top
top
Live Help
Live Help
   Live Chat    Support    Domains    Forums
Newtek
1-877-323-4678
 

Category Archives: Security




Deer Valley Data Joins the Newtek Family of Companies

email_logoNTS

Greetings Deer Valley Data customers!

Newtek is pleased to announce that Deer Valley Data and its Atjeu brand have joined the Newtek Family of Companies.

If you’re not familiar with Newtek, you’ll be pleased to know that Newtek Technology Solutions is a leading managed technology and I.T. infrastructure company that has been around since 1997.

Newtek’s technology operations are based out of Phoenix, Arizona, and have a data center footprint — with redundancy and backup — in Arizona, New Jersey, Colorado, London, and Singapore.

Newtek is a profitable and publicly traded company that owns and manages over $350 million in assets, and has more than 100,000 business accounts in its portfolio. You may also find it refreshing that Newtek is a completely open and transparent company. You are invited to download and read Newtek’s financials by clicking here: Newtek Financials.

 

What Does This Mean For You?
First and foremost, we can assure you that you will only see an increase in quality of service, technical expertise, and innovation. Whether you are a Deer Valley Data, Atjeu, or Newtek customer, there will be no immediate change to the way business is transacted. You can continue to count on service and support from the same customer team and contacts that you currently have. In the coming weeks, we will keep you informed of our progress as the integration process evolves.

We will also be upgrading your co-located and hosted systems to our state-of-the-art, tier 3 data center facility. In short, your services will no longer encounter some of the power and network-attack issues you have experienced in the past.

 

Welcome to Our Team
A dedicated team from across the organization will ensure that the transition period is seamless for you while seeking new ways to improve overall service levels. Our customer relations representatives are standing by to explain our additional services and to assist you in getting the most from Newtek. You can reach us, day or night, at 1-866-820-8910 techsales@thesba.com.

And finally, your complete satisfaction is our first priority! We are delighted that you are now a part of Newtek and we want to hear from you. Should you have any comments, questions, or concerns, please contact a member of the integration team by sending an email to techsales@thesba.com and we will respond promptly.


What You Can Expect From Newtek:

World-class facility features
  • Dedicated humidification system that creates optimal hardware operation conditions
  • Advanced temperature controls that ensure servers are always running cool
  •  Advanced cooling systems that handle high level heat loads, doing much more than AC alone
  • Onsite, third-party security with around-the-clock surveillance
  • Man-trap entry point that features bulletproof glass and weight-measurement technology to deter unauthorized “piggy-baking” into the facility
  • State-of-the-art biometric retina scanning
Enterprise-class network & network security
  • Multimillion-dollar network infrastructure with complete network redundancy at all key points, from peers, border routers, core routers, and firewalls to ensure your services are always online.
  • Multiple Tier-1 connectivity providers with redundant 20 GigE connections for a superior level of thru-put and uptime (in comparison, the Deer Valley Data facility has a 1 GigE connection)
  • An advanced DDoS mitigation infrastructure that can handle large-scale attacks, mitigating the issue before it impacts services in our datacenter
Other benefits you will receive at Newtek include:
  • As a public company that manages assets in the financial and payments sector, you immediately receive the added security benefits as a result of our heavy compliance requirements. Newtek is SOX compliant, PCI Compliant, and maintains a SSAE 16 certification.
  • Newtek’s support team is staffed by tenured system administrators. Put simply, Newtek doesn’t believe in help desk-level support. When you call Newtek for technical assistance, you will speak with a real system admin who is empowered to resolve any of your issues. If you have any questions, call us at 1-866-820-8910.
  • Newtek is a solutions-based company that is committed to helping you grow your business, reduce costs, and minimize risk. Newtek is Your Business Solutions Company: a provider of Business Financial Solutions, Payment Processing Solutions, Managed Technology Solutions, and Payroll & Benefits Solutions. You can learn more at www.newtekone.com.

Use Location-Based Mobile Marketing Services to Reach Local

location servicesHave you ever used your phone to find a place to grab a drink or dine while in an unfamiliar neighborhood? If you have, than you’ve used location-based services. This is a clever kind of mobile marketing that allows businesses to target local consumers. A location-based mobile marketing service allows small businesses to attract random passerbys by serving them with information about their business through search. Location-based mobile marketing is a powerful strategy that’s not only affordable, but also easy to do.

