General Data Protection Regulation (GDPR)

Keyboard with the word 'Privacy' overlaidWhat is the GDPR?

The General Data Protection Regulation (GDPR) is the name given to the new law that will come into effect on 25 May 2018 to provide added protection and security to the data that businesses hold on, and about, individuals. It will replace the UK’s Data Protection Act (DPA).

At the end of this post you’ll find a simple glossary of terms for reference

Why do we need the GDPR?

There has been a huge change in the amount of data, and the way we use it, since the Data Protection Act came into effect 20 years ago.

Back then, a home PC was a rarity, now it’s pretty much the norm and households typically have multiple devices (PCs/laptops, phones, tablets, smart TVs and other internet connected devices) whilst the majority of businesses are totally reliant on IT and data.

As a consequence of these changes the laws relating to data needed updating and there was a strong drive to have common data protection laws across the EU due to the increased globalisation of business. Brexit will have no impact on the new regulations

What impact will the GDPR have on my business?

There will be a need to ensure that the way you collect, store, manage, use and destroy data is in compliance with the new regulations and there may be a requirement to employ new staff, outsource services or allocate new responsibilities to existing employees.

People & Accountability

Data Protection Officer

To comply with the new regulations you may need to allocate data protection responsibilities to employees or employ a new member of staff, depending on the size of your business and the data protection requirements placed on it. The following businesses MUST appoint a Data Protection Officer (DPO)

  • Public Authorities
  • Businesses whose core activities involve large scale systematic monitoring and profiling activities
  • Businesses whose core activities involve large scale processing of special categories of data such as ethnic origin, political opinions or religious beliefs

DPOs can be employed or outsourced but must report to the highest level of management.

Data Processors

Current law does not apply to pure data processors, i.e serviced providers who only deal with data as directed by their customer, only applying to data controllers. If you are a mailing house which accepts data from a client for producing mail shots (land mail or email) for example

GDPR introduces direct rules and accountabilities for data processors, including

  • Keeping records of data processed
  • Designating a Data Protection Office (where required)
  • Notifying the Data Controller where there has been a breach

Under GDPR, data controllers can only use data processors “providing sufficient guarantees to implement the appropriate technical and organisational measures so that the processing meets the requirements of GDPR and ensures the protection of the rights of data subjects

Accountability and the GDPR

Accountability is all about considering risks and demonstrating that you have considered, and managed, data protection risks. You will need to have clear policies in place to show that you meet the required standards and should establish a culture of monitoring, reviewing and assessing your data processing procedures

Privacy Impact Assessments

Businesses will be required to carry out a data protection impact assessment where carrying out any processes that use new technology that is likely to result in a high risk to data subjects, required in particular where there will be automated processing (including profiling) and on which decisions which affect the data subject and for large scale processing of personal data

Privacy By Design

Businesses must take data protection requirements into account from the inception of any new technology, product, or service, that involves the processing of personal data, with an ongoing requirement to keep those measures up to date.

Notification of Breach

The existing DPA requires an organisation to notify (register and pay a fee) the ICO that they will be processing personal data. This will no longer be a requirement under the GDPR, replaced by an obligation on the Data Controller and Data Processor to maintain detailed documentation, recording;

  • Processing records
  • Data location
  • Purpose of processing
  • Lists of data subjects
  • Categories of data
  • Security procedures

However, if you have fewer than 250 employees, the requirements are less onerous and you’ll only need to comply if your processing is “likely to result in high risk to individuals, the processing is not occasional, or includes sensitive personal data. However, because the processing of employee data is likely to involve sensitive personal data there will be an obligation on all organisations to maintain documentation, no matter what their size.

With the removal of registration and fee payment, the ICO loses their main source of income and this could make them keener to catch organisations in breach and fine them.

Under current  legislation there is no requirement to notify the ICO should you suffer a data security breach. This changes under the GDPR with the introduction of a requirement to report data security breaches to

  • Data Controllers (if a Data Processor breaches)
  • Regulators – if a Data Controller breaches and the result is a risk to the rights and freedoms of individuals – without undue delay (within 72 hours of discovery if feasible)
  • Affected Data Subjects – where the breach could leave them open to financial loss, for example. If the risk is high, this notification must be without undue delay.

