the fact that end users vary widely in their sophistication and  practices.  If enough end users are targeted, eventually some form of penetration will be achieved.  Fortunately, it is not difficult to significantly improve security of these network end-points.  Review the five points below to quickly and easily achieve improved security:

  1. Implement corporate policy requiring strong passwords on end user workstations and accounts.  Unsophisticated end users will complain, but most will actually comply.  This exercise is useful in identifying the truly vulnerable end users who are at most risk.  (HINT: they are the folks who struggle to create a strong password and need help entering it once it is implemented).  Work with them closely to further reduce your exposure.
  2. Review your backup and restore procedures.  Obviously backups need to be done regularly, normally daily, and stored securely, both on and offsite.  Have you tested your restoration procedures?  BE SURE your backup plan is working.  Even great vigilance can be undone via a single viral email or DNS-redirected web page.
  3. Review your anti-virus and safe browsing software from the workstation point of view.  We assume your end users are behind a firewall appliance, or, at the very least, some form of network firewall software.  Windows 10 offers the best workstation security for general purpose PCs, but be sure to review your Group Policy settings for Windows 10 configuration.  For Windows 7 Defender is competent, but not entirely reliable.  It requires extra effort, but using a combination of the best anti-virus solution with the best safe browsing solution is a ‘best of all worlds’ answer.  Not  only do your settings need to be complimentary, the extra burden on your workstations is also non-trivial.  So be it.  We recommend taking the time and effort required to optimize this aspect of your workstations => that is what Group Policy is for!
  4. End user procedures.  Are your end users adequately coached on ‘do’s and dont’s’?  Do they have reasonable access to help desk support if they have questions?  Be sure they do!  Don’t put them in a position of having to choose between not getting their work done and taking an unnecessary risk with, for example, a questionable email attachment, simply because they cannot timely reach tech support.  It is IT’s responsibility to assist!
  5. Finally, end user procedures.   Are your end users adequately coached on ‘do’s and dont’s’?  Yes we are repeating ourselves here, but this is a broad topic.  However, two main threat vectors exist for end users:  email and web browsing/social media.  Educate end users on both topics and insist that they do not surf non-SSL websites without explicit permission.  Lock down their browsers and refuse to do business with those websites.  If this is a new policy, set a deadline for implementation.  The time is long past for permitting corporate employees to interact with insecure web sites on the public internet.  Use the built-in browser security features of Edge, Chrome, Firefox, and/or Safari to assist in securing your network.  As for email, Gmail offers security and convenience.  If Gmail is not acceptable, use either a white label email hosting service setup by your internal IT staff or your IT consultants, or use a highly reputable third party email hosting service.  Use great care in selecting your vendor, cost, convenience, reliability, and security vary greatly  Admittedly, this is a non-trivial approach, but necessary => there is a reason Gmail is so popular.

Follow these steps to greatly enhance your network end user security, reducing significantly your exposure to external attacks.   We overlooked #6 => keep your software up to date, but hopefully, in 2017, this is self-evident.  If not, we repeat, KEEP YOUR SOFTWARE UP TO DATE!

Thanks for visiting!

Montana Technical Solutions Computer Workstation Security Primer

 

Montana Technical Solutions Kalispell Website Design Development Maintenance

What is Website Design?

Website design is no different from any other design discipline.  It exists to define a finished product, as well as the process by which that finished product is created, delivered, installed, maintained, repaired, and even decommissioned.  Design is a comprehensive discipline, and involves up-front costs, often substantial.  If the design process is successful, these costs represent an investment with a positive return, in other words good design pays for itself.  The implication is that poor design is costly.

The key for the client then, is a successful design process which will ultimately pay for itself.  The difficulty in Website Design, as with software in general is how do we define a product that by its nature is nearly infinitely flexible and where the cost of real-time design modifications appear to be very low?

The answer is simple: knowledge of how to leverage the flexibility while avoiding the hidden costs.  Simple in theory, difficult in practice.  Naturally, the hidden costs don’t announce themselves the moment you implement a change in the code.However, there are tools and techniques that can assist and your developer should be using them.

 

Design vs Function and Content

There are three areas to be addressed during the process of website implementation:  Design, content, and functionality.  Technically content and functionality are addressed by the Design Process.  In other words, in a perfect world, we begin with Website Design and all else follows in an orderly and happy way.  However, in the real world, we tend to be results-oriented and want to see concrete progress asap.

