Online Privacy and Protection

Data breaches are becoming more of a daily occurrence. Data is becoming more useful and people are looking for it even using unethical methods. Data is being used to influence decisions and behaviours and we receive news more regularly about some major data breach somewhere. Not long ago, we were shocked that Cambridge Analytica collected Facebook data from millions of people and apparently used it to influence 2016 American elections.

In the modern world, for convenience sake, we are bound to release some information about ourselves or our surroundings online. For instance, we all like how Google Maps helps us around. For Google to improve it, they do take some information from locals to aid in that. But we need to know how much information we release and what’s the consequence of having too much of it out online – knowingly or unknowingly.

How your data may fall into wrong hands

When you are online, you expose yourself to many internet threats. There are people online who will just stop at nothing to get your information. How they’ll use it is another matter, but the aggressiveness they employ to get your data in the first place is just amusing. Here are few ways your data can fall in the wrong hands:

  • Hacking – A hacker is an intriguing human being. Hackers are the kind of people who will simply come after your data because you have an online presence. You don’t have to be an important figure in society. You don’t have to be maintaining a sensitive database. You simply need to have any form of online presence and boom! – you are a target. Hackers will look for any loop hole in your online accounts or services you have such as websites and servers and they will exploit it to get information or sabotage operations.
  • Tapping – If you are performing any form of transaction online, especially one that involves you logging in to your account, it’s best and safe to do it over an encrypted channel. For websites, this is made possible using SSL certificates – which allow secure communication to the servers via https instead of http. This allows your (and your visitors’) communication to the servers to be encrypted in that even if data is being tapped, it cannot be read as it’s safe.
  • Phishing – This is the practice of using false links that resemble the real links to certain websites, especially banking sites, to try and get individuals to submit their login credentials of the legitimate sites. For instance, there are many phishing links that target PayPal login page. Should you access one of this links and enter your PayPal login credentials, they are quickly fetched and used to access the real account. From there, your account is under the mercy of the phisher until action is taken to disrupt their connection. Phishers also send these links via email – with very interesting content and subject you’d want to access the link.
  • Social Engineering. Often it’s just small bits of data that hackers are after. Your date of birth, along with your email or mailing address (perhaps listed on your website or Whois information on your domain) could provide a key that a criminal can use to reset your account passwords or gain access to important accounts. For example, back in 2012, hackers compromised Wired staff writer Mat Honan’s digital accounts and deleted all of his computer files just by having critical bits of information about him.

How to safeguard your data against these theats

The above listed techniques are just but a few that are employed to get hold of data. What steps can you take to protect your privacy online? Here, we’ll look at some ways you can reduce chances of being mined of data.

  • Protect your email address – An email address is as important as a phone number in most circles in the modern age. It’s also used with online accounts – which provides the more reason to guard it safely. Don’t give your email to everyone who asks for it. Don’t place it where it can be accessed by all. If you have a domain, hide your whois information. If you find yourself dishing out your email so oftenly, consider creating a disposable email address to use with some of the online sites. If you’ll find specific emails crucial, you can update your email on that particular site or set forwarding to receive the important emails in your primary address. This will help you avoid spam mail and safeguard sensitive accounts attached to a particular email address
  • Provide minimum information – Some sites will ask for personal information they do not need. Any one who asks for your email address, tax pin, bank account, social security number or ID number needs to be challenged to explain why they need that information. Don’t even share your physical address online. Instead, you can subscribe for P.O. Address and use it for some online forms.
  • Avoid giving information to the unknown – This is particularly popular with Online games. Games that require you to connect with your facebook profile or GooglePlus profile should be avoided.
  • Be smart with your passwords – Rule 1 with passwords is that you should use strong passwords. The basic definition of strong is a password that is long enough and includes letters (capital and small), numbers and symbols combined. Rule 2 is that you should not use the same password for more that one account. Should you do this and access is gained to one of your accounts, this can be used to access all your accounts. Imagine what harm can be done with that much access!
  • Enable two factor authentication – Most websites have a provision for 2FA. Whenever you find this as an option, take it.

These are just a very small highlight of what can be done to enhance your privacy protection online. For a more comprehensive list of measures that can be taken, you can have a look at the 66 privacy tips from Consumer Reports. As they say, do one, some or all. It makes a diffrence!

Google changing it’s approach to SSL

Google has been out to make websites adopt SSL. A website with an SSL certificate is one accessed using https:// instead of http://. Normally, a padlock is displayed next to the https:/ tag for sites secured with SSL.

There are 3 things Google does to push site owners to adopt SSL:

  • Google uses the presence of SSL certificate in a site as a SEO ranking factor. Sites with SSL rank better than those without on Google
  • It adds a Secure tag on sites that have SSL installed.
  • It displays a Not Secure tag for sites that have no SSL yet there are forms on the site that require user input

Now, Google is taking a different approach to achieve the same goal. Instead of focusing on display Secure for sites with SSL certificates, Google wants to concentrate more on displaying Not Secure on sites without SSL.

