Getting hacked sucks; It is expensive to remedy, can negatively impact on your brand and it costs precious traffic and revenue. Unless you have not read the news in the past year, it’s clear that cyber attacks are no longer a rare occurrence but the new reality that we all face.

This paradigm shift can be attribute to several factors, including growth of the internet and a corresponding increase in the number of attackers and targets; an increase in the number of published vulnerabilities, that once discovered are exploited quickly and the availability of hacking tools that enable those with modest skills to launch devastating attacks. Criminal organizations have adapted to this into a full scale enterprise using sophisticated botnets that work day and night to find and exploit vulnerabilities.

Protect Your Organization

Adopting an aggressive, proactive protection plan that minimizes vulnerabilities is the first step. You cannot protect yourself from every possible threat, but a solid plan will dramatically decrease the likelihood that you will be hacked.

We have created the following plan based on our experience hacking, getting hacked and fending off hackers. Our plan assumes that you have basic security measures in place like current antivirus software installed on your computers, strong-password policies and other security best practices in place for your organization. If you don’t, this article on basic organizational security measures ought to help.

The Flint Digital Website Security Plan

Application and Data BackUp

Let’s face it, anything that can possibly go wrong, given enough time, does. Therefore, frequent, offsite backups are essential to any digital endeavor. Having recent backups will mitigate the pain experienced in recovery from hacking, human error, server meltdown or any other inconceivable disaster. Our Protection plan specifies the following seven commandments:

  1. Backups shall be stored securely off site. Relying solely on local backups is an ineffective strategy should the local system fail.
  2. Database backups shall be made hourly. Replacing lost data, especially in ecommerce is extremely difficult, time consuming and in many cases, impossible.
  3. Code shall be managed in version control such as GIT or SVN. Version control allows for storage and tracking of incremental file changes. It also allows an additional layer of redundancy.
  4. Code and files shall be backed up daily. Application code change less frequently and when version control is implemented properly, recoverable from any iteration.
  5. Code and file backups shall be saved daily(for seven days), weekly(for four weeks) and monthly(for twelve months). This allows for rapid recovery of recent file changes and an opportunity for deeper forensic analysis if the issue is undetected for long periods.
  6. Database backups shall be on a hourly(24), daily(7), weekly(4) and monthly(12) rotation. This allows for rapid recovery of recent databases and opportunity for deeper forensic analysis if the issue is undetected for long periods.
  7. Database backups shall be tested for recoverability. Corrupt database backups have zero value. Incremental testing of database backups should occur at regular intervals of 1-2 months.

Application Hardening

The most common mass attacks are those targeting web applications. Open source applications (e.g. WordPress, Drupal, Magento, Django) are often the most targeted. The specifics of hardening a given application requires a deep understanding of the application and it’s known vulnerabilities. Second to backups this this the most important component of an effective Protection Plan. Our Protection plan specifies the following:

  1. Hide common application signatures. These include application name, version number, login URL and license files.
  2. Block ip addresses for multiple failed login attempts. This helps to prevent brute force attacks. It can impact legitimate admin users but it is a small cost compared to the benefit.
  3. Use blacklists to block traffic from known “Bad Actors”.
  4. Monitor file changes on a daily basis. This is an excellent early detection method to identify a compromised site. We have written a custom script that monitors file changes and daily updates.
  5. Use SSL on all pages. This will protect the information being sent to and from the user by encrypting it. There is moderate SEO benefit from this as well.
  6. Prevent File Execution from Media Directories. Media directories by nature are less secure. Most applications will store all assets (images for example) in discrete directories. You should configure the server so that executables can not be run from within these directories.
  7. No “admin” user. Not much else to say here.
  8. Keep the application patched. After vulnerabilities are discovered a patch will invariably follow. Applying patches immediately will ensure that you are protected.

Website Firewall

A firewall can block malicious traffic before it ever hits your server. This is a very effective line of defense that can prevent common attacks and reduce unnecessary server load. The firewalls we use do the following:

  1. Works at the DNS level. As traffic is routed to the server the firewall monitors connections for suspicious activity, blacklisted IP’s, spammers, webbots and more.
  2. Allows legitimate traffic to access the site. It uses complex rules that factor in information such as geographic location, network location and malicious URL patterns to name a few. Rules can be customized to address business requirements.
  3. Protect against known malicious traffic patterns. This will stop events such as Dedicated Denial of Service (DDoS) attacks.
  4. Website patching. Filters legitimate traffic vs known malicious requests until application can be patched. This is very useful in zero day exploits.
  5. Performance boosts. Using DNS caching to serve static assets such as images, CSS and static pages allows the site to run faster. This can significantly increase site performance and help SEO.

