General Data Protection Regulation (GDPR)

Keyboard with the word 'Privacy' overlaidWhat is the GDPR?

The General Data Protection Regulation (GDPR) is the name given to the new law that will come into effect on 25 May 2018 to provide added protection and security to the data that businesses hold on, and about, individuals. It will replace the UK’s Data Protection Act (DPA).

At the end of this post you’ll find a simple glossary of terms for reference

Why do we need the GDPR?

There has been a huge change in the amount of data, and the way we use it, since the Data Protection Act came into effect 20 years ago.

Back then, a home PC was a rarity, now it’s pretty much the norm and households typically have multiple devices (PCs/laptops, phones, tablets, smart TVs and other internet connected devices) whilst the majority of businesses are totally reliant on IT and data.

As a consequence of these changes the laws relating to data needed updating and there was a strong drive to have common data protection laws across the EU due to the increased globalisation of business. Brexit will have no impact on the new regulations

What impact will the GDPR have on my business?

There will be a need to ensure that the way you collect, store, manage, use and destroy data is in compliance with the new regulations and there may be a requirement to employ new staff, outsource services or allocate new responsibilities to existing employees.

People & Accountability

Data Protection Officer

To comply with the new regulations you may need to allocate data protection responsibilities to employees or employ a new member of staff, depending on the size of your business and the data protection requirements placed on it. The following businesses MUST appoint a Data Protection Officer (DPO)

  • Public Authorities
  • Businesses whose core activities involve large scale systematic monitoring and profiling activities
  • Businesses whose core activities involve large scale processing of special categories of data such as ethnic origin, political opinions or religious beliefs

DPOs can be employed or outsourced but must report to the highest level of management.

Data Processors

Current law does not apply to pure data processors, i.e serviced providers who only deal with data as directed by their customer, only applying to data controllers. If you are a mailing house which accepts data from a client for producing mail shots (land mail or email) for example

GDPR introduces direct rules and accountabilities for data processors, including

  • Keeping records of data processed
  • Designating a Data Protection Office (where required)
  • Notifying the Data Controller where there has been a breach

Under GDPR, data controllers can only use data processors “providing sufficient guarantees to implement the appropriate technical and organisational measures so that the processing meets the requirements of GDPR and ensures the protection of the rights of data subjects

Accountability and the GDPR

Accountability is all about considering risks and demonstrating that you have considered, and managed, data protection risks. You will need to have clear policies in place to show that you meet the required standards and should establish a culture of monitoring, reviewing and assessing your data processing procedures

Privacy Impact Assessments

Businesses will be required to carry out a data protection impact assessment where carrying out any processes that use new technology that is likely to result in a high risk to data subjects, required in particular where there will be automated processing (including profiling) and on which decisions which affect the data subject and for large scale processing of personal data

Privacy By Design

Businesses must take data protection requirements into account from the inception of any new technology, product, or service, that involves the processing of personal data, with an ongoing requirement to keep those measures up to date.

Notification of Breach

The existing DPA requires an organisation to notify (register and pay a fee) the ICO that they will be processing personal data. This will no longer be a requirement under the GDPR, replaced by an obligation on the Data Controller and Data Processor to maintain detailed documentation, recording;

  • Processing records
  • Data location
  • Purpose of processing
  • Lists of data subjects
  • Categories of data
  • Security procedures

However, if you have fewer than 250 employees, the requirements are less onerous and you’ll only need to comply if your processing is “likely to result in high risk to individuals, the processing is not occasional, or includes sensitive personal data. However, because the processing of employee data is likely to involve sensitive personal data there will be an obligation on all organisations to maintain documentation, no matter what their size.

With the removal of registration and fee payment, the ICO loses their main source of income and this could make them keener to catch organisations in breach and fine them.

Under current  legislation there is no requirement to notify the ICO should you suffer a data security breach. This changes under the GDPR with the introduction of a requirement to report data security breaches to

  • Data Controllers (if a Data Processor breaches)
  • Regulators – if a Data Controller breaches and the result is a risk to the rights and freedoms of individuals – without undue delay (within 72 hours of discovery if feasible)
  • Affected Data Subjects – where the breach could leave them open to financial loss, for example. If the risk is high, this notification must be without undue delay.

When does the GDPR come in to law?

25 May 2018

Where will the GDPR apply?

Current data protection laws apply if you are located in the EU, or make use of equipment located in the EU, such as servers. The GDPR applies whether or not you are located in an EU country – it applies if you offer goods or services to EU residents or if you monitor their behavior.

If you want to transfer data beyond the EU (if you use a server based in the US to do your email marketing, for example) you need to ensure that the destination country has been recognised as having “adequate or equivalent” data protection regulations and you will have to ensure that suitable safeguards are in place to ensure the protection and security of the data you are transferring.

What happens if I don’t comply with the GDPR?

