4 Ways Your Website Could Get Hacked

How Can You Prevent Your Website From Being Hacked.

It’s not enough having a shiny website you have to maintain it and keep it away from the hackers.

Small business owners (yes that could be you) are the most at risk, here are somethings you can think about;

* 18% of small UK business have had their website hacked and this is growing
* 30,000 websites get hacked daily
* The average cost of a hack and data loss to a small business is £12,500. And, since online web traffic (e.g. from Google Search) is built on “trust” between websites, the reputation damage to a business over the long-term brand can be hundreds of thousands to several million dollars.
* 77% of small businesses believe “that their company is safe from cyber threats like viruses and spyware” yet 83% of small business don’t take any formal cyber-security measures to prevent their website being hacked.

Sources:

*Guardian: https://www.theguardian.com/technology/2017/apr/18/hackers-attacked-one-in-four-uk-firms-last-year-survey-finds

** Report: http://www.inc.com/laura-montini/nsba-survey-cybersecurity.html?cid=sf01001

*** http://www.inc.com/flash-steinbeiser/report-small-business-owners-not-worried-about-cyber-security.html

The above is just to give you a small indication of what could happen, hackers are becoming more sophisticated and trying out new methods that are faster and easier to implement.

Website hacked? What you could have done to prevent it.

At this stage if you are in the 83% bracket (not doing anything) you could spend a little time reading this and being prepared or just wait until some point in the future where you could be compromised and discover what trouble lies ahead.

Passwords
Attackers use comprehensive tools to scan for your website passwords, all it takes is the correct guess and they are in, so how do you prevent it?

* If you use a cms such as wordpress, drupal or joomla do not use the user name ‘admin’ change it to something more complicated.
* Do not use the same password twice, we know it’s difficult to remember every password you have but if you use something like Lastpass the system will challenge you on multiple passwords that are the same as other websites.
* Use 2-Step verification, this allows you and only you to login using a second layer of credentials sent usually to a mobile phone, WordPress does this very well and you can have this up and running in minutes.

Missing Security Updates

If you own a car and don’t maintain it your bound to run into trouble one day, this is the same with websites that have CMS systems attached.

This is one of the easiest ways hackers can do the damage and cost you a small fortune.

So what do you need to keep updated?

* Web server software, if you run your own servers
* Content Management System. Example: security releases from WordPress, Drupal, and Joomla!.
* All plugins and add-ons you use on your site

Insecure Themes and Plugins
Plugins are great, they let you do more in less time and are usually free, however this is where the issues can start.

Too many plugins, out of date plugins and plugins that are not compatible with your version of CMS can really make your website grind to a halt.

Some ideas you may want to consider before you update and or install that amazing new plugin.
* Is it safe? You won’t believe how hackers can copy a plugin and inject some really bad code so your site becomes unusable
* Is the plugin you want to install current or supported by the latest CMS version? If the plugin is not updated regularly or not compatible with your latest CMS version please remove it immediately and source the correct one.
* Remove all files from your server This really helps two fold, the first way is the plugin if it’s infected could lie dormant for months and you won’t know how and when it will cause problems so best remove it all and secondly the CMS will speed up as there are less files to deal with, disabling the plugin is sometimes not enough.

Security policy holes

Are you a system admin or run your own website?
If so poor security polices can allow hackers to compromise your website.
You could manage this better by
* Not alllowing users to create weak passwords
* Not giving administrative access to users who don’t require it
* Not enabling HTTPS on your site and allowing users to sign in using HTTP
* Allowing file uploads from unauthenticated users, or with no type checking

Summary

Hopefully this helps you beat the hackers and let’s be honest they are not going away, if anything they are getting better at it so that’s why we
recommend you consider the steps above and discover where you could be compromised before it is too late.

Brace yourself HTTPS is becoming the norm in 60 days!

Negative Indicators are now appearing.

We are now at a point of no return and witnessing something quite remarkable. You may have an idea what we are talking about but if you don’t it’s time time to sit up and take note.

HTTPS Everywhere

On July 24th Google Chrome (the most popular website on the planet) will flag every website that does not have SSL/TLS encryption, but wait I hear you ask what does this mean for me?.

Quite simply put your website will be penalised by the introduction of negative security indicators (will explain this in a second) and no one wants that to happen.

So, why is Google doing this?

Google can almost do what they like (and probably will) however Google is now cracking down on all websites that are not HTTPS and believe that the web user should expect a secure web experience (HTTPS by default) and HTTP websites with no SSL visible should be reprimanded.

This is what Emily Schechter posted on Chrome’s official blog:
“Users should expect that the web is safe by default, and they’ll be warned when there’s an issue. Since we’ll soon start marking all HTTP pages as “not secure,” we’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure.”