Uptime Monitoring

Like backups, this is a best practice. Uptime monitoring can serve as an excellent early warning tool that something has gone awry, hacks or otherwise. Knowing your site is down before your customers do is also pretty neat. We recommend that uptime monitoring services do the following:

  1. Monitor at 1 minute increments. Any less and you might be missing short outages.
  2. Monitor page load time. Slow sites are almost as bad as those that are down.
  3. Send push, SMS, and email notifications. It is important to know when a site goes offline and subsequently comes back up.
  4. Check sites from multiple server locations. Preferably from multiple locations in the US and around the globe.

Malware Scanning

There are some very clever ways that your site can be compromised, including Malware, that the above methods may not detect. We have recently started to implement continuous malware monitoring that scans the entire directory and provides alerts should malware be detected. This tool includes the following features:

  1. Platform agnostic usability. Works on all web platforms and custom applications.
  2. 12 hour incremental scans. Sites are scanned twice daily every day to ensure early detection.
  3. SMS and email alerts. If there are issues we are notified immediately allowing us to start a cleanup process.
  4. Blacklist Monitoring. Checks to see if sites have been added to any blacklists. Blacklisted sites can negatively impact search traffic.
  5. DNS and SSL Change Monitoring. Monitors for more obscure but effective attacks to the domain lookup and site security certificates.
  6. Continuously Upgraded Malware DB. A subscription to Malware DB helps to spot emerging trends in Malware.

Application Isolation

While there are certain efficiencies to hosting multiple sites on one server, separation of websites into discrete server containers can help mitigate damage to other sites should one site become infected. This should be considered on a case-by-case basis as some configurations may make this more difficult.

Malware Removal

This is most useful when other preventative measures fail and the Barbarians have breached the wall (no offense to Barbarians intended). We have recently implemented a third party solution that we have tested with excellent results. Based on the files cleaned the original vulnerability is often exposed which allows us to ensure that it the appropriate actions can be taken to eliminate a given exploit.


In regards to website security, an ounce of prevention is certainly worth a pound of cure. I speak from the experience of long nights cleaning infected sites. I realize the plan as outlined is overwhelming. While some of these steps can be implemented by non-technical users most should be placed in the hands of an expert. If you would like Flint Digital to executing a security plan for your organization please feel free to send us a note.

It’s no secret that mobile internet use has been on the rise and it’s safe to say that the tipping point has been reached. In 2015, it is estimated that 80% of all internet users will be using a smartphone to access the web on a regular basis. This translates into billions of users who could be viewing your site on a mobile device.

The good news is that if you’ve addressed mobile compatibility concerns with a mobile-first approach, you can sleep well tonight knowing your site is optimized to industry-standards and accessible across devices. Otherwise, you may want to read on.

Google has long been a champion of mobile (see the mobile playbook) and has encouraged mobile adoption through best-practices and web-standards. Recently, we’ve had direct communication from Google through Webmaster Tools that site compatibility will begin to affect mobile search rankings. While this is by no means a surprise, it’s rare that Google reveals it’s intentions directly to site owners and points to the fact that they mean business. Simply put, not abiding could have drastic effects on your online presence.

Not only has Google began to inform site-owners of their intentions, but evidence shows that they have already begun to turn up the heat on non-mobile friendly sites by providing higher placement and search rankings to sites that display well on small-screens and mobile devices. Take a look at David Naylor’s article on Google’s new algorithm that offers some convincing anecdotal evidence.

However, don’t panic, yet. We’re still on the front-side of this update and believe that there is time to implement a well-planned mobile strategy without experiencing any detriment to your business. There are a number of solutions we provide for taking a mobile-first approach to your online presence, and we’d be happy to discuss which course of action would be best for you. Nevertheless, time is of the essence as there is no doubt that these changes will become paramount in terms of your SEO strategy as well as user-experience and conversion.

Wait too much longer, however, and you may begin to feel the pain.

Contact us today for more information on enhancing your site’s mobile presence.

Stolen credentials are responsible for a staggering number of hacked websites. Whether it is the recent attacks on Sony or leaked pictures of your favorite celebrities, it usually starts with a stolen username and a password. With stolen credentials there is no limit to the damage that can be done.

Here are 5 things that you can do to decrease the likelihood that you will fall victim to one of these types of attacks:

Manage Your Passwords

The average user has 26 protected accounts but only 5 passwords. If this is the case a leak can compromise multiple accounts.