Currently, https pages show a green padlock and the word Secure besides that. With the onset of Chrome 69 in September, this will be changed to a black padlock without the tag Secure. From there, we will have the pages not displaying any padlock or Secure tag. Instead, we will have a Not Secure tag blinking on Chrome for sites without SSL.The focus is shifting to the insecurity, so as to make the internet more secure. The objective of Google here is to ensure that eventually, people will have sites as secure by default.

The other objective of abandoning the Secure tag and the SSL padlock is that, people tend to believe that a site with the padlock is safe. But this isnt always the case as malicious folk simply take on a site’s typo and install SSL then use it to impersonate the legit site. Now that doesn;t make the site safe, does it?

Conclusion

The conclusion of the matter is that, if you havent installed SSL for your site, now is the best time to do so. SSL certificates have become cheaper(some even free) and easier to install. Some SSL vendors will even install it for you. With that said, why don’t you get yourself an SSL for your site? Of course if Google tells your site visitor that your site is not secure, not matter what your explanation will be, the visitor will trust Google – and not you. The world is on the move! So lets move!

How to install lets encrypt free ssl tls manually Cpanel

How to install lets encrypt free ssl tls manually Cpanel

Lets Encrypt is a free and Opensource SSl that provides free Wildcard SSL certificate for multiple subdomains.

This tutorial goes through the process of installing Lets Encrypt SSL certificate to a website on a Cpanel Server manually without using the Lets Encrypt plugin as available on Truehost Cloud Servers.

  1. Lets Encrypt has appointed sslfor free.com to generate and issue free Lets Encrypt SSL.

Go to www.sslforfree.com

 

2. Enter your website domain name as shown below to check and generate the SSL for your website

3. Then it will show how to verify domain ownership. In this case, we will choose the manual domain verification for manual domain installation

 

4. An advance option that allow to manually verify domain from a  http server

5. The website will generate two domain verification files for upload to your Cpanel server.

Click on the two download files generated to download to your computer.

6. On your browser go to http://yourdomain.com/cpanel

Login to your domain Cpanel account

7. After login, click on File Manager option

8. Click on the File Manager to Open your website file system, proceed to click on Public_html to enter into the directory.

Click on +folder icon to create a folder and name it .well-known

 

 

Inside .well-known folder create another folder called acme-challenge

Inside acme-challenge folder upload the two files from sslforfree website

Follow the links displayed on sslforfree website to verify the downloads and consequently the domain.

 

Click on Download the SSL

This will generate the SSL certificate files including CA Bundle, Private Key and Certificate

 

In your Cpanel go to Security section

Click on SSL/TLS

The go to Manage SSL sites

Copy paste the content of the CA Bundle, Private Key and Certificate in the respective content boxes.

 

Click Install Certificate to Install the SSL certificate

The final step and very important is to force all traffic through the https protocol.

Go to public_html directory and click to edit .htaccess

In case you are unable to see the .htaccess file click on settings button on the right hand corner of your Cpanel and click to show hidden files including .htaccess

 

Copy paste the following code to force https

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

 

Click Save to save the .htaccess file update.

 

Access the website on browser now.

 

Bingo you just did it

Why every website needs an SSL

Online security is changing. If you have been following the industry proceedings lately, you will notice that there are newer ways to compromise your data online. Fortunate for us, there are also simple ways to deal with that. One such way is use of SSL certificates in your website.

A secure socket layer (SSL) certificate is a security technology that encrypts communications between a server and a browser. Remember, any time you work with the internet on a browser, communication is made between the browser on your computer and the source of information that the browser displays – the web server. When connection to the server is not secured, your browser will send / receive data in plain form. This can ALLOW THIRD PARTIES TO READ YOUR DATA.

The importance of secure communication between a browser and a server has been taken to the next level by organisations that develop web browsers eg Google with it’s Chrome and Mozilla with it’s Firefox.

In Chrome, any site without an SSL certificate is marked as Not Secure. Users trust the browser and as such, you can be sure to loose one or two possible clients who refused to transact on your website because it is “Not secure.

 

 

 

This becomes worse for websites that require user input. Nowadays, users are warned when they are about to fill in details in a website that is not secures.

 

 

 

 

 

 

 

These security features have been adopted as the mark of legit sites worldwide. If for instance you have a popular online store, but your store lacks SSL certificate and a counterfeit store is opened and SSL installed, people will rush to log in to the counterfeit store which has SSL convinced it’s the legit store and leave out the website that does not have SSL certificate installed. Why risk?

Fortunately for you SSL certificates are now more affordable and available than ever before. At Truehost Cloud, we have your back when it comes to securing your website(s). We offer a vast range of SSL cerficates from world renowed Cerfificate Authorities such as Comodo, DigiCert, Thawte, GeoTrust, Symantec and Certum. The cerificates inlude:

  • Singe domain certficates – secures www and non-www versions of a domain eg example.com and www.exapmle.com
  • Wildcard certificates – secures www and non-www versions of domains and subdomains eg example.com and help.example.com
  • EV cerficates – secures domains and subdomains and shows Green Bar*.