To put this all in simple words, websites needed some incentivization from browsers so that the usage of HTTPS could proliferate. But now that HTTPS is close to becoming a standard, Google feels no need for such incentives in the form of positive indicators and will now be turning to negative security indicators instead.

So, no more padlock?

No (eventually).
Ultimately, Google aims to establish HTTPS as a norm, and the way it’s going to do is not attaching any positive signs pertaining to HTTPS or encryption and penalizing the exceptions (HTTP sites). So, the “Secure” text and the padlock sign will soon be a thing of the past. With the launch of Chrome 69 in September 2018, the “Secure” text will be gone. The next step would be removing the padlock sign that will mark a milestone in establishing HTTPS as a norm.

secure https everywhere

Chrome 70, to be released in October 2018, is set to make this warning even more negative—more noticeable in other terms.

After the introduction of Chrome 68, when every HTTP site will be marked as “Not Secure,” Google will need some other negative security indicator when one types in something on an HTTP page as the “Not Secure” sign is there as a default. This will be done with the cunning use of the color red.

Here’s how it looks:

https everywhere

As you can see, the red warning is much angrier than the current one—behold, the power of red.

So What Do You?

The big indicator here is change your website to HTTPS and invest in SSL you can get them from Let’s Encrypt (they are free) however they do require some work to install and validate them.

At this point our insider information indicates there are further changes coming, if you gear up your website now to accept these changes the others will be less stressful down the line.

We suggest you talk to your web developer or talk to us and we can guide you through the changes you need to make.

What should I Track In Google Analytics? Top 3 Resources

What Should I Track In Google Analytics?

We all know Google Analytics does lead the way in providing information about the who, the why and the when of visitors that land on your website, however the question may be what should I track in Google Analytics?

The Google Analytics platform is complex in some area’s and that may be when you need an expert to interpret the data, however by looking at the basics you can figure out where your visitors are spending the most time, the source of traffic to your website and a whole load more.

So are you ready to discover what you should be tracking in Google Analytics?

Let’s go!

First Stop Traffic Sources:

How to get there:

what should i track in google analytics

Traffic sources

By opening the overview you will see the following labels:

  • Organic Search: Visitors arrived at your website via organic search terms.
  • Direct: Visitors who arrived at your website by typing your URL into the search bar.
  • Referral: Visitors who arrived at your website via links from other websites or backlinks.
  • Social: Visitors who arrived from content that you have provided on social media
  • Paid Search: Visitors who arrived at your website via Google Adwords or other digital advertising methods that are paid for.
  • Email: Visitors who arrived from email campaigns that you have sent.

By using traffic sources you will see where your marketing efforts are making the most impact plus where things could be going wrong i.e high spend on Google ads and low traffic.

what should i track in google analytics

Next Stop: All Traffic:

How to get there:

what should i track in google analytics

By clicking on channels you will discover another layer of analytical information that shows all active areas of traffic with clickable links that allow you to drill down on each each channel.

what shhould i track in google analytics

As an example by clicking on the social channel you can see what social platform brings you the most traffic.

what should i track in google analytics

Page Views, Time On Pages and Bounce Rate.

The top columns listed below require a little explaining but here is where to find the information first.

Behavior > Site content > All pages
what should i track in google analytics

What to look for:

Bounce Rate: On average your website should have a bounce rate between 40%- 70% which shows that readers are sticking around and the content is engaging.

Average session duration: The total average session duration for your website will give you a general idea of how long visitors stay on your site but it isn’t nearly as powerful as diving into the average session duration for individual pages on your site.
Unique Page Views: Unique page views provide a useful alternative to basic page views. With unique page views, you eliminate the factor of multiple views of the same page within a single session.

Page Views: Not to be confused with the above, a page view is a single viewing of a Web page. This means that any time the page is loaded by the user’s browser, the number of page views is incremented. If a user visits the same page multiple times within a single session, each viewing of the page will add to its page view count.

Content:
By updating and producing meaningful and actionable content you will find that each page will change and visitor numbers will change, on average what you will be looking for is a 2-3 minute page view and of course some will be less (contact us page), however as you can see above this blog post was interesting for readers that nearly 4 minutes was spent reading the content which can only help with generating leads and rising through the ranks in Google.

More resources:
To find out more about Google Analytics and how you can benefit from using the platform check this here.

What Should I Track In Google Analytics?

Hopefully this small guide has helped you discover a little more about Google Analytics, if you want to improve your traffic why not check out our site auditor tool, it’s free and gives you an insight on how your website is actually performing.

Try it here.