Currently, fines across the EU for a Data Protection Breach vary greatly with the UK having a maximum fine of £500,000 for a breach of the DPA.

One of the goals of the GDPR is to ensure that fines are consistent across national borders and to impose a significant increase in fines to emphasize the importance of good data management and security.

The new fines are to be split across two tiers

  • Up to 2% of annual, worldwide, turnover of the preceding financial year or EU10m (whichever is the greater) for violations relating to internal record keeping, data processor contracts, data security and breach notification, data protection officers and data protection by design and default
  • Up to 4% of annual, worldwide, turnover of the preceding financial year or EU20m (whichever is the greater) for violations relating to breaches of the data protection principles, conditions for consent, data subjects rights and international data transfers

The Information Commissioner’s Office (ICO) will also have increased enforcement powers and grounds for seeking judicial remedies under the GDPR, including a power to carry out audits and to require (demand)  information to be provided and obtain access to premises

Practical Steps to prepare for the GDPR

  • Ensure that you have the resources to plan and implement GDPR requirements
  • Identify all existing data systems and the personal data processed
  • Review existing compliance programs and update/expand as required to meet the requirements of GDPR
  • Ensure you have clear records of all data processing activities and that the records are available
  • When using Data Processors, ensure you include terms in your agreement relating to immediate notification of any data breach.
  • Develop and implement a data breach response plan and have templated notifications so that staff can act promptly
  • Put internal reporting procedures in place, have an internal breach register and train staff on notification and use
  • Ensure that you have sufficient resources to implement required changes
  • Consider appointing a DPO
  • Assess whether the organisation uses consent to justify processing
  • Develop, and implement, a policy on data storage and retention
  • Review contractual arrangements with Data Processors
  • Consider Data Protection when developing new technologies, services and goods and keep clear records
  • Ensure all policies and procedures are available and written in clear, concise and easily understood language
  • Consider how you will gain consent for the use of the ata you hold, and use, for advertising, marketing and/or social media
  • Examine your Privacy notices now and start updating them
  • Review privacy notices and other “fair processing” information given to employees
  • Review employment contracts, handbooks and policies. Is contractual “consent” sought?
  • Ensure that you can respond to Subject Access Requests within 1 month (no admin fee will apply under GDPR)
  • Train staff on data protection responsibilities

Summary

The GDPR will have a wide reaching impact on most businesses, both large and small, which make use of data within the organisation.

Within the GDPR there are many undefined phrases, such as what counts as “large scale” and what is “new technology” and it is likely that these will only be determined as part of case law i.e. when a company is prosecuted for a suspected breach and their defence (or prosecution) need an accurate description of such terms.

It is likely that things will change as we get closer to implementation. However, you should start your preparation as soon as possible and the ICO has published a useful leaflet called “12 Steps to Take Now” which provides more helpful advice.

Disclaimer

I’m a digital marketing and SEO professional, not a legal practice. As a consequence, this should be used as a guide to the GDPR and legal support sought to ensure that your business is in compliance.

Glossary of Data Protection and GDPR Terms

  • Consent – Permission to collect, store and use personal data
  • Data Controller – A person, or persons, determined the purposes for which, and the manner in which any personal data are, or are to be, processed
  • Data Portability – The ability to move data from organisation to organisation, or across nation states
  • DPA – Data Protection Act, the regulations that the GDPR replaces
  • Data Processor – Any person who processes data on behalf of the data controller
  • Data Protection Officer – Person responsible for the oversight of organisational data protection strategy and implementation to ensure compliance with the GDPR
  • Data subject – The person to whom a data set relates (you and I)
  • GDPR – General Data Protection Regulations. The name given to the new regulations relating to the way we collect, store, use and destroy data
  • ICO – Information Commissioner’s Office – body responsible for upholding GDPR
  • Personal Data – anything clearly seen as personal, including name, address, phone number but also including IP addresses, cookie identifiers and UDID (Unique device Identifiers). Expressions of opinion about an individual also count as personal data so you need to be careful what you say about colleagues or clients in emails
  • Right to be Forgotten – The right to request the complete deletion of all personal data.
  • Subject Access Request – A request that an individual can make to find out the data that an organisation has relating to them.

WannaCry, Ransomware and Bitcoin

The recent”WannaCry” Ransomware attack that hit the NHS (and more than 200,000 other victims across 150 countries) has focused attention on the CryptoCurrency called Bitcoin.

There have been numerous calls to outlaw Bitcoin and other CryptoCurrencies but there’s a lot of mis-understanding and a belief that they are only used to fund criminal activities.

In fact, over the last couple of years there have been numerous articles in the mainstream media about Bitcoin. Most have focused on their use by the criminal fraternity, whether for the payment of Ransomware ransoms to decrypt company data through to the purchasing of illegal weapons and drugs on the Dark Web, including The Silk Road, a dark web site where drugs, weapons and illegal services were traded online – before the site was taken down by the FBI in 2014.