Any mobile strategy should begin with your company’s website. Content you post on your business site and associated social pages should be able to be consumed on various mobile devices. Why? Because web content recognized by Google’s search engine (which rewards mobile-friendly content!) will put your location on the map.

Start with the basics; make sure web content related to your business is correct and in order on search engines as well as on your company’s website. For example, your locations, hours of operation, products and/or menu items, parking instructions, etc. should all be easily searchable from a mobile device. When consumers use the web to search for information, they have a better chance of seeing your website if it’s correctly configured for mobile.

Another key component of a successful location-based mobile strategy is reviews. In addition to being the simplest marketing you can do, establishments with overwhelmingly positive reviews on Yelp and other mobile-first sites are proven to garner more business than those that do not. Don’t be afraid to ask satisfied customers to review your business, offer an incentive in exchange for their review. A special discount for customers who leave reviews provides for repeat business and a healthy digital reputation.

Small business owners must consider the impact that mobile marketing can have on sales and brand perception. A successful mobile strategy, one that incorporates location-based marketing services to reach a local audience, will reap major rewards.

Major Android Security Hack Uncovered

android-devil-malware-100247149-carousel.idgeAttention Android Users!

With just a simple receipt of a text message, your Android can be hacked. This is likely the biggest smartphone flaw ever discovered, CNN reports that, “it affects an estimated 950 million phones worldwide.” The issue is rooted in the way in which Androids are programmed to analyze incoming text messages, even before they have been opened. For instance, with Google’s Hangouts app, any media file that you receive (pictures, videos, audio) is automatically processed as soon as it is received. Because of this, “a malware-laden file can start infecting the phone before it’s even opened.”

The hacker needs only to send a text with a malicious media file to your phone to potentially gain complete control of your Android device. With that, he or she will be able to wipe out your device, access apps, open and review sensitive information on your phone, or even turn your camera on without you knowing.

Google, owner and operator of the Android OS, has acknowledged the vulnerability. In fact, they were made aware of the hack – and even provided with a potential fix – as early as April 9 by cybersecurity firm Zimperium. Google has assured that a patch would be made available for all customers, but according to Zimperium, a fix still isn’t largely available.

Although Google has likely developed a patch to this vulnerability, due to Android’s dependence on carriers and phone manufacturers, the company can’t simply push the fix directly to user’s devices, as main rival Apple has the luxury to do. The fix must be coordinated with disparate manufacturer platforms (Samsung, LG, Motorola, etc.) and then disseminated through the carriers (AT&T, Verizon, T-Mobile, and Sprint – just to name a few…). Google claims they have delivered a solution to its carriers, but it is still unclear whether or not the solution has been passed along to their users.

Until security firms like Zimperium declare this issue clear, Android users can disable auto-fetching of multi-media messages by accessing the Settings menu within their default messaging app. Tap Settings -> Advanced -> (deselect) Auto-retrieve MMS messages.

Users can find detailed instructions here.

5 Essential Security Tips for Small Businesses

security | blueGiven the increasing frequency and sophistication of modern cyber attacks, it is more important than ever for small businesses to understand the dramatic effects of a data breach. Small businesses can protect their customers and themselves by staying educated and understanding solutions and best practices that are available to reduce the likelihood of a costly security breach.

  1. Safeguard Valuable Documents and Equipment – Make sure all digital devices used for business are protected with antivirus and antispyware software that is regularly updated. All computer servers and sensitive paperwork need to be stored safely and securely, with a limit to the number of people with keys and/or access codes. Research off-premise data center or cloud computer solutions to ensure the safety of your information.
  2. Use a Password Manager – In theory, we all know we should be using different passwords for each website but very few people actually follow this practice. For convenience, most users routinely use the same or similar passwords for multiple web services. Luckily, there are now many tools to help us manage our passwords correctly.
  3. Control Access – Don’t let unauthorized individuals use business computers or equipment and limit physical access to your systems. Even employees should be given access only to specific data systems they need to do their jobs. Make it is standard procedures that all employees seek permission before installing any software.
  4. Update POS Systems – The responsibility to cover losses born from fraud will shift from credit cards/banks to the merchant later this year. For this reason, all merchants with outdated POS systems should move to embrace EMV technology as soon as possible. EMV cards contain embedded microchips and are much more secure than cards that rely on a magnetic strip. While adopting new technology always presents a challenge for small business owners, merchants can’t afford to not take this step.
  5. Encrypt and Tokenize – Implement full-disk encryption on each company-issued computer and mobile device. System passwords alone offer little defense against off-site hacking attempts. By layering encryption and tokenization with EMV and POS compatible systems, merchants can minimize security weaknesses and address authorization vulnerabilities. During the transaction process, data is most vulnerable immediately before and immediately after authorization. Encryption and tokenization protects against this. Further, encrypted and tokenized data holds no value; it is just a random, unusable string of numbers/characters.