Functionality First Approach

This is a common approach and at Montana Technical Solutions Kalispell Website Design and Development Services we work with our clients, regardless.  This means that even in less than perfect situations we will strive to deliver a functional, usable, cost-effective site.  When the design process is sacrificed, as often happens, we know we can still deliver excellent results.  We also know the pitfalls of this approach and can help our clients mitigate the worst of the consequences – namely excessive costs.

The Trade Off

How we do this is simple –  incorporate certain design elements into the development process. The trade-off here will be some limitations in modifying the appearance of the site. Many clients are more focused on the content and functionality of the site and are happy to forego minor changes in appearance.  It is worth mentioning here that  those clients who cannot accept these limitations definitely cannot afford to skip the initial site design process where all elements of the site are defined:  colors, fonts, images, artwork, graphics, page layouts, menu  and navigation functionality, site applications, security considerations, and all infrastructure parameters.  If complete control over the appearance, functionality, and content of your site cannot be sacrificed, DO NOT SKIP THE DESIGN PROCESS.

Design First?

As mentioned, the trade off in deploying a site with little or no design documentation is limited control over its appearance.  As with all things software, we know it can be changed, the problem is that every design change on an established site with no design documentation, will have unpredictable consequences.  Sometimes we are fortunate and the simple change doesn’t have a domino effect.  But much of the time unexpected changes are introduced – columns are broken, text disappears, images are cropped or distorted, non-conforming colors appear, vertical alignment breaks. This is a slippery slope – as we attempt to fix each broken element, other elements break.  There is no quick fix so we have three choices:  accept the existing design, implement an entirely new design, or deconstruct the existing design so that we fully understand it.  It is important here to re-iterate:  If 100% control over site design is important, begin the process with a thorough design document that completely defines site appearance, and functionality including a complete css implementation.  The effort will be well worth it in the long run.

 

Montana Technical Solutions Website Design and Development Computer SecurityRemember This?

This is a screen shot of a compromised website after WordPress websites were attached worldwide two months ago.  At that time we reported that no websites managed by MTS were compromised by the attacks.

These cyber attacks continue unabated, making the news regularly.  This past weekend’s headlines indicate that hundreds of locations worldwide were struck by crypto-attacks where data is encrypted and held for ransom.  Here’s how the extortionists break the news to their victims:

Montana Technical Solutions Safe From Cryptolocker AttacksThis is not an actual screenshot, but closely resembles those we have seen in the course of our duties.  It is no joke to be attacked in this way, because if the data in question has really been encrypted it will be essentially impossible to unencrypt, necessitating a restoration from the most recent set of backups.  MTS has helped several clients in this fashion.  Note that, in the absence of a secure, uninfected set of backups, data will be permanently lost.

MTS Clients So Far Safe

We are pleased to report our clients continue to be operational and not reporting any serious issues from the most recent round of crypto-attacks, thanks to greater vigilance as well as in-place measures.

The Four Categories of Website Functionality

At MTS we categorize all the functions a website can perform for your business into four functional categories:

  • Assurance
  • Monetization ($)
  • User Experience (UX) (Welcome)
  • Eta => return on investment/efficiency

Monetization

  1. Montana Technical Solutions Website Design and Development Kalispell Website Monetization FunctionalityMonetization.  There are two main ways in which websites are ordinarily monetized – direct collection of revenue via payment systems and/or eCommerce, and indirect monetization via paid advertising.  MTS can help you with either or both.

Functions by category

$

Monetization – online advertising.  Become a participant in online digital marketing platforms and generate passive revenue from your website traffic.  Pre-requisites:  1) Sufficient website traffic.  The actual amount of traffic required will vary, but sites with less than a few thousand visitors per month generally need not apply.  However, for those who are committed to learning how to acquire site traffic, who are willing to commit to a daily time investment, and have a specific area of expertise, there is always opportunity to generate passive ad revenue.  Contact MTS for more information and assistance.  2)  Membership in digital marketing platform(s) 3) Website integration.

Monetization – eCommerce.  almost $2 trillion worth of transactions are now conducted online each year.  Even relatively small enterprises can benefit from adding eCommerce functionality to their website.  The cost of implementation can be easily made up through reduced receivables, growth in revenue, and added revenue streams.  Ask us how we can help!