Why you should adopt PESO for your digital marketing

Why you should adopt PESO for your digital marketing.

No it’s nothing to do with the mexican currency but a possible way for marketers to adopt a new and fresh method of marketing; yes that’s the Peso Method.

So what does the mean exactly and what can PESO do for you?.

In simple terms the Peso method is a collection of terms used buy PR companies to organise and distrubute communications; the practise has been around for the last five years and was originally brought to the marketing scene by Gini Dietrich owner of marketing blog Spin Sucks a top 10 blog in the marketing arena.

Gini points out “PR is marketing. PR is sales. PR is customer service. PR absolutely can generate leads, nurture them and convert them to sales. PR absolutely can attract new donors.

The “Owned, Earned, Paid and Shared” model now breathes a little life into the marketing industry especially when all 4 work together, here is what Peso stands for:

– Paid

– Earned

– Shared

– Owned

Shared is the other animal in the equation here, (the others have been around since the dawn of time) as some shared activity will required paid whilst others not (organic) and or owned.

Get your PESO on:

To get a grasp on Peso let’s discovery each area in it’s proper context.

  • Paid Media this relates to sponsored tweets, facebook sponsored posts, Outbrain, lead gen and others.
  • Earned Media may fall into traditional area’s of PR however this actually includes blogger and influencer marketing.
  • Shared Media is the opposite of paid media on the social channels all organic activity not paid for.
  • Owned Media is firmly placed on a company’s website and or newsletter. The content is at the centre of all activities here so creating e-books, case studies and real life stories in a working environment will be owned and produced in text, audio and image formats.

The benefits of PESO really come through when you begin to combine all the channels together so much so that greater authority can be established and influence increased developing more inbound links and this would start to push a blog article towards the front page of search engines increasing traffic and leads / subscribers.

Why Do We Like It:
From a team perspective everyone can be involved and bring together a planned process for one piece of ‘Owned Media’ plus not forgetting the amount of content that can be brought out of that piece of content with the end goal in mind whether it’s sign ups or products sold you can see how each channel will work and what performed better.

The key is starting with the end goal in mind and working PESO to your advantage.

We did find that by using some great tools such as Trello or even a white board designing our own PESO labels helps us figure out the best route of any piece of content that we produce.

Will you use PESO?
If your a marketer you may start to adopt PESO as your new friend, if you need a marketing team to work with you on PESO then let’s talk.

7 Actions you can take now to secure and improve your WordPress website

As the web develops and consumers demand more it looks like WordPress Websites still leads the way as a CMS and blogging platform for all types of businesses.

Although a WordPress Website is very easy to work with and quick to make changes (providing you know what you are doing), however there are things that can actually damage your website and your business if you are not careful.

28% of the web is run by WordPress Websites  and surprisingly wordpress.com has more unique visitors than amazon does every month.

The big features with a WordPress website is that it’s customisable and with the amount of plugins available you will save yourself time and money instead of hiring developers to build custom features for you which can be very costly.

To avoid the pain of an underperforming WordPress website we have some useful tips to help you keep your WordPress site or blog running like a well oiled machine.

1.  Login as ‘Admin’

If you or any of your team are logging in as an admin user you need to stop this!  You should replace the ‘admin’ user login with a different name.

Fact:Wordfence reports up to 90,000 attacks on WordPress websites every minute.

Please ensure you do not have ‘admin’ as the username this will make a hackers job so much easier and by guessing a few choice passwords they could just stumble into that winning combination and bang your site is gone!

Action: You have different levels of access in wordpress for users, have one admin account and add other users such as ‘editor’ etc but do not use admin on any logins on the site.

2.  Install too many plugins

I love plugins and I love automation but not at the expense of slowing my website down and causing major issues.

When plugins are added you are taking abit of a risk:

a). Plugin Bugs: All Plugins have bugs and this can affect your site. Of course you can get them tested and or advice before adding the plugin.

b). Plugin compatibility issues: Conflicting plugins are a nightmare to deal with, it may look ok on the outside when you install the shiny new plugin however at some point the conflict may appear with another plugin causing the site to crash or features not working.

c). Security issues: Non rated plugins or poorly developed plugins can leave the site vulnerable.

d). Performance: Your WordPress website will grind to a halt the more plugins you add to the CMS. Each one will use resources when the website loads up and the performance will suffer.

Before you install plugins we always reccomend that you take a back up of the site and then proceed as at that point you always have the security of a roll back to a previous version.

Action: Back up your website before you add plugins and or uninstalling them.

3. Not using a staging server

If you want to go a stage further you should implement a staging server. This helps you decide how a plugin or a theme behaves in a test environment.