However, Bitcoin, and other digital currencies, are now experiencing a significant uplift in their use for legitimate purposes and we thought that this is an ideal time to send out an explanatory email so that you can be better informed.

We’ll be looking at

  • What is a digital/virtual currency?
  • What is a Bitcoin?What is Distributed Ledger Technology / Blockchain?
  • How do I get digital money?
  • How can I spend digital money?
  • Where do I keep my Bitcoin?
  • How safe/secure is my digital money bank?

What is a digital/virtual currency?

A virtual currency is simply a digital form of money for online transactions. Virtual currencies only exist electronically, there’s no bank notes or coins and no bank deposits, hence their description as a Virtual Currency.

Virtual Currencies bring innovation and benefits to more traditional forms of banking and financial systems. Transactions are much cheaper and faster with international payments being much simplified due to freedom from exchange rate worries and bank transfer fees.

This means there are no currency exchange barriers, digital currencies are genuinely international, unaffected by national boundaries and traditional currency issues and associated exchange rate issues – until you want to exchange them for traditional cash.

The most well known Virtual Currency is Bitcoin although other examples include Dogecoin, Ether, Dash, Litecoin and Stellar.

In the early days, Virtual Currencies were seen as a way to pay for online transactions but these days you can use them as a form of payment in physical stores. There are even Bitcoin ATMs where you can buy and sell Bitcoins from your account – there are 20 in London alone and a total of 60 across the UK

What is a Bitcoin

All digital currencies only exist in the virtual form, being recorded in a public Distributed Ledger which is basically a secure database of digital currencies and which holds a record of every Bitcoin transaction

Bitcoins were one of the earliest forms of virtual currency, first introduced in 2008. In 2013 Bloomberg effectively endorsed the legitimacy of Bitcoin by testing Bitcoin on its trading terminals and later that year the US Federal Reserve gave their apparent blessing, stating that Bitcoin “may hold long-term promise, particularly if the innovations promote a faster, more secure and more efficient payment system” and is the most well known form of Digital Currency. In 2014 our own HMRC classifies Bitcoin as assets or private money which means that no VAT will be charged on the mining of, or exchange of Bitcoin. Later that year, Microsoft started accepting payment made by Bitcoin and a 2015 HMRC report on digital currencies further marked the acceptance of Virtual Currencies by mainstream financial services.

What is the Blockchain

The Blockchain is a database that records all Bitcoin transactions. It’s basically a distributed database, is totally separate from the banking industry and free from central interference.

Transactions are recorded in the form of payer x sends y bitcoins to payee z and payments are verified and validated and added to the Blockchain

How do I get digital money

Bitcoin Mining in IcelandBelieve it or not, it’s possible to make your own, legitimate, Bitcoin through a technique called “mining” which uses high performance computers to carry out sophisticated cryptological processing to effectively make new currency that’s then added to the Blockchain.

However, it’s not as easy at it sounds and most people simply buy their Bitcoins, and other virtual currencies, through more traditional routes – including the Bitcoin ATMs mentioned earlier in this article

How can I spend digital money

You can use Bitcoins to purchase traditional currencies, products and services and you can acquire Bitcoins in a similar manner.

Small amounts of Bitcoin can be traded. They are the millibitcoin (0.001 bitcoin), microbitcoin (0.0000001 bitcoin) and the satoshi which is the smallest amount and named after the inventor (0.00000001 bitcoin)

As noted earlier, transactions follow payer x sends y bitcoins to payee z format. Although transactions on the Blockchain are open to inspection, the reason why Bitcoin is so attractive to criminals is that transactions are pseudonymous. This means that “payer x” is only identified by his or her Bitcoin address.

In 2014, Bitcoin Payment Service Provider (A PayPal for Bitcoin) started accepting Bitcoin payments for tickets and concession sales at the St. Petersburg Bowl in the USA and in 2015 Barclays started to accept Bitcoin, the first UK high street bank to do so. Over 100,000 establishments were accepting payment by Bitcoin by the end of 2015.

You can buy technology from Aria and Dell, pre-owned technology, media and games from CeX around the UK, you can sign up for language courses, buy a beer and a meal in a pub, book theatre tickets, accommodation, home and garden furniture, new windows and much more – full list of UK companies accepting Bitcoin here.

In 2013 a Bitcoin was worth $13 and at the time of writing a Bitcoin would cost $1,033.43 ( £830.81) having peaked in 2017 at $1216.73.

The downside is the lack of protection because virtual currencies lien outside of the established banking regulations, Bitcoin users are not protected by refund rights or chargebacks and transactions are non-reversible.

Where do I keep my Bitcoin?