Information Regarding Recent Small-Scale Cyber Attack

We wanted to share with you some information about a recent cyber attack that affected a very small percentage of sites on our network and to provide some important information regarding customer sites on “legacy” hosting plans.

(“legacy” hosting plans refer to older hosting plans that are no longer available for new orders. Some of these legacy plans use software on the server that is no longer supported by the software vendor, which means the software does not receive any more software updates, including security patches.)

While we will endeavor to provide continued support for legacy hosting plans, and will continue to react as quickly as possible to security events such as the one we will explain below, legacy services are inherently more susceptible to cyber attacks due to the fact that the platform software is no longer supported by the software vendor. This includes, but isn’t limited to, old versions of ColdFusion, ASP.NET, and PHP that no longer receive software fixes or patches due to their age.

This also applies to any no-longer-supported web applications you might be using to power your website (for example, many popular content management systems running out-of-date versions are especially vulnerable).

We understand that some customers have limited ability to upgrade to newer hosting plans due to compatibility issues, and will require continued use of their legacy hosting plan. If you currently utilize a legacy hosting plan, we encourage you to reach out to your developer or I.T. team to review your upgrade options. Newtek can also assist with upgrade guidance and/or website development services. We offer a full range of newer hosting plans that feature currently supported software platforms (including plans hosted on Windows Server 2012).

The cyber attack that occurred was injection-based in nature, and resulted in unauthorized lines of code being injected into some customer websites. Based on our investigation, we do not believe that this code was particularly malicious in intent; rather we believe it was designed to post unwanted messaging or banners onto affected websites. The injection attack was successful targeting sites using out-of-date software on both the website and platform level.

We believe we identified the offending code and diligently cleaned all affected web servers.

See below for a listing of unsupported scripting languages and platforms associated with Newtek legacy hosting plans:

Unsupported Hosting platforms/scripting languages by its software vendor:

ASP.NET 1.1x
ASP.NET 2.x
ASP.NET 3.5x
PHP 4.4.x
PHP 5.2.x
PHP 5.3.x
ColdFusion 5
ColdFusion 6.1
ColdFusion 7
ColdFusion 8
ColdFusion 9
SharePoint 2.0

Unsupported databases by its software vendor:

MSSQL 2000
MySQL – 4.1.x
MySQL – 5.1.x

Start Planning Now: Support for Windows Server 2003 is ending on July 14, 2015

HomelandSecurity-WinServ2003-blogThe US Department of Homeland Security has issued a warning about the consequences of not upgrading Windows Server 2003 systems by July 14, 2015.

This is the date Microsoft will stop providing software updates for the aging platform, meaning new exploits will not be fixed.

Homeland Security stresses that consequences could mean exposure to cybersecurity threats, which may lead to malicious attacks or electronic data loss.

Newtek Is Here To Help

If you have self-hosted or on-premise systems running Server 2003, now is the time to consider upgrading and moving your servers to a secure data center. Benefits of this include:

  • Avoiding the high upfront costs of buying new server hardware
  • Keeping your servers in a hyper-secure Newtek data center
  • Having a 24/7/365 team available to address issues immediately

If your organization has Server 2003 systems hosted at another provider, now is time to reassess your solution:

  • Newtek regularly beats competitor pricing on server hosting, and we are currently offering special incentives for Server 2003 upgrades
  • Our server operations team can assist with your upgrade to a newer platform, along with the migration to our data center
  • We offer both virtual and dedicated solutions that can meet your organization’s specific needs.

