Protecting your password

A client’s Yahoo email account was hijacked recently. She found out after an email was sent out in her name, to her entire contact list, asking to borrow several thousand pounds. This was such an obvious scam that no-one fell for it. Fortunately, other than some embarrassment and inconvenience, there were no serious consequences. It could have been much worse.

How did this happen? She’ll probably never find out but easiest route would have been by getting hold of her password. Criminals use different techniques but common methods are:

  • ‘phishing’;
  • ‘shoulder-surfing’;
  • through an infiltrated computer;
  • by capturing the transmitted information.


This method because is so common that I’d be surprised if you’ve never encountered it. Phishing is when someone tries to trick you into visiting a fake website and entering your login credentials. Treat any email asking for your account details with suspicion. If in doubt, contact the company using their published telephone number or email address to double-check.


Shoulder-surfing is a technique where someone simply looks over your shoulder watching what you type. You’re most susceptible to this when you’re working in a public place, like an internet cafe, airport or train. To avoid this, just be aware of your surroundings.

Through an infiltrated computer

Computers can be infiltrated by software that secretly records everything you type on the keyboard. The most risky are those in internet cafes or hotel business rooms. What happens is that a malicious person will install recording software and wait for people to use the computer. A while later, the person retrieves the captured information, which would include web addresses, usernames, passwords and emails. It can be very difficult to know when this is happening so don’t trust public PCs.

Your own computer can also be infiltrated by a computer virus caught through email attachments or infected websites. Windows users should keep their anti-virus software up to date. Apple users have less to worry about but it’s still a good idea to be cautious and occasionally run virus checks.

Capturing transmitted information

This technique is probably one of the most difficult to avoid. Someone with enough technical knowledge can literally watch the passwords and emails flowing through your internet connection. Although it’s possible for this to happen with your wired office network, you’re most at risk when using WiFi.

If you have wireless internet at home, read the manual to make sure you configure it with the highest security setting possible. Things get more tricky when you’re travelling and using the wireless internet services at cafes and hotels.

To protect against this, you’ll need to use VPN software. VPN stands for Virtual Private Networking and is a way of scrambling your transmitted information, hiding it from prying eyes. Unfortunately this software can tricky to set up. They’re often used by corporations with their own IT department. As a small-business owner, this will probably be outside of your comfort zone unless you have someone technical on-board. Nevertheless, if you’re willing to give it a try, ask a computer retailer about VPN broadband routers.

Just remember to exercise caution

As you can see, the techniques range from old-fashioned confidence tricks to high-tech computerised traps. I’ve glossed over the details but key is to use the same common sense online as you would in the real world: don’t take everything at face value; be cautious when in unfamiliar surroundings; get advice on how to use your tools.

This is a complex topic so if there’s demand, I’ll write a more in-depth articles in the future.

Linking to a file in Drupal

  1. Login to your CMS at http://YOURSITE/user (replace YOURSITE with your own domain name).
  2. Create a new page or edit an existing page where you’d like to add the link.
  3. In the ‘Body’ editor box, type some text and highlight the words that you’d like to convert into a link. You may also highlight existing text.
    Linking text in Drupal
  4. With the link text highlighted, click in the ‘Insert/edit link’ icon in the editor tool bar.
    Image of Drupal's link text icon
  5. The ‘Insert/edit link’ window should now appear. If it does not, please temporarily disable your browser’s pop-up blocker.
    Image of Drupal's insert/edit link window

    • Link URL: Enter the filename prefixed by /files/
      Example: if your file is my_document.doc, you must enter /files/my_document.doc
    • Target: You may leave the setting at ‘Open link in the same window’
    • Title: Enter a descriptive title. This sets the text that appears when a visitor hovers the mouse over the link.
  6. Click ‘Insert’ on the ‘Insert/edit link’ window, then scroll down to the bottom of the page editor window and click ‘Submit’. The page will now be saved with your new link. View the page and click the link to make sure your file downloads as expected.

Updating or removing the link

You can also edit or remove the link text.

  • To update the link, follow the instructions above to bring up the ‘Insert/edit link’ window. It should appear with your pre-filled information.
  • To remove the link, highlight the link text and click the ‘Unlink’ icon. (This appears as a broken chain graphic and can be found next to the ‘Insert/edit link’ icon.

How to upload a file to your server


These instructions relate to your public website. It will show you how to upload a file to your server. Your site is controlled by a content management system (CMS) and there are several ways to achieve the same result. Here I will show you one method, but if you find it to be unwieldy, please let us know as we can suggest alternatives.