It is critical that you do not just add plugins on a live website as this will make changes that you cannot see and could break your website and you may have to start all over again.

This rule goes for installing new plugins, themes and layouts.

If you add a plugin or theme and it goes wrong on a live site you can remove it, however there may still be issues there if not removed correctly this then can cause you a major headache never mind lost customers to your website.

staging imageAction: Not got a staging site from your web team? I would suggest you ask for one as soon as possible.

4.  Manage security yourself

Security is just something you cannot skimp on!

Let me repeat that security is something you cannot skimp on, the reason why I say this is that we all have that moment where we think ‘it will never happen to me’ and it might and it might not.

However if you run your website as a business then I don’t think you would like to find your website defaced by images that are not suitable for anyone as this will cost money and a whole load of stress.

Hackers are more sophisticated and will test your website to see how they can break it and steal data from you.

By ensuring you have a robust security system in place you will not stop hackers completely but it will make their life harder, we use Sucuri as our provider on security and issues such as hacking, malware and other nasty security issues that you don’t need happen they take care of.

wp-king.co.ukAction: Consider a wp specialist in security such as WP KING.

5. Assume your backups are working

Are you backing up all your data on WordPress website?  Are you sure everything is backed up?  When was the last time you tried to restore files from your backup?

Check with your hosting provider what back ups you have and how often, if you don’t have back ups then consider taking them on as a service as the last thing you may need is all your hard work disappearing as you do not have a back up somewhere.

Action: Talk to your hosting provider or work with and or try to restore your site to another server to ensure that you have a complete copy available.

6. Not Considering Performance

The speed of your WordPress website is vital and it is one of the factors that Google considers when ranking your site but if your website is slow your visitors won’t come back.

If you consider the usage on mobile devices if your site is slow on these or is not configured properly you will find that that you may lose traffic as there is no high speed connection to deliver your content

The big question is your home page taking 10 seconds or more to upload on a browser?

If so that won’t go down well with Google and your visitors s its too slow.

You can test the speed of the download using a tool called gtmetrix.com .

web performance imageFrom this tool alone we found that our home page is super fast, but because of all the images in our blog posts, our posts load more slowly. So we have to do more work to make our site run like a Ferrari!

Action: Use the tool mentioned it’s free and see what is slowing your website down.

WP provides excellent plugins to help speed the process up, however you will need to know what you are doing to get the best from them. Check out WP Total Cache and WP Super Cache.

7. Not performing a regular audit

What we discover after a website build clients love it and think there is nothing more to be done and start making assumptions that the website is performing well.

If you do not have a care plan in place things can go wrong really quickly and one day you may wake up and notice it’s running slow or the site is not there at all!

Action: Perform an audit every 6 months.This should cover things like:

a) Speed of your site – test it and see how it’s performing

b) Security – Check the latest updates and see what you have to do to ensure safety.

c) Backups – Are the backups consistent and easily accessible?

d) Content – Duplication is a big no, no and ensure you may want to check this.

Summary

As popular as a WordPress website is this can leave you open to issues that you really didn’t know where well actually issues!

All we can say is protect yourself and ensure all is upto date to ensure your visitors get the best experience when visiting your website, after all it is your shop window.

SEO Or PPC which is best?

SEO Or PPC which is best?
When it comes to boosting traffic to your website, you have two basic options: pay-per-click (PPC) advertising or search engine optimization (SEO).

You can pay for traffic using the PPC advertising programs provided by Google Adwords, Yahoo Search Marketing,Bing and others. They enable you to display ads in the sponsored results section of each search engine’s results page. Then, you pay a fee — based on how competitive your chosen keyword is — whenever a viewer clicks through from your ad to your website.

Alternatively, you can build traffic for free by achieving high rankings in the natural search results — the listings displayed next to the sponsored results. You will need to follow SEO best practices to try to get your site displayed on these pages more prominently and more often. It may take time to reach the top of the natural results, but the free, targeted traffic will probably prove to be well worth the investment.

Which process is better?
It’s all about your strategy now when I say that what I really mean is do you need results fast and or have a product to launch or do you want to be know more locally for what you do and how you do it?

PPC is paid for marketing and that means yes you have to pay for it and be mindful of your budget and CPC and other metrics, however SEO is more like your building a house and laying the foundations that you will build over time to create a great website that didn’t cost you the earth to advertise and drive leads but it did cost you some time on learning on how it all works.

So what do you need? lets find out!