Your Digital Wallet stores all the information required to transact bitcoins. Although they’re frequently described as a place to hold, or store your Bitcoins, the reality is that Bitcoins ONLY exist in the Blockchain and your Digital Wallet simply stores your credentials to access your Bitcoin holdings. It’s similar to the way your debit card doesn’t store your money but allows you to access your account and arrange for the transfer for funds from your account to that of the seller.

How safe/secure is my digital money bank

Because your Virtual Currency is held centrally, there’s actually nothing to steal, in the conventional sense.

However, your Wallet needs to be secured. You need to use a strong password – and don’t forget it because there’s no “password recovery” routine. Lose your password and you lose your Bitcoin.You should keep your Wallet backedup, preferably in a number of locations, online, USB etc. Just as you would for your other computer data

So, is traditional money dead?

Far from it, and it’s probably a long way from dying simply because each country likes to have it’s own currency regulations in place and the fear associated with the disruption that Virtual Currencies will cause.

As a result, banks are making it easier for customers to spend their traditional money. We say the introduction of cheques – now on the decline. Credit and payment cards that facilitate the easy transfer of money. Internet banking, making it easier to manage our own funds. Contactless payments speeding up transactions, Apple and Android Pay., facilitating payment by simply tapping your phone on a payment terminal and the migration of these services to Smart Watches. Soon, you’ll have contactless payment capability added to pieces of jewellery (A payment wedding ring anyone?) followed by the embedding of a suitable chip under the skin of a fingertip.
However, as world governments become more centralised, the benefits of Virtual Currencies may begin to outweigh the pressures (and costs involved) to maintain more traditional Fiat based monetary systems and all we can suggest is that you “watch this space”

OK Google, get ready for Voice Search

Amazon Echo with Alexa voice control“OK Google”, “Siri”, “Alexa” “Cortana” and soon “Bixby” are all commands that wake your device up and prime them to expect a voice command.

The reality is that your Android Phone, Google Home, Windows 10/X-Box, Apple iDevice, Samsung Galaxy and Amazon Echo are always listening, it’s just the command that alerts them that an instruction is incoming.

And because phone keyboards are harder to use than those of their desktop/laptop cousins more and more people turning to voice control and voice search purely for ease and convenience.

As a consequence, it’s vitally important that you understand what you need to do to make sure that your site is easy to find – even when the search is through voice recognition.

Voice Search and Artificial Intelligence

Google Home with "OK Google"Google, in particular, is using artificial intelligence to better understand our spoken instructions and to encourage more conversational searches, such as “Where can I get my Jeep serviced” rather than a more traditional desktop search “Jeep servicing Bristol”

According to Google, 20% of searches on Android devices are now voice searches and the number of searches continues to increase as users realise that voice recognition accuracy is improving all the time. According to KPCB Internet trends 2016 Report, the accuracy of voice recognition now exceeds 92%

Searching for local businesses

A lot of people use voice to search for local businesses, “where’s the best Pizza restaurant in Bristol” for example so, if you sell pizza in Bristol you need to ensure that your pages are optimised for “Best pizza restaurant in Bristol” and written in “natural language” (written in a similar way to the way you’d speak) which really helps with voice search results.

Optimising for Voice Search

iPhone waiting for a "Siri" voice commandWith “traditional” SEO, you’d have researched the words that people were typing when looking for your products or services and built your site optimisation around those. Now you have to get your head around the types of question that they might ask, just as if they were asking their friends, family or colleagues, as demonstrated in the above example about Pizza restaurants.

One way to start addressing this issue is to consider a dedicated Q&A page where you can pose these questions and add your answers – remembering to keep them more conversational than you’d perhaps feature elsewhere.

The pages that you have optimised for voice in this way need to feature in your Site-Map so that Google and Bing can easily find, and index, them. You do have a sitemap (sitemap.xml) don’t you?

You should even look to include microdata, schema, rich snippets and so on because these little pieces of code give the search engines even more information about your business.

Hi, I'm Cortana, ask me a questionYou’ll also need to ensure that your listings on Google My Business and Bing Places for Business is up-to date and accurate because that’s where Google and Cortana will look for the  location-specific search results. You should also check out the other business directories that have your business listed, Yell, Thomson, Yelp etc and make sure that your address details are correct. This simply ensures that there’s no ambiguity about the right address for your business.

Responsive Website Design

Don’t forget that because most voice searches are conducted on a mobile device, you MUST have a mobile-friendly site because if your site isn’t mobile-friendly (Responsive) then Google won’t direct people to you. You can use this free Google tool to check the mobile friendliness of your website and if you need further help with your site, SEO for voice search, making your site mobile friendly or anything else related to your website then you should give me a call on 01793 238020 or drop me an email - andy@enterprise-oms.co.uk

And Finally

A bit of fun. If you use Google voice search and make an animal related enquiry, try adding “fun facts” to the end of your search to learn something about the animal you have been searching on.

How much did your last cup of coffee cost?