If you’re currently hosting a Newtek Dedicated Server running Server 2003, now is the time to start planning your upgrade.

  • We can help you with your upgrade and migration
  • With both dedicated and virtual server options available (running Windows Server 2012), we may be able to reduce your currently monthly costs
  • We are heavily experienced upgrading Windows 2003 systems to Windows 2012

Newtek Solution Architects are also available to review any of needs at no cost or obligation. Contact us today to get started.

NOTE: Newtek Shared Web Hosting Customers do not need to take any action regarding this alert. Newtek has already upgraded most of its legacy shared hosting servers that are running Windows Server 2003, with remaining systems scheduled for an upgrade well before the July 14, 2015 deadline. 

Disaster Recovery Options Now Available for CloudVPS and Dedicated Servers

DatacentersWith data center facilities located in several, strategically located regions across the continental U.S., small businesses of all sizes now trust Newtek to deliver hyper-secure, redundant, and disaster-safe hosting solutions for mission-critical I.T. systems.

While solutions for disaster recovery planning traditionally fall under the scope of custom hosting configurations, Newtek now offers a simplified add-on option for CloudVPS and dedicated server customers. This option is ideal for budget-conscious businesses or I.T. teams looking for cross-regional redundancy and security.

For CloudVPS plans, the Disaster Recovery Option provides a completely replicated copy of the virtual server that is hosted in a secondary facility located at least 500 straight miles away. In the event that a disaster event occurs (or any occurrence that leads to a service interruption or outage), a DNS change would shift access to the system to the secondary location.

For dedicated servers, the solution differs slightly, but provides similar protections. Our team will work with you to determine which files you need replicated across the secondary data center location. Typically, an identical dedicated server configuration, including identical hardware, is provided at the second facility, but, depending on your needs, this can be customized.

Separate from the replication service that is part of the Disaster Recovery Option, Newtek also offers offsite backups that can be stored at a secondary facility (note that all Newtek data center facilities meet the same high security, compliance, and reliability standards), as well as customized, cross-regional load balancing solutions. Contact us for for a free assessment for this or any other need.

PRICING

There is actually no charge for our new Disaster Recovery Option itself, which provides replication services on either CloudVPS or dedicated servers. All costs associated with this service are connected to the services you’re duplicating across data centers. For exact pricing, please speak to a Newtek business service specialist.

You can visit our CloudVPS or Dedicated Server plans at the following links:

Dedicated Servers
CloudVPS


WordPress Updates, Do I Need a Developer?

WP ProfessionalThe short answer: most likely. Unless you are yourself a developer, a web professional, or a highly technical person – you should at very least seek out a little assistance with updating your business website.

Why? Because we hear this phrase everyday: “I tried to update my WordPress site and now it is broken.”

The first rule of WordPress is to always run the latest version of WordPress. No matter what platform your website is built on, you need to do updates to make sure your site is functioning correctly. Think of it this way: over time, you need to preform periodic upgrades on your car in order to keep things working properly, your website is no different in this regard.

When you have a WordPress Content Management System, it is especially important to make sure your site is updated when the system prompts you to perform updates. One of the things that make WordPress such a popular blogging platform and website platform is the ability to add in plugins to make the system as robust as possible. When you are adding those many plugins to your WordPress site, all of those plugins need to communicate together and when they do not, your site does not function correctly.

So what do you do when you need to update your WordPress site?

WordPress has two methods for updating, the easiest being the one-click update, which in theory should work for most sites. The WordPress directions for a one-click update are listed here and seem simple enough: http://codex.wordpress.org/Updating_WordPress

What they do not explain is that this is dependent on the update being compatible with your current WordPress theme and all of your plugins to that theme and this is where you will typically encounter problems. In our experience, we see over 90% of the time there are compatibility issues when you attempt to update WordPress.

Your WordPress version needs to be compatible with your current WordPress theme otherwise it could break your whole theme and your blog/site could go down. You will also encounter compatibility and functionality issues within your WordPress plugins. This is best done in a development environment what areas of the site are not functioning correctly from the upgrade. This is where we recommend calling an experienced WordPress Developer to do this for you. The second method WordPress has for updating is manual. As you get into the manual functions of updating your site and plugins, it can get extremely complicated and tricky to do this correctly. The hours you spend attempting to do this yourself only to realize your site is not functioning correctly is not worth the money you will save by hiring an experienced developer to do this for you.