SEO: Improve your organic traffic
What are the pros and cons of organic traffic from search engines? Let’s begin with the pros:

Awareness. Visibility in search engines for your targeted keywords puts your business in front of potential customers in much the same way as if you were to advertise, and it drives brand awareness.
Branding. Visibility around commercial search terms and informational queries related to your business area can have a positive branding benefit. Your brand can become associated with and trusted by searchers who are asking questions as they conduct the research that will lead to a purchase. You can become an authoritative voice around a given topic.
Credibility and trust. Having your site return in the organic results can influence your perceived credibility with an audience looking for your services. Many users skip ads and trust organic results more highly. Being visible gives your business that all-important stamp of approval. Also having strong review and reputation signals in place will deliver further benefit.
Website traffic. Increasing website traffic provides you with more opportunities to drive awareness of your business and educate a prospect as to why they would buy from you.
Cost per click. Traffic from organic search is free… sort of. Developing that visibility will take time and effort (money), but there is not a direct charge for each impression or click.
Return on investment (ROI). Organic search engine traffic can provide an improved ROI over traditional forms of paid media and certainly improve upon PPC.
Cost. While SEO is neither cheap nor easy, it will generally be more cost-effective than all other marketing tactics for delivering brand awareness and relevant traffic to your website.
Sustainability. Unlike paid search marketing, organic traffic does not dry up the moment you stop paying. As such, efforts to develop organic traffic can sustain a business when marketing spend is cut back.
Improved click-through rate (CTR). A higher percentage of users click on the organic results. While there are exceptions to this rule, you will generate more clicks from a highly placed organic listing than from a highly placed paid ad.
More clicks overall. To maximize visibility and clicks, you will want to have listings in the paid and organic results. Keyword-level experimentation is needed here to see if you are paying for clicks you would get for free or increasing overall clicks and CTR in both paid and organic — but to truly maximize results, strong visibility in paid and organic is needed.
Strategic advantage. Visibility in organic search is not quick or easy — which is a good and a bad thing. Once you have established yourself in the organic results, your competitors can’t simply buy their way in (assuming you have done things the right way). This can provide a strategic advantage over the competition if they are relying on paid search.
Content Assets. To drive real traffic to your website organic results have to be interesting and provide real value to the reader when they click on your listing. Content assets can range from free e-books to infographics and or gated content that can provide you with key insights of the type of visitors that are looking at your website the key takeaway here is if it does not have value do not create it.

PPC: Laser-targeted visibility
How does paid search differ from organic search? With click-through rates and trust heavily stacked in favor of organic search, why would a business look at paid search? Here are some of the benefits PPC offers:
Position on the page. Paid search dominates above-the-fold content. With typically four ads on desktop and three on mobile, a user will always see the paid search ads, even if they choose to scroll past them.
Improved ads. PPC ads are just that: advertisements. As such, you have far more granular control and more space for delivering your marketing messages. Calls, locations, sitelinks, pricing and bullet points (callouts) are just some of the options for creating ads that dominate the page.
Brand visibility. Running paid search advertisements gets you seen by the right people. Even if they back off and conduct a brand search before clicking to your site, that visibility will pay dividends to your marketing.
Budget. PPC allows for a tight control of budget. Determine how much you are willing to spend per day (ideally with some initial and ideal ideas of returns), and set that fixed limit.
Targeting. PPC provides a laser-targeted way to get in front of potential customers. Ads can be targeted by search keywords, time of day, day of the week, geography, language, device and audiences based on previous visits.
Speed. While developing good organic visibility can take time, a PPC campaign can be created in days and ramped up in weeks. There is no faster way to get in front of customers at the very moment they are primed to buy than paid search engine advertising.
Agile. Speed provides agility. Want to test a new product? A new marketing message? You can get rapid feedback on a new product launch (or minimum viable product) by running a short PPC ad campaign.
Marketing intelligence. Where organic largely hides keyword data in the name of privacy, there is no such restriction with paid search. With conversion tracking and a solid integration with analytics software (like Google Analytics), we can determine what keywords convert and at what percentage and cost. This intelligence can be fed directly into organic search (SEO) marketing and can inform all other advertising to improve results across the board.
A/B testing. Easily split-test ads, landing pages, and even call-to-action buttons to determine where the very best results lie. Again, this information can be fed back into all other digital (and traditional) marketing endeavors.
Stability. AdWords does not suffer the same turbulence that the organic results can suffer from. There are changes, but they tend to have a far lower impact and are more easily managed. Careful use of match types and analysis of the search term reports allow for the removal of junk search and an increase in ROI over time.
Cost. Despite what many advertisers believe, a PPC account that’s well set up and managed can be a low-cost way to generate leads for your business. If you are a local business targeting a small geographic area and a small set of keywords, you may find that you can generate more than enough leads without breaking the bank. Please be aware that PPC is not a set and forget process, you will find that this will have to be managed with a degree of skill and by looking at various software platforms available you can increase your results and save time on your PPC campaigns.
Successful PPC needs skilled management and optimization — from monitoring bids, Quality Scores, positions and click-through rates. Some of this can be done with scripts, but if you are too busy to do this properly, ensure you have an expert on hand to take care of keeping your account in tip-top shape.