Once you complete the order for SSL certifificate, we will install it for you and you’ll see your site stop using http:// protocol and start using https://. Why wait? Get an SSL certificate here.

*A Green Bar SSL displayes the name of the company/organisation on the address barr next to the green padlock. Before these are issued, the CA validates the authenticity of the organisation. Legal procedure is followed to ensure the Organisation purchasing the SSL exists and is genuine. That means there can be only one such organiatio and as such, if you see their name on the site you access, you have no doubt that you are in the right place. This helps prevent phishing from fake sites posing as the legit sites as all these sites cant have a Green Bar SSL baring the same name.

ENHANCING WEB SECURITY USING SSL

Does your website require users to submit confidential data, including personal information, passwords, or credit card details? If yes, you need to know what a SSL is.

A matter of Cybersecurity

Information you send on the Internet is passed from one computer to another, until it gets to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves.

What is SSL?

SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.

Why you need SSL

  1. Keeps data secure between server and client.

When someone uses a form or needs to submit information to your website, there is need to encrypt the information so that third party cannot intercept it. This is important when passwords, usernames, payment information like card numbers, and personal information.

  1. Builds users trust

Users are more likely to trust a website with a SSL certificate than one without. It gives them confidence that their privacy has been put into consideration, and that the website is genuine and belongs to a verified entity.

  1. SEO ranking

Search engines trust websites with SSL more than the ones without. This makes the website rank highly in the search results.

Types of SSL

There are three main types of SSL that one can use. These are:

  1. Domain Validated Certificate

Domain Validated certificates are certificates that are checked against domain registry. There is no identifying organizational information for these certificates and thus should never be used for commercial purposes. It is recommended using these types of certificates where security is not a concern, such as protected internal systems.

  1. Organization Validated Certificate

Organizational certificates are Trusted. Organizations are strictly authenticated by real agents against business registry databases hosted by governments. Documents may exchange and personnel may be contacted during validation to prove the right of use. OV certificates therefore contain legitimate business information. This is the standard type of certificate required on a commercial or public facing website

sec

  1. Extended Validation Certificate (EV)

An Extended Validation Certificate (EV) is a certificate used for HTTPS websites and software that proves the legal entity controlling the website or software package. Obtaining an EV certificate requires verification of the requesting entity’s identity by a certificate authority (CA).

Need to secure your website? Contact us and we will give you advice on the best SSL for you, as well as help you with technical information.

Best price for SSL Certificates

Best price for SSL Certificates

Best prices for all SSL certificate are on high volume SSL certificate retailers.

The more SSL certificate you move the lower the price from the SSL certificate issuer. Truehost Cloud is one of the main SSL certificate supplier or retailer in Africa. Having successfully moved large volumes of SSL certificate, Truehost cloud has a platinum account with all the main SSL certificate issuers.

As a result Truehost cloud has the best prices for SSL certificates in Africa. Having got the SSL certificate at the lowest price, Truehost cloud add a small margin to the cost to arrive at the SSL selling price.

Compare the prices and you will realize the best SSL certificate prices in Africa are on Truehost Cloud.

Prices at Truehost Cloud include Installation charges, no more charges you will incur after ordering an SSL from Truehost Cloud.

Instead you will amazed to have our SSL expert install the SSL on your website within an hour, try Truehost Cloud today for the best SSL certificate prices in Kenya, Nigeria and the entire Africa.

Why you need SSL Certificates for your website

Why you need SSL Certificates for your website

SSL stands for Secure Socket Layer

SSL Certificate main function is identity verification, securing connection is a secondary functionality despite the fact that most users install SSL to provide secure connection via https.

Identity verification and secure connection sum up the widely known functionality of SSL – securing websites.

SSL certificates are issued by CA – Certification Authorities – which are global institutions mandated with providing third party verification on the identity and ownership of website through issuance of certificates. Therefore you need an SSL for your website for the following reasons

Create trust with your customers

SSL Certificate is the only assurance that customers can get that indeed they are using the right website and not a fraudster replicated site.

Deal with copycats websites that may steal your clients

Install an SSL certificates to deal with possible fraudster who replicate website and fraud unsuspecting online customers. Consider the various types of SSL certificates including Extended Validation (EV) for high level

Secure from Hackers

SSL certificates allow a professional third party to secure your website through frequent site scanning, preventing cross-site scripting and penetration attacks on your site. Install SSL certificate from Truehost for safeguarding from hackers.

Higher Google Ranking

Google SEO ranking algorithm favors secure sites and therefore sites with SSL rank higher in Google Search Engine Optimization results

Higher Credibility for your brand

SSL certificate is one of the most important component of a websites. A good number of buyers cannot buy from a website with no SSL. They cannot afford to risk their personal details – since they know websites with no SSL certificates are vulnerable.

Install SSL Certificate to your website to promote the credibility of your website.

 

WhatsApp Truehost Kenya