Cybercrime is everywhere these days, in 2016 the cost to the UK was over £1bn with more than 5.5m cyber offences taking place in the UK every year. That’s almost 50% of ALL UK crime.

There’s lots of advice on passwords, I regularly write about them, and other security measures that you can take but did you know that even a trip to your favourite coffee shop could end up being far more expensive than the price you pay for your Triple Grande Decaf Soy Latte Macchiato and blueberry muffin.

Cup of coffee and coffee beansImagine the scene, you’re between meetings and decide to drop into your favourite coffee shop for a cup of coffee, a cake and to tap into their Wi-Fi to read your emails, refresh your knowledge in time for your next meeting or simply to surf the web.

Spoof Wi-Fi Hotspot
Sign fro free wifi hotspot
When you sit down and try to log-on to the Wi-Fi there’s frequently a selection of hot-spots to choose from. How do you know which is the free service provided by the venue and which is a spoof.

It’s very easy to set up a Wi-Fi hot-spot using a mobile phone, Mi-Fi type of device or laptop and allow other users to connect through this free connection. This means that all of the traffic can then be intercepted by the person providing the spoof account – what sort of important information is passed from your laptop through this connection? It could be your details to access your online banking, the log-in to your company network or the necessary information required to access your corporate email account.

Time for a comfort break

Laptop and cup of coffeeThen the urge hits, you look around and see that everybody seems respectable enough so you head off to the toilet thinking that your laptop is safe on the table. After all, nobody would nick in sight of all those customers, staff and CCTV cameras would they?

You’d be wrong. Laptop tracking service provider, Prey, found that areas offering free Wi-Fi were the second most common target for opportunistic laptop thefts – the only riskier place being left in a visible place in your car.

If stolen, it’s not only the inconvenience of replacing the laptop, reinstalling your applications and copying back your data [you do back-up your data don’t you?] it’s the additional costs that aren’t covered by your insurance.

The Ponemon Institute, a US cyber crime consultancy, put the real cost of the loss of a laptop and it’s data at nearly £31,000. This was broken down into £4,000 for the loss of Intellectual Property, forensics and legal bills adding around £1,500 with a staggering £24,500 attributable to the loss of income, customers and competitive advantage associated with a data breach

So, the next time you stop off for a cup of coffee and decide to log-on using their free Wi-Fi, just make sure you know which network that you’re connecting to and that you don’t leave your laptop unattended.

Bluetooth Beacons

Belisha BeaconThe most well known type of beacon is probably the Belisha, the orange ball, containing a flashing light mounted on a striped pole and drawing attention to a zebra crossing.

Well, there’s a new type of beacon in town – the Bluetooth Beacon and businesses can use them in interesting and exciting ways.

What is a Bluetooth Beacon?

Basically, a Bluetooth Beacon is a low energy device (using button batteries that last for up to a year), that can be fixed almost anywhere and which transmits data and/or information to nearby “portable electronic devices” within 40-100 mtrs. Mobile phones and tablets in other words.

Major retail stores are starting to use Beacons to track customers as they move through the store. The Beacon can “push” marketing messages as customers get within range of relevant displays. Your iPhone may use a beacon to determine what section of a grocery store you’re in, see if anything on your shopping list is in that area, so you don’t forget it, and even push a discount voucher to encourage you to buy a particular brand.

Your Android phone could use a beacon to show on a map where you are and provide directions to where you want to go – in your language.

It’s not just for retail outlets though. If you are in business to business you could use a Beacon to push a message out to visitors offering a subscription to your newsletter or  encourage a visitor to install your App. Museums could use Beacons to trigger pictures, audio tracks or videos as you walk past particular displays and exhibits.

You can even use Beacons to provide keyless access, your phone could use a beacon in your car to know it’s your vehicle and send an unlock signal to it, for example.

How do you use a Bluetooth Beacon

The first thing you need to do is decide what you are looking to achieve. You could

  • Push deals and offers
  • Share news
  • Encourage Newsletter Subscriptions
  • Drive engagement at events and shows
  • Help blind people explore locations
  • Push visitor information
  • Unlock doors

Use is only limited by your imagination!

At a trade show, for example – simply place your Beacon on your stand and push your message to any attendee who comes within range of your Beacon.

What’s the likely cost

Avvel X BeaconBeacons can be pretty inexpensive – the Avvel X Beacon (left) for example –

  • runs off a CR2477 button cell which lasts for up to 30 months,
  • has a range up to 100m,
  • is waterproof,
  • is easily programmable
  • 42mm square and 13.4mm thick
  • From £20.00 + VAT


The Next Step

Well, I’ve just ordered one of the Avvel X Beacons to see how it works and what can be done and as soon as I’ve learned how to get the most from it, I’ll post an update here.

In the meantime, if you need any help – get in touch. Give me a call on 01793 238020 or drop me a line, andy@enterprise-oms.co.uk

And remember.