SEO or PPC?
It’s just not possible to answer this question without taking the unique situation of a given business into consideration.
A hyper-local business with little competition and a requirement for just a few leads per week could likely develop good visibility in the local and organic search results with a little spend or some DIY SEO.
A new e-commerce store that is competing with a page of results from Amazon, eBay and other major department stores and online retailers is likely going to struggle in organic search (in the short term, at least).
Do you need leads now? Are you looking at the long game? Do you have much in the way of website authority? What is the competition like in organic search? What is the cost per click in paid search?
A clear digital marketing strategy and clear short- and long-term goals are essential in making an SEO or PPC decision here.

SEO and PPC
In an ideal world, we would look at both SEO and PPC. They both have pros and cons and work best when supporting each other synergistically. Where you can get SEO and PPC working together, you will often be able to drive results that are greater than their component parts.

The benefits of running SEO and PPC together include:
* Keyword and conversion data from PPC can be fed into organic search (SEO).
* The total volume of traffic can be increased by targeting clicks in paid and organic for high-performing keywords.
* High-cost keywords, high-volume or low-converting (yet still important) keywords can be moved from PPC to organic search.
* A/B testing of ad copy and landing pages can be fed into your organic listing and landing pages.
* Remarketing allows you to stay in front of visitors after an initial touch via organic search and customize messaging around their engagement with your site.
* Test your keyword strategy in PPC before committing to long-term SEO strategies.
* Target users at all stages of the customer journey from research to comparison to purchase with commercial keywords.
* Increase confidence and awareness by having both strong organic and paid visibility.

Your business is unqiue and what may work for you may not work for someone else, in our experience with both PPC and SEO we find that taking each channel and building it into a marketing strategy through the term of 6 to 12 months can have significant results, however the main question is what do you expect to happen when you embark on an PPC or SEO campaign and what is your budget?

By reviewing the above and answering the question (budget and expectation) only then can you commit to a digital marketing plan that you can see results and tweak as required.

Not sure about your strategy talk to us today!

SEO Or PPC which is best?

GDPR Email Guide: The Do’s and Dont’s.

GDPR Email Guide.

So it’s nearly here and your wondering holy c*** what have we done re GDPR?

Although there are many processes involved from tick boxes on your website allowing consent to updating terms and conditions …( I know your about to explode) there is one thing you may not have thought about which is email!!

GDPR Email Guide: We all opt-in … we all opt-out! ( as the song goes)

You will find out soon enough if your compliance meets some or all of the rules the GDPR has set, however by examining what can be done re email marketing (newsletters, offers, promotions and updates) and what can’t be done you will be in a good place come the 25th of May.

Below is a small guide to put you on the right track and if you need to work out your email strategy on GDPR then hit us up!, but for now read on!

GDPR Email Guide: The Do’s and Dont’s.

DO seek consent wherever possible — it’s better to be safe than sorry, and asking for direct, affirmative permission to contact someone via email is the most secure process under GDPR and E-Privacy legislation.

If you do not have consent do not send even if you have mailed them asking to opt in and you get no response you must remove them from your list.

DON’T email anyone who has asked not to be contacted, unsubscribed from a list, or opted-out in any other way.

DO be aware of the difference between B2B and B2C communications, and segment your mailing lists accordingly. B2B emails should be targeted at a person’s role within a business, not at the specific person.

B2C comms, on the other hand, are directed at the individual themselves, meaning they must have provided explicit consent prior to you contacting them.

GDPR Email Guide: The Do’s and Dont’s.
DON’T add an email / contact details to all your email lists when you take a business card from someone. You could send them an email with all the nice gooey stuff and include details of your product / service and ask them within the confines of the email if they would like to be added to a specific mailing list that could be relevant to them.

Please be warned if they do not reply they cannot be added to the list and you cannot send any emails to the individual – silence is not consent.

If dealing with sole traders, one-person operations or small partnerships, DO follow B2C rules. Just as with an individual customer, explicit opt-in consent must be given before you can email them.

DON’T assume people will be interested in everything you do.

Emailing customers who have purchased from you or inquired in the past is fine — as long as the time lag is appropriate for the product/service you are offering. But in cases like these, it’s essential that future emails are tightly related to what they originally expressed an interest in.