 

The Four Categories of Website Functionality

At MTS we categorize all the functions a website can perform for your business into four functional categories:

  • Assurance
  • Monetization ($)
  • User Experience (UX) (Welcome)
  • Eta => return on investment/efficiency

User Experience

The User Experience.  We classify the User Experience as its own set of functions and its own major aspect of website design and development.  It is extremely important that a website be user-friendly.  The obviousness of this statement shouldn’t allow it to be exempt from deeper examination.  The ultimate success or failure of a website, depends largely upon how well the user experience is managed.  Poor user experience undermines virtually all of the other functional areas.  Weak monetization is often a result of a poor user experience and dramatic results may arise from subtle user experience improvements.  The same can be true of all forms of critical user engagement, such as prospecting functionality, where we desire to have site visitors engage in surveys, subscribe to updates, etc.

 

The Four Categories of Website Functionality

At MTS we categorize all the functions a website can perform for your business into four functional categories:

  • Assurance
  • Monetization ($)
  • User Experience (UX) (Welcome)
  • Eta => return on investment/efficiency

Return On Investment

Montana Technical Solutions Website Design and Development Kalispell eta – an efficiency metric, eta is representative of the return on the time and money invested in your website.  There are numerous functions in this category and each one has its own measurement – site optimization is measured by average load time, site engagement may be measured by bounce rate, goals achieved, etc., quality of site content can be measured by analytics tools such as time spent on a given page.  Our 30 functions checklist below, is a valuable tool when it comes to measuring site effectiveness, as it can easily be used to identify and apply appropriate metrics, which in turn can be used to improve site performance.

We identify at least 30 functions your website should be performing on an ongoing basis and categorize each of them.  This is helpful tool both to assess if your website is doing everything it can for your business and to assist in prioritizing web development activities.

Functions by category

eta

  1. Analytics Tools (and how to use them)
  2. Search Engine Optimization
  3. Social media
  4. Effective Site Content at Creation
  5. Effective Site Content – Ongoing
  6. Users as Strategic Asset – User Engagement
  7. Users as Strategic Asset – User Interface/User Experience
  8. Users as Strategic Asset – Customers/Clients/Prospects/Browsers – CRM
  9. Users as Strategic Asset – Customers/Clients/Prospects/Browsers – Contact Mgmt
  10. Users as Strategic Asset – The Sales and Marketing Aspect
  11. ADMINISTRATIVE
  12. Backup and recovery
  13. Software upgrade and maintenance
  14. Website Design and Associated Code Management
  15. Website Operation and Associated Code Management
  16. Users as Strategic Asset – User Administration
  17. Website Data and Associated Code Management
  18. Routine Site Administration  – broken links, missing pages, near misses, etc.

The Four Categories of Website Functionality

At MTS we categorize all the functions a website can perform for your business into four functional categories:

  • Assurance
  • Monetization ($)
  • User Experience (UX) (Welcome)
  • Eta => return on investment/efficiency

Assurance

Montana Technical Solutions Website Design and Development Kaliispell Website Assurance FunctionalityAssurance – any function that, individually or in coordination with other functions serves to mitigate risk, enhance security, deter criminal activity, increase corporate credibility, protect and preserve data and other IP assets, improve website operational quality, reliability and availability metrics, and reduce exposure and liability is an Assurance function.

These include, but are not limited to the storage, delivery, and end-user acceptance of Terms and Conditions of Use, Privacy Policy, Statements of Product and Service Guaranty and/or Warranty, liability disclaimers and waivers,  identification of IP such as copyrights, patents, trademarks, creating and preservation of auditable electronic records,

In short, your website should be a valuable business asset for the entire organization, if used strategically, for example, as one element of risk mitigation.  Policies, procedures, legal forms can be made available on the website for public and/or private review, announcements can be made, press releases posted, archives stored, etc.  This can be a valuable way to re-iterate significant corporate policies and positions, in support of compliance efforts, and legal requirements.  Your corporate website can also act as a data repository if need be and can be exceptionally secure if it is properly setup and operated.

Throughout our website, Assurance functions are identified with the certificate image.

 

Functions by category – Assurance

  1. Risk mitigation
  2. Terms of Use
  3. Privacy Policy
  4. Patent, Trademark, Copyright
  5. Confidentiality and Security support functions
  6. Creation and preservation of auditable electronic records
  7. Site Optimization and Validation
  8. Support of Domain Ownership Claims,
  9. Disaster recovery
  10. Discourage theft and other criminal activity
  11. Reputation protection, credibility
  12. data security and privacy
  13. REPUTATION – your site should be a pro-active tool both to protect your reputation and to refute and surpass your competition.
  14. Proactive Social Media  activity.
  15. Online Directory Strategy – combat the Aggregators, succeed with SEO