Beacons just send out information, they don’t know who you are, don’t connect to your device, can’t harvest mobile phone numbers and don’t steal any data

Worries with WordPress and what happens if you don’t keep up with updates

WordPress Logo

You might have a website that’s been build using WordPress. No one will blame you, after all it’s free and has become probably the most used Content Management Systems (CMS) out there.

You might have built the site yourself or paid a developer to design and build it for you. You might not even know that your site has been built using WordPress.

It’s popular because it’s free and pretty easy to use – well it is when compared to some of the alternatives out there anyway. Although popular and free, it may not be the best and although it It is OK it does have a number of issues.

WordPress Editing screenBecause it’s so popular it’s become a top target for hackers. This means that the people behind WordPress have to be on their toes, always on the lookout for weaknesses & flaws that the hackers can exploit to break into a website and create mayhem. When the WordPress developers come across such a flaw they create a patch and release a new version of WordPress. As an example, the current version is 4.7. However within the next couple of weeks there will probably be a new version. 4.7.1 and then 4.7.2 and so on and so on and so on, releasing updates as and when flaws are discovered.

You and your web developer need to be on top of this by making sure that you’re running the latest version of WordPress. The newer versions,  if setup properly, should update themselves automatically but you need to keep an eye on things “just in case”. Older versions had to updated manually, by clicking the “Update Now” link so it all seems pretty straightforward. But it’s not!

Why things may not be as easy as they seem

WordPress MenuMost websites using WordPress use a number of “Plug-Ins”, small pieces of software that add extra functionality to the website and make it easier to manage. However, you need to exercise caution when updating – especially if you use a lot of plugins to manage different elements of your site because some of the plug-ins may not have been updated to work with the latest version of WordPress. This means that hitting the “WordPress Update” link might cause a plugin to stop working and this could break your website.

But what happens if you don’t update WordPress?

Well, you might find that your website gets hacked and will start to do things that you wouldn’t want to be associated with. It could start to download malware to the computers of all the people who visit your site – malware that could monitor their keystrokes and pass banking details back to criminals in Eastern Europe or China, for example.

Or you could find – as one news website found out to their embarrassment at the end of November – a lot of unsavoury spam being inserted into the first paragraph of every news story on their website.

Hacked WordPress pageHow did this happen?
The company were very lax – their site was built using WordPress and was last updated in June 2012. Since then, there have been 114 updates to WordPress, some to improve performance and some to improve security.

By failing to keep up to date this gave the hackers and “easy in”. The hackers were able to use automated tools to find websites using WordPress and to find out which version was being used. From there, it would have been simple for the hackers to target a known weak spot and break in. From there, it would have been the work of moments to install their own spammy code.

What should the website do?
It’s easy to cure – all they have to do is identify and delete the malicious software and then update to the latest version of WordPress, although they are so behind with their updates that they might find their site gets broken by the update so they might be caught between a rock and a hard place.

If you are worried about WordPress, then don’t hesitate to get in touch. Give me a call on 01793 238020 or drop an email to andy@enterprise-oms.co.uk for a free, confidential and obligation free chat.

Why worry about Accreditations?

I do a lot of work for an IT support company in Bristol – Bristol IT Company – and at the bottom of their website is a list of badges, icons and logos, there’s a couple of ISO related ones and the rest come from well known (and less well known) brands in the IT sector but why are they there and why should you be concerned?

Bristol IT Company accreditationsWell, ISO’s easy, it’s a way of demonstrating a certain credibility by being assessed every year to ensure that we remain up to scratch. A lot of businesses have ISO9001 which is a quality management certification that demonstrates their commitment to consistently provide products and services that meet the needs of our clients. ISO27001 is an information security standard that demonstrates commitment to information security, both their own and that of clients.

The other accreditations come from manufacturers such as Cisco, Microsoft, Dell, Aruba, Cyberoam, VMWare and Veeam and demonstrate that the Bristol IT Company has the necessary skills to not only supply their equipment but to ensure that it is properly installed, configured and supported.

Why is this important
Let’s take a look at the security of your network – they have 2 vendors that are accredited with in this area, Cisco and Sophos. You can buy some Cisco & Sophos equipment on Amazon at competitive prices, have it delivered pretty much the next day and get it up and running very quickly. This might make you feel secure, after all Cisco are a market leader in networking and security – right?

Is this the right way to do things?
Probably not! Even assuming that you order the most appropriate device for your needs, installing equipment using the default settings could cause you a whole heap of pain.

Most hackers worth their salt know, and understand, these default settings making it really easy for them to penetrate your business’s network. It’s almost like advertising that you’ve installed the best locks in the world but have left a key under the doormat.

Not only that but the default settings are a “one size fits all” option that are unlikely to be best suited to the way your business works and could actually slow your network, and internet connectivity, down if left untouched.