  • Use passwords with capitalization, symbols and numbers. 1qW#$?fyU7* is a lot harder to guess than redrover, even for a computer.
  • Use password tools. They encrypt and securely store your password information. LastPass is our favorite.
  • Don’t use the same username and password for all of your accounts. If you only have one username and password you greatly increase the chances of having it compromised.

Take Care of Your Computer

It is important to scan your computer for viruses, even if you have a Mac. Bitdefender, our favorite free antivirus program, can be download through the App Store for Mac or by clicking here for Windows.

  • Running a virus program just once is not enough. Use them often and keep them updated.
  • Backup your data. If you have a virus you may need to clear your hard drive to eliminate it. Having your important files stored in a safe location will make this faster and easier.
  • Keep Your Browser Current. There is no reason you should not keep your browser up to date unless you work at a company that requires old browsers. If that is the case then you might want to find another job.

Be Safe with Email

Email is the least secure way to send or store data. A hacked account can be devastating, especially if you have sensitive information in your emails. If you do not recognize who it is from, or it seems misplaced, contact the sender to see if it was actually sent by them.

  • Don’t send credentials in an email. Delete them if they have been sent to you.
  • Don’t open suspicious attachments or links in your email.
  • If you use Gmail check out this article for ways to quickly improve your security.

Use Secure FTP

Sensitive information may be exposed when transferring files to a server. If you are not using a secure method the information can easily be stolen.

  • Always use SFTP when connecting to your website.
  • Avoid FTP clients on this list.

Limit Users

The more users there are the more opportunities there are for a site to be hacked.

  • Remove old users from your application as soon as possible.
  • Give access only to the people who need it.

What is Version Control?

Version control is a software system that allows users to track changes to a file within a project. It stores every change that is made, and keeps a record of the file from before it was updated. This allows the project, or any file within it, to be rolled back to a previous version. The two major advantages of a version control system, which set it apart from a backup file, are that multiple copies of the same file are not needed and that files can be restored to previous versions individually.

A good way to wrap your head around it is to think of the difference between a printed encyclopedia (backups) and Wikipedia (version control). To have access to the few articles that are changed when the new version of a printed book comes out you must keep the old one. Every time that it is updated a whole new copy of the book is necessary, and to use a previous version you have to do so for everything, even though you only need the pervious version for one item.

With Wikipedia you can update one article at a time and do not need to store a copy of the others which were not updated. To see the changes made to an individual item you can view its history, and revert back to a previous version, independent of changes to others.

From a development standpoint, version control allows us to roll back specific files without having to undo unrelated changes that that happened after. If a bug or hack is found, we can go back to a working version of an individual file.

DIY Adjustable Height Standup Desks

The adverse effects of sitting have been well-documented in recent years. And those of us who work behind a computer, are especially prone to such health-risks caused from a sedentary work environment. Attention to the ill-effects of sitting and bad workplace ergonomics have given rise to the standing desk concept for the health-conscious office worker. However the costs of outfitting everyone with a new desk can be prohibitive for a small shop or freelancer so we started investigating a few DIY standing desk options and eventually designed our own.

Adjustable Height Stand-Up Desk Project Overview
  • Total Cost: $150 (will vary depending on material cost in your area)
  • Difficulty: Easy
  • Tools Required: Drill & Bits, Screwdriver, Allen Keys, Clamp
  • Assembly Time: 1 Hour or less

Our initial research led to a few of the following options and provided the inspiration for eventual end product:

The most budget-friendly and lowest barrier-to-entry option was the $100 Ikea desk so that’s what we started out with. However, we quickly found that the legs weren’t going to cut it, and the desktop became very unstable when adjusted past the mid-height. Additionally, we experimented with placing bed-risers under the legs, but the end-result was no better in terms of stability. When supporting pricey computer equipment, the last thing we wanted was someone bumping into a desk only to have it crashing and damaging some serious technology.

Our Adjustable-height Stand-Up Desk Design

After exploring some cheap pre-made and existing DIY options, we determined most of the plans and tutorials out there sacrificed quality and design so we decided to build our own. From our previous failed attempts, we knew we required the following in a stand-up desk:

  • Adjustable-height
  • Large work surface
  • Stable
  • Durable
  • Industrial Aesthetic
  • Budget-friendly
  • Ease-of-assembly
  • Ease of storage when disassembled

After sketching up some initial ideas, we looked into sourcing the materials that would fit our design and needs. Given the size/weight constraints, we knew that the parts had to be sourced locally, or else shipping would negate any potential cost-savings. Any mid-sized metro area should have a building supply with the parts you need.