You will need the following in order to upload your file:

  1. File transfer software, also known as an ‘FTP client’.
  2. Your username and passwords to login to the server. For security, I’ve sent your username and password separately. (These credentials are not the same as those used to login to the CMS and edit your site pages.)
  3. The file you’d like to upload (of course!). You can upload any file type but to make things easier for yourself, I suggest you follow the guidelines below.

Uploading a file

  1. Open your FTP client and in the connection screen, use the following settings.
    • Host or Server
    • Username
    • Password
    • Path: you may leave this blank
    • Protocol: Use FTP or SFTP
    • Port: Most clients will fill this in for you. If it doesn’t, enter port 21 if connecting through FTP, or enter port 22 if connecting through SFTP.
  2. Click the ‘Connect’ button. Once the software has connected, it should display the files currently on the server.
  3. The files on the server are organised in a hierarchy similar to your own computer. If you did not enter a path in step one, you will be placed on the uppermost level so you’ll need to navigate to your ‘files’ directory. If you don’t know where this is, please contact the project manager or developer who worked on your site.
  4. Drag your file into the window showing the server files. (Some programs also have a section displaying your local computer files so make sure you drag it into the server window.)
  5. Wait for the file to finish uploading, then click ‘Disconnect’.

Please take care when manipulating files on the server. Deleting files here will cause content to permanently disappear from your website.


About the Protocol

The protocol is the method used by the software and server to communicate.

FTP is widely supported by file transfer programs but it’s not secure. Malicious people on your network can easily intercept your password and files when connecting through FTP.

SFTP is the secure version of FTP because it encrypts the password and files. Use SFTP if your software supports it.

File Guidelines

Following these guidelines will help reduce problems when creating your link.

  1. Try to keep the file size small. Anything up to a few megabytes (MB) is acceptable on modern internet connection speeds. If you’re pushing 25 MB or more, your visitors might not like the wait.
  2. Place the file in an easy-to-find location, such as your desktop.
  3. Use only alphanumeric characters in the filename and make sure there are no spaces. If you like, you can also use dashes ( – ) or underscores ( _ ). Unless you’re quite proficient with creating web pages, using any other characters may give you problems when creating a link to the file.

    The following examples are OK:

    • my-file-1.doc
    • MyFile.doc
    • myfile1.pdf
    • document_2.txt

    These may give you trouble when creating the link:

    • Jane’s document.pdf
    • John’s file 1.doc
    • mydocument (with hidden file extension)
    • SoldFor$10.doc

File transfer software

There are many FTP client vendors and some can be downloaded from the internet at no cost. Below are a few suggestions but an internet search for ‘FTP client’ will show more.

For Microsoft Windows


For Mac OS X


Should you run your own email server?

A common misconception amongst small-business owners is that you need your own email server. For most companies I’ve encountered, this is just not necessary.

Before continuing, it may help if I explain some basics. There are essentially two ways to have email:

  • Hosted email. This is when someone else manages the email server. If you have a personal Gmail or Yahoo email, it is ‘hosted’ by another company, in this case Google or Yahoo. The same is true if you use the email address provided by your internet service provider or website hosting company.
  • You run your own email server. Many medium-sized and large organisations take this route. They have a server room or data centre space, and an I.T. department who takes care of the servers.

Small-business owners sometimes feel that they need to emulate bigger companies by installing their own email server, perhaps assuming that it’s the way things are ‘supposed to be’. This is unsurprising since founders often come from a corporate environment where this set-up is normal. Furthermore, computer services companies love suggesting this route because it’s a great source of income: not only do they supply you with the hardware and software, they also get continued work through ongoing support.

Nevertheless, while email is critical for most companies, having an in-house mail server is a distraction from running the business. Do you have the resources to keep yours running reliably? Here are some examples of the many worries you’ll have if you take care of your own email server:

  • What happens to your messages if you lose power, say, from a blown fuse or road works?
  • Will the new cleaner unplug the cable to use for the vacuum cleaner?
  • What if the server is stolen during a break-in?
  • Do you have spare parts in case a component fails?
  • Can you keep the server virus-free?
  • Are you running regular backups?
  • Which software updates can you apply without causing problems?
  • Will the server overheat in the summer?

Compare this with a hosted service. Reputable providers house the servers in a data centre with backup power generators, building security, air conditioners and a round-the-clock technical team. The chances are that your email service will be more robust with them than in a computer sitting in the corner of your office.

If you think you genuinely need your own server, make sure that you’re aware of the implications. Don’t let your technology advisor push you towards this direction without a clear explanation.