You could probably find hundreds of internet forums where people discuss the settings but which ones are the best for your particular needs? Which ones speed things up without compromising security and which ones increase security without compromising speed and which ones are actually posted by hackers looking to lure you into making your network even more insecure?

Accreditation
That’s where accreditation comes into play. By buying your equipment from an accredited supplier, Bristol IT Company will first of all advise you on the correct product that most closely matches your existing and future needs, possibly saving you money – certainly saving you pain.

They then ensure that your network is made as secure as possible by changing default settings to something much more secure and applying their training, experience and skill to ensure that your network is as secure as it can be by optimising the setup and performance of your kit.

Still think accreditation’s just an icon on a website? Well, give them a call on 01173 700 777 or email andy.poulton@bristolitcompany.com to find out that there’s much more to it than a pretty picture

Microsoft and Linkedin, a purchase made in heaven – or the Cloud at least

Linkedin Logo Microsoft LogoI’ve been a Linkedin member since August 2005, apparently was one of the first million subscribers and have found it an invaluable tool for network building, staying up to date with, and in contact with, my Connections and even generating enquiries.

Linkedin History
Linkedin was started in 2002 by Reid Hoffman with money his stake in PayPal when it was sold to eBay. From that small beginning Linkedin has become the No.1 business networking site, a Facebook for business if you like and now has more than 440m subscribers.

In 2011, Linkedin went public (IPO) at $45 per share, raising $350m and valuing the company at $9bn, making it one of the most successful public offerings since Google in 2004.

Linkedin’s share price very quickly doubled and continued to rise, peaking at $269 in early 2015. After that it’s been a bit up and down and fears of a downturn earlier this year saw share prices falling to $101 in February after which there was a recovery to $135 in May

Then, to everyone’s surprise, in June 2016 Linkedin was bought by Microsoft for $26.2 billion (a significant $61 premium on the share price), in an all cash deal, making it Microsoft’s largest acquisition by a long way

Why did Microsoft buy Linkedin, where did it see the value and what will it do with this highly respected business networking site?~
Although Microsoft and LinkedIn don’t, at first glance, appear natural partners, they are closer than you might think. Under Satya Nadella, Microsoft’s CEO, there has been a strong move away from consumer software and operating systems (Windows) to business and cloud subscription services such as Office 365, enterprise solutions like Microsoft Dynamics and cloud storage – Onedrive and it’s possible that this, allied to the fact that Linkedin has over 440m active users, helped in the decision making process, that’s just over $59.54 per user.

The addition of Skype (Microsoft owned) to LinkedIn could make the platform even more attractive, allowing voice and video conversations to take place within Linkedin (possibly limited to Linkedin subscribers).

Potential Benefits
Linkedin already has some really basic Customer Relationship Management tools built in to “My Network” which enables you to add Tags to your Connections so that you can search by your own custom categories as well as directly Message groups of contacts.

Now, imagine how much more powerful this would be if there were full CRM functionality.

  • Send emails to your Connections with a click with the contents held in the Client account
  • Have incoming emails automatically added to client records rather than a simple folder in Outlook.
  • Grouping sent and received emails together, in your Contact records
  • Click to call via Skype
  • Click to Video call via Skype
  • Click to open pre-templated documents through Office 365 and have them stored in Contact records

The reality is that the world is their oyster – with a little thought, good programming and over 430m pre-existing accounts there’s a great deal for Microsoft to leverage..

Lynda.com an “Outstanding Resource for Learning”
It’s also easy to forget that Linkedin owns lynda.com. An online education provider with more than 3,000 online learning video courses, created by industry experts and covering topics across business and leadership, creative and technology.

A service that was described as “an outstanding resource for video based learning” by PCmag

What happens Now
Although the deal has been approved by both boards and is expected to be finalised by the end of this year it still needs approval from a number of regulatory bodies

Microsoft have said that “Linkedin will retain its distinct brand, culture and independence” which is good news for fans and users, although analysts at Credit Suisse have said “We recognise that Microsoft will be able to realise several strategic synergies”

A side effect of the sale has pushed Twitter shares 5.5% higher on speculation that it will be next to go, perhaps to Google – which has expressed interest on several occasions in the previous 4 years.

What actually happens is still to be decided but I’ll keep you up to date as, and when more news becomes available.

In the meantime, if you need help with Linkedin and want to learn how it can really help you grow your business just get in touch for a free chat, give me a call on 01793 238020 or drop me an email at andy@enterprise-oms.co.uk

More changes on the way from Google

On 24th May 2016 Google held one of their annual seminars, the Google Performance Summit and announced a number of changes to Google Ads, many of which have been driven by the streamlining of the way that Google Ads are displayed on Search Results Pages (SERPs)

1/ Longer Text AdsOld Google Ad
Previously, Google Ads comprised of a headline of 25 characters, 2 descriptive liners of 35 characters and a web address together with a “hidden” link that takes people to the most relevant page for their search.