If you are in need of a developer to help you perform updates on your WordPress site, Newtek Web Services is here to help. Please call us at 866.820.8910 today!

Encrypted Websites to Rank Higher In Google Search

HTTPSGoogle has announced that equipping your website with an *SSL 2048-bit key certificate – going HTTPS – will give you a boost in search ranking. Because obtaining an SSL certificate is both uncomplicated and affordable, it’s the easiest thing site owners can do to get a leg up in the Google Game.

Security has been a top priority of Google’s this year. They feel this is a move to make the Internet a more secure place, and a more secure Internet begins with more secure websites. HTTPS is a way to encrypt the data that is transmitted between a user’s web browser and the site they are on. With an SSL certificate, a website can keep payments and other customer data secure (passwords, credit card numbers, etc.)

The following indicators provide visual indication that a website is secured by SSL:

  • https in the URL
  • a locked padlock icon
  • a trustmark or site seal
  • a green address bar (available with Extended Validation SSL certificates)

Choosing the right SSL to secure your website is a balance of cost, convenience, and desired level of confidence. Higher priced SSLs require a greater degree of validation, which in turn confirms a higher level of certainty by trusted certificate authorities. SSL certificates which are only Domain Validated (DV) cannot fully assure visitors that a website is operated by verified business. If you are concerned about fraud or loss of customer confidence, you need an SSL certificate with verifiable trustmarks that show the website owner’s information has been verified, or an Extended Validation (EV) certificate recognized by high security browsers.

At Newtek, you can easily purchase an SSL certificate starting at just $10 per year (our new page is coming soon but these certs are available). We’d also love to speak with you if you have any questions about HTTPS, SSL certificates, or the overall security of your website.

techsales@thesba.com | 1.877.323.4678

*SSL stands for “Secure Socket Layer.” It is a technology that establishes a secure session link between the visitor’s web browser and your website so that all communications transmitted through this link are encrypted and are, therefore, secure. An SSL certificate has two primary functions: authentication & verification, and data encryption. SSL is also used for transmitting secure email, secure files, and other forms of information. 

PCI Compliance and Your Business

PCI ComplianceIf you’re a business that accepts credit card payments, you’ve become familiar with the Payment Card Industry Data Security Standard for protecting cardholder information, commonly referred to as “PCI”. As credit card processors, banks, and businesses get more serious about credit card data security, you owe it to your customers to choose compliance every time.

In just this past year, we’ve seen data breach, after data breach, on top of data breaches across all industry sectors. Your customers want to know that you value their security and are serious about protecting their information. Showing your customers and clients that your organization is serious about data security will not only increase the legitimacy of your business, but you will be rewarded with satisfied lifelong customers who will spread the word about your good business practices.

Show your customers your business is serious about PCI compliance in the following ways:

  • SSL or Nothing – SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a web server (website) and browser, or a mail server and a mail client (like Outlook). SSL allows sensitive information (login credentials, credit card numbers) to be transmitted securely.  Make sure your business is only collecting customer data on a secure webpage; this will be indicated by a little lock icon coupled with “https” in the webpage URL.
  • Be Loud and Proud – Ensure your payment processing system is PCI compliant and take the necessary steps to keep your business certified. Flaunt your compliance standards and make it a prominent part of your marketing approach. You will put your customers at ease, as they know you’re doing everything possible to protect their personal information.
  • Help Develop Good Habits – Although an increasing number of consumers are becoming technically savvy, many people are still naïve about the vulnerabilities of email and other online messaging systems. Assume the mom-role and rebuke your clients for sending card numbers, banking numbers, or passwords via email. They may be put off initially but in the end, they will thank you for the lesson.
  • Don’t forget the CVV – Those three little digits (four for AMEX) on the backs of payment cards are not stored on magnetic strips or chips, meaning – in theory – you must have the hard in hand to know the code. Always ask for the CVV security code when processing a telephone or online payment. You should never store this information, but it will show the buyer you’re taking extra steps to authenticate the transaction.
Top