Vendor List

Simplified Building has a plethora of information covering a range of projects you can build with cast fittings and Schedule 40 pipe. Additionally, they have Sketch-up models of all the Kee Klamps they stock which is very handy when designing your own project. When asking about our design, the staff was extremely helpful and knowledgable. In fact, they were working on a similar desk design to ours and were able to recommend lengths, desk-top dimensions, and build us a sample order so we could estimate final costs.

Towers Plumbing is a plumbing supplier in Salt Lake City. They had plenty of pipe in stock that fit our needs and were willing to cut it to length for free! This made it a no-brainer to go with Towers for all our pipe.

Fastenal in Salt Lake City is the Kee Klamps official distributor in Utah.

Grainger, a tool, materials, and equipment supplier, with supply warehouses across Salt Lake City, is who we sourced our initial cast-iron fittings from. – Their price for a brandless cast iron fitting of the style we wanted was around half of what any other supplier we found was selling them for. Our fittings showed up quickly and have met our expectations.

Stand-Up Desk Parts & Cut List

This is the list you’ll need to send to your local pipe & fitting supplier. Because pipe is intended for plumbing, you have to tell them to leave the ends unthreaded (they may scratch their heads at first when you mention this). It’s not a huge deal if they show up threaded, as this is primarily an aesthetic concern.

  • Dia: 1″ | Length: (1.75ft) 21 inch | Quantity: 2
  • Dia: 1″ | Length: (4.25ft) 51 inch | Quantity: 1
  • Dia: 1″ | Length: (3ft) 36 inch | Quantity: 4
  • Dia: 1 1/4″ | Length: (2.5ft) 30 inch | Quantity: 4
  • 1.32″ Single Socket T Connectors (designed for 1″ pipe) | Quantity: 6
  • 1.66″ Base Flanges (designed for 1 1/4″ pipe) | Quantity: 4
Table Top Options:
  • Ikea Linnmon table top | Quantity: 1
  • Dimensions: 59″ x 29 1/2″

We chose a $35 Ikea top however the options available are endless and you can always upgrade the top down the road. As expected, the quality, is well, Ikea quality so don’t expect it to hold up forever. Still, we now have a solid year or more on these desktops, and they seem to be holding up well.

DIY Adjustable Stand-Up Desk Assembly

The biggest challenge is creating a template for where to set the base-flanges. If you’re building multiple desks, the first one takes a little time to get dialed, however once you have the template built the additional desks go much more quickly.

Step 1:

Determine where the centers of your legs should be. Start by putting the lower brace assembly together on a level surface. Ensure the adjustment screws on all the connectors are facing outward or upward so that they can easily be adjusted later when the frame is assembled. Pipes should connect square and even. If building multiple desks, put all your braces together at the same time. Tip: Use your extra 1” leg sections to help line up the end braces.

The bottom of the desk, assembled. Use this to measure the flange distance.
DIY Standing Desk

Step 2:

Once you have the distances between the centers, transfer your measurements to the bottom of your tabletop so the frame is centered on all sides of the table top. (If you are using an Ikea tabletop, use the cardboard box the top came in as a protective barrier between the tabletop and the work surface). In our case, we marked out lines 3” from the long and the short edges. We used a square to extend the lines from the edges to about 4 inches past where the lines intersected.

The flange is mounted to each of the corners of our Ikea desk tops.

Step 3:

Align the flange over centering lines so they pass through the centers of the mounting holes and meet in the middle of the pipe opening. Mark the center of each mounting hole. The set screw on the flange should be facing the closest outside corner in each of the four spots. Remember which flange goes with which corner, as there are discrepancies in the hole placement between flanges (largely a byproduct of the casting process). Using an appropriately sized drill bit, make small, pilot holes in the table top for the screws that will hold the base flange to the table top, then screw the flanges in. Building your desk tops all at once will help. If your tabletop’s cardboard box is still in good condition, you can store the top in the box again until you are ready to assemble – just make some openings in the box for the flanges.

Most places that will cut your pipe are going to use a pipe cutter rather than a metal saw. This means that there will be a sharp rim of metal on the inner surface of almost all of your pipe ends. This can present a safety hazard while handling the pipe so wear gloves and use caution! But more importantly, the rim will prevent your 1” pipe from fitting inside of your 1 ¼” pipe. This is easily fixed by reaming out one end (the other end will act as a stop) of each of your 1 ¼” pieces, and has the added benefit of making the pipe fit tighter than it otherwise would have, as long as you don’t ream too much. We used a sheet metal bit in a hand drill, but you can use whatever you please.