Do you monitor email open rates? If you do and and segment readers based upon what they like and don’t like this action means you are monitoring thier behaviour. Again you will have to inform them of what you do and offer the option of opt-in or opt-out.

When considering marketing to new contacts think of variations of content (newsletters, white papers general updates) and in different formats, this can increase the interaction level and help drive your opt-in by using different mediums such as mail, text and or phone call.

This can improve your compliance as you are introducing flexibility into your levels of engagement.

GDPR Email Guide: The Do’s and Dont’s: Summary

Before you send any email marketing promotional or otherwise from the 25th of May you should ask the question”Have they confirmed they want to receive this information?”

If the answer is “no”, take them off the list. If the answer is “kind of” or “well they haven’t said they don’t want to,” take them off the list.

Only if the answer is “yes” should you click send — consent is crucial.

Not sure about what to do? Get in touch.

Top 5 Website Security Myths to Leave Behind in 2018

Top 5 Website Security Myths to Leave Behind in 2018

So you think you have heard it all before? Before you mention the words “it will never happen to me” it probably will!

2018 has a lot of changes happening in the World Wide Web, however businesses large or small sometimes don’t consider the impact of security or at least updates that are required to keep the wheels of industry turning and your clients happy.

In 2017 a number of major security breaches made the headlines, the ones you didn’t hear about may not have made an impact on your business but someone somewhere felt the blows of mismanaged or poor cyber security.

Cat & Mouse
When i was a kid (and still I do this sometimes) I loved watching Tom & Gerry (in fact my brother was nearly called Gerry that would have been fun) cyber security is kinda like that, you know the mouse (Gerry) sneaking up on the cat (Tom) and causing all sort of havoc when you least expect it.

Staying Safe in 2108
So how do you do it? We have a list of website security myths that need to be left behind and keep you and your business online.

Top 5 Website Security Myths to Leave Behind in 2018

5.) Small Business Owners Are at Less of a Risk of Being Hacked

No. While you can certainly filter some evidence to say that statistically a small business has a lower chance of being hacked than a major corporation, that’s misleading. Small businesses are at an even greater risk when it comes to hacking. That comes down to resources.

But let’s start from a numbers standpoint, more than half – 62% – of all cyber attacks launched are aimed at SMBs per IBM. Per Symantec, while 90% of major corporations have been targeted. 74% of SMBs have too. And then there’s this damning statistic from the National Cyber Security Alliance, 60% or 3 out of every 5 small businesses that suffer a cyber attack end up shuttering within six months of the incident.

From first hand experience working with clients that have had their website hacked (and came to us to fix the issues) we found that this plays havoc with their business from all sorts of view points.

Everyone is online now and if you visit a business via the search engines and discover a website with all sorts of strange images, garbled text and messages (you as the visitor will go elsewhere) the business that owns the website will lose the business and be none the wiser until it’s spotted.

Key Takeaway: Invest in updating and managing your website.

4.) Your Employees Can’t Impact Your Network or Website Security

Employees are a huge threat (there I said it)

Not that your employees mean it (some will if things do go right for them) most of the time it is just carelessness. Business can sometimes appear to have security all under control, however if an email has got through a firewall and spam filters plus it’s came from a colleague so it’s deemed safe, bingo the network has an issue.

By assuming employees have all the knowledge they need re your security is not a great move and this needs to be revisited, especially with so many devices available and the regular updates you may miss.

Key Takeaway : Employees need to be aware of your security controls and training in what to look for in emails that could be issues is key.

Top 5 Website Security Myths to Leave Behind in 2018

3.) A Firewall and Antivirus Software is Enough

Sadly, those days are over. We’re entering an era of comprehensive web security as a service. You’re already seeing a number of major players like Venafi and Comodo move into that space and it’s hard to argue with the new technology’s benefits.

For starters, the cost of staffing an effective in-house security team, for companies of all sizes, is staggering. We’re talking purchasing hardware, hiring and training staff and then maintaining everything on your own.
SaaS products are helping companies and organizations avoid those costs by essentially out-sourcing everything.

That’s because nowadays you need more than just a simple firewall and some antivirus software. You need 24/7 monitoring, malware detection and removal, it’s probably smart to have a good CDN for better security and performance, plus you’ll need to have a Systems Incident and Events Management team for any major crises.

Key Takeaway: Invest in Security-As-A-Service, outsource your security to a reliable company for a third of the price you would pay if you have this in house. Firewall and Antivirus software is not enough.

2.) Your Password is Strong And Safe Enough

Passwords are the bain of everyone’s life, i mean from the people who write them down in a notebook (why?) and choose passwords that are named after their dog (it’s quite easy to figure them out check Facebook) or even worse save them on their device (lost or stolen device means in the wrong hands an identity theft).