Later this year, Google will roll out a new format, to enable Ads to make better use of the space they now have at the top and bottom of Google Search Results,

  • 2 Headlines, each of 30 charactersNew Google Ad
  • Single description line of 80 character
  • Auto Selection of most appropriate landing page (with a manual over-ride)

2/ Better Device Targeting
At the moment, you can target your Google Ads at Desktops (desktop and laptop computers) and Mobile devices (phones and tablets) by setting a bid value multiplier, so you could bit for a desktop keyword at £1.00 per click (for example) and use the multiplier to set a different bid value for mobile devices so, an Ad targeted at Mobile devices could have an 80% multiplier meaning that you’d be bidding £0.80 per click.

Later this year, you’ll be able to target each device uniquely by setting unique multipliers for phones and tablets

3/ Promoted Pins on Google MapsGoogle Ads Promoted Pins
With 1/3rd of all mobile searches being people looking for something in their area Google will be launching the ability to promote your business in Google Maps so that uses will see Promoted Pins along their route – or nearby.

4/ New Look Local Pages
Along with the ability to promote your business through Google Maps, Google are also overhauling their Local Pages so that you’ll be able to include more information, including product inventories, discounts and promotions to encourage visits

5/ New Google Ads Management ConsoleNew Google Ads interface
The current Google Ads management console is now more than 15 years old, New features have been bolted on and, as time has passed, the interface has become less intuitive and harder to understand and use. As a consequence, the Console is getting a complete overhaul and it’s likely that there will be a greater focus on Ads targeting Mobile devices.

As mentioned at the start, these changes are being rolled out this year although the changes to the Management Console are being rolled out more slowly and most of us probably won’t see the new interface before 2017.

If you are having trouble with your Google Ads, or just want it to work better for you, then please get in touch andy@enterprise-oms.co.uk or give me a call on 01793 238020

 

Beyond the Bounce

Google Analytics

Google Analytics is a fantastic tool for those looking to understand how their website is performing (or not). There’s so much valuable information and quite a lot of info that’s less than useful, screen resolution, operating systems, Flash version etc.

However, one metric seems to cause more confusion and fear than all the others combined, it’s called the Bounce Rate (BR).

It’s displayed front and centre when you access Analytics, shouting a percentage at you but what’s good, what’s bad and what does it all mean?

Google Analytics Bounce Rate

First off, the Bounce itself – it’s simply a record of visitors to your site who left from the page they landed on, without doing anything else. If your BR is below 20% then your website is performing exceptionally well and if it’s around 45% or more then it needs investigating because your website could be leaking a lot of potential customers.

Bounces occur for a variety of reasons;

Site Speed

Research demonstrates that you have about 3 seconds to get your web pages open in front of your visitors. Any slower and they’ll head back to their search engine. Google Analytics provides a lot of information and help if your site is slow.

Setting Expectations

If someone visits your website after seeing or hearing something, and they have an expectation, then if your website fails to meet that expectation, then they’ll leave – hearing about a special offer that’s not plainly displayed on the home page, for example, will increase your BR.

Arriving from an international location and finding the site isn’t in the visitors language increases your BR as does coming from a mobile phone to a non-responsive site, for example.

What to do if you have a high Bounce Rate

If you have a high BR you need to understand why, you should look at the following areas:Graphs

  • Analytics Site Speed Checker to help you to understand how quickly your site opens and give hints and tips to ways to improve performance.
  • Audience to help you to see whether visits come from countries you trade in
  • Mobile to see whether mobile users are having a good experience
  • Acquisition to show you how your visitors found you

Sometimes there’s nothing you can do, getting a lot of visitors from countries that you don’t trade with, for example. You can’t stop them visiting your site although it might be worth exploring whether this could be a business opportunity.

Then there’s Referrer Spam which can also be called “reverse marketing”. Companies actually target Google Analytics in the hope that they’ll appear high up in your Acquisition/All Traffic stats, pique your interest and encourage you to visit their website in the hope of enticing you into parting with money to buy their services. Treat these with extreme caution as most of the services on offer are poor and may even result in the fraudulent use of credit/debit card data.

You might see names such as “semalt”, “buttons-for-websites”, “rankings-analytics” appearing in quite high numbers and they’ll all have 100% bounce rates and 1 Page per Session.

The solution is to set a filter so that Analytics stops counting them and you can do this in the Admin section, under “Filters”. You’ll probably need to set new filters on a monthly basis, so fast do these companies adapt, and a filter only works from the day you implemented it which means that it won’t act on historical data, but at least the data more accurately reflects reality going forwards.

If you are not using Analytics, you should be and if you don’t understand Analytics, you should and if you need any help installing Analytics or want to understand more then get in touch, andy@enterprise-oms.co.uk or give me a call on 01793 238020