Assemble all of your leg sections; this will make the final assembly easier.
adjustable height stand up desk assembly

Step 4:

At this point, you have three groups of components: legs, lower brace, and tabletop. This arrangement is convenient if the final resting place of your desk is somewhere other than where you are drilling. Take your pieces to wherever you’re going to set up the desk, and start with the tabletop upside down on the floor, with the cardboard underneath it. Insert the leg pieces, but don’t tighten down the set screws yet.

Slide the brace assembly down over the legs. It should be upside down at this point. Tighten the set screws in the flanges so they’re all lightly pressing against the pipe. Then go around the desk and tighten each flange fully.

Next, slide each of the 1” leg sections until you reach the desired height from the ground (length of leg + tabletop thickness = desk height) and tighten it fully before going to the next leg. With everything tightened firmly, flip the desk over, move it to its final position, and make any adjustments you need to. Use a level to make sure the desk is plum when you are finished. One of my favorite aspects of this design is that each leg is individually adjustable, so you can make it sturdy on any surface.

The Final Product

We have over a year with our stand-up desks and have since received many comments on the design. Additionally, we paired the desks with tall chairs, so users can alternate between sitting and standing (we’ve found some tasks simply require sitting for). Everyone has their desk set at a height appropriate for them, and even the tallest desk is rock-solid. If at some point in the future we decide to upgrade the tabletops, we can do so easily. One added benefit of the design that we didn’t initially consider is that the lower cross beam makes a nice leg rest, while sitting, which alleviates some of the circulation issues caused from sitting.

adjustable height stand up desk

Being a designer here at Flint Digital is my first real full-time job, and it’s been a fantastic experience. However, adjusting to a regular 9-5 schedule has taken considerable effort. For the first few months, my typical Monday morning involved sleeping through all my alarms and waking up in a panic with only 20 minutes to get myself ready and commute to the office. I was frequently late for our routine Monday meeting, and starting my days in such a frazzled, frustrated state was wearing me out… something had to give.

Read More

Measure, Rinse, & Repeat

This is the fifth and final part of our series on leveraging sharing for your business. If you haven’t already, read parts one, two, three, and four before continuing.

Part 5: Analyzing Your Content Efforts

There’s a saying that if you can’t measure it, you can’t improve it, and social media is no exception. Utilizing an available metrics tool can help provide insight into what is generating results. If something isn’t working, try saying it differently or approaching from another angle. As we saw in the example from Upworthy, sometimes simply tweaking the headline can make a difference in millions of views.

Read More

This is the fourth in our 5 part series on leveraging sharing for your business. If you haven’t already, read parts one, two, & three before continuing. Check back next week for the fifth and final part of the series.

Part 4: Distributing Content to the Masses

Now that your content is created and packaged, it’s time to distribute. Identify what channels you will be utilizing and distribute using the following guidelines.

Read More

This is the third in our 5 part series on leveraging sharing for your business. If you haven’t already, read parts 1 and 2 prior to continuing. Check back next week for part 4 in the series.

Part 3: Framing Your Content for Visibility

Creating and finding engaging content is only half the battle. For your content to be shared, it must stand out from the drivel. It doesn’t matter if you create the most interesting content in the world, if it’s not compelling enough to click, it won’t be shared. Framing your content with a good headline and image will help your post rise to the top.

Read More

This is the second in our 5 part series on leveraging sharing for your business. If you haven’t already, read part 1 prior to continuing. Check back next week for part 3 in the series.

Part 2: Creating & Curating for Your Brand

Creation vs Curation

Not everything you post is going to be original or self-promotional. Social media is a conversation, and every good conversationalist knows better than to brag about themselves excessively. While most original content will be promotional, it doesn’t necessarily need to be. In addition to sharing promotional content also make an effort to create conversations around interesting topics, events, or experiences that you determine as relevant to your business. For instance, if you’re a local ski shop, creating a conversation around a big storm moving through would be an example of providing original content that’s topical and relevant, but not self-promoting. Furthermore, creating engaging original content and conversations takes time and resources. Leveraging existing sources and media will help your social media presence stay fresh and relevant while allowing you to build relationships with like-minded businesses and individuals who can help spread your message. For every 1 self-promoting post, you should share 4 non self-promoting items or found content from others.

Read More