Avoid words all together
A random string of letters and numbers is harder to break even from a brute force attack and stops you using all the same passwords (can you imagine if one of your passwords is guessed correctly?) I know you are saying how can you remember all these crazy passwords?

If you use tools such as LastPass the system will store all your passwords, random generate passwords for you (letters and numbers) and automatically log you in.

Key Takeaway: Use letters, numbers and symbols for a password and store them safely.

Top 5 Website Security Myths to Leave Behind in 2018

1.) If you don’t store customers’ credit card info, you don’t need an SSL/TLS Certificate

This is now a very hot topic as you will know as Google wants to create a more secure web environment and the impending rules and regulations of GDPR.

It is true that SSL was only for credit card info etc but now all that has changed.
SSL is good hygene for your website, if you don’t know what SSL is and how it could affect you see here.

In the main SSL enforces a secure connection between connections on your web server by placing a piece of software and when configured correctly ensures that your website and your data is more secure.

Google & Mozilla
Leading browser providers Google & Mozilla have now improved security and require all websites to be encrypted ensuring a safer web but what does that mean for you?

In March or April this year (2018) both browser providers will begin to mark websites that are not secure by placing a warning triangle (in red) in your browser bar.

There is nothing worse and more damaging than showing a warning indicator on your business website saying ‘your website is not secure’
So regardless you will need HTTPS / TLS and a SSL Certificate to move forward in 2018.

Key Takeaway: Act now and prepare your website for SSL / HTTPS before its too late.

Top 5 Website Security Myths to Leave Behind in 2018

The web is changing and is a normal everyday thing that we all use, however the user experience is key and by looking at the suggestions listed you may find you can save yourself a lot of time, effort and money.

Facebook Events gets an overhaul, Welcome to Facebook Local

In the eyes of Facebook, Facebook Events isn’t inclusive enough for making plans with friends.

Which I totally agree, so to help you discover bars, restraints and nearby attractions Facebook has rebranded the standalone Events app as Facebook Local.

This sounds more like a shift to move in on the Yelp territory by combining events and permanent places into a single search engine powered by Facebooks 70 million business pages plus reviews and friends check ins.

Facebook Local product manager Aditya Koolwal tells tech Crunch the goal was to “Make it a lot easier to do certain kind of looks ups that are very common when making plans with friends.” Easier is key, considering Facebook Events never made it above #139 on the social networking app charts and SensorTower estimates it only got 100,000 downloads.

facebook local screen

For now, Facebook Local won’t feature ads from businesses and events trying to stand out, but says “we’ll think about advertising way further down the line.”
Although the features are slightly hidden the rebrand will let you see that the ‘Nearby’ feature will be called ‘Local’, however this is still separate from Facebook Events.

There is other improvements coming along which would include, Order Food feature and a similar feature to Snapchat’s Snap Map which is helpful for hooking up with friends that are nearby.

Although Facebook Local is not available in the UK as of yet, the reviews are positive and we are sure that this will follow the new mission statement from Facebook ‘Bringing the world closer together’ which applies to nightlife.

You can sign up to be notified of the changes for Facebook Local here.

Digital Fitness Are You Ready?

Digital Fitness Are You Ready?

Janurary is nearly over,(well it might be when you read this) however you will have been desperately trying to hold onto those promises that you made (new year , new you stuff!) but like some people those promises can disappear quite quickly and before you know it your in February (the love month).

One of the big things you may have considered in your new year new you was fitness (yes you went to the gym and if you are still going go you!) but what about your Digital Fitness?

Now your saying what do I have to run on a treadmill and type?

No, if you do send us a video and we can have a giggle about it, seriously though Digital Fitness is all about getting a balance online as well as offline.

Digital Fitness: Take The Test & Detox

Want to feel better and know what you share online is safe as well as managed?; you should try this test by the guys at Tactical Tech.

The test is designed in such a way that with just a few mins each day you can regain control your digital lifestyle, clean out a lot of garbage (yes the pics of you pole dancing with a few street lamps, not great) also what the outcomes are for sensitive information that is across the internet.

By day 8 of the test you will start to notice some small changes, for example part of the detox was the apps section, now I don’t know about you but i have more apps on my device or devices should I say than I know what to do with, so I went through the detox and deleted at least 6 of them and yep I feel better for it.

Digital Fitness: Clear your mind and your history

If your in shape great!

If your Digital Fitness is the equivalent of watching endless hours of box sets on Netflix and snacking like there is no tomorrow then why not try the Digital Fitness Detox who knows you may even feel like going for a run!