When does the GDPR come in to law?

25 May 2018

Where will the GDPR apply?

Current data protection laws apply if you are located in the EU, or make use of equipment located in the EU, such as servers. The GDPR applies whether or not you are located in an EU country – it applies if you offer goods or services to EU residents or if you monitor their behavior.

If you want to transfer data beyond the EU (if you use a server based in the US to do your email marketing, for example) you need to ensure that the destination country has been recognised as having “adequate or equivalent” data protection regulations and you will have to ensure that suitable safeguards are in place to ensure the protection and security of the data you are transferring.

What happens if I don’t comply with the GDPR?

Currently, fines across the EU for a Data Protection Breach vary greatly with the UK having a maximum fine of £500,000 for a breach of the DPA.

One of the goals of the GDPR is to ensure that fines are consistent across national borders and to impose a significant increase in fines to emphasize the importance of good data management and security.

The new fines are to be split across two tiers

  • Up to 2% of annual, worldwide, turnover of the preceding financial year or EU10m (whichever is the greater) for violations relating to internal record keeping, data processor contracts, data security and breach notification, data protection officers and data protection by design and default
  • Up to 4% of annual, worldwide, turnover of the preceding financial year or EU20m (whichever is the greater) for violations relating to breaches of the data protection principles, conditions for consent, data subjects rights and international data transfers

The Information Commissioner’s Office (ICO) will also have increased enforcement powers and grounds for seeking judicial remedies under the GDPR, including a power to carry out audits and to require (demand)  information to be provided and obtain access to premises

Practical Steps to prepare for the GDPR

  • Ensure that you have the resources to plan and implement GDPR requirements
  • Identify all existing data systems and the personal data processed
  • Review existing compliance programs and update/expand as required to meet the requirements of GDPR
  • Ensure you have clear records of all data processing activities and that the records are available
  • When using Data Processors, ensure you include terms in your agreement relating to immediate notification of any data breach.
  • Develop and implement a data breach response plan and have templated notifications so that staff can act promptly
  • Put internal reporting procedures in place, have an internal breach register and train staff on notification and use
  • Ensure that you have sufficient resources to implement required changes
  • Consider appointing a DPO
  • Assess whether the organisation uses consent to justify processing
  • Develop, and implement, a policy on data storage and retention
  • Review contractual arrangements with Data Processors
  • Consider Data Protection when developing new technologies, services and goods and keep clear records
  • Ensure all policies and procedures are available and written in clear, concise and easily understood language
  • Consider how you will gain consent for the use of the ata you hold, and use, for advertising, marketing and/or social media
  • Examine your Privacy notices now and start updating them
  • Review privacy notices and other “fair processing” information given to employees
  • Review employment contracts, handbooks and policies. Is contractual “consent” sought?
  • Ensure that you can respond to Subject Access Requests within 1 month (no admin fee will apply under GDPR)
  • Train staff on data protection responsibilities

Summary

The GDPR will have a wide reaching impact on most businesses, both large and small, which make use of data within the organisation.

Within the GDPR there are many undefined phrases, such as what counts as “large scale” and what is “new technology” and it is likely that these will only be determined as part of case law i.e. when a company is prosecuted for a suspected breach and their defence (or prosecution) need an accurate description of such terms.

It is likely that things will change as we get closer to implementation. However, you should start your preparation as soon as possible and the ICO has published a useful leaflet called “12 Steps to Take Now” which provides more helpful advice.

Disclaimer

I’m a digital marketing and SEO professional, not a legal practice. As a consequence, this should be used as a guide to the GDPR and legal support sought to ensure that your business is in compliance.

Glossary of Data Protection and GDPR Terms

  • Consent – Permission to collect, store and use personal data
  • Data Controller – A person, or persons, determined the purposes for which, and the manner in which any personal data are, or are to be, processed
  • Data Portability – The ability to move data from organisation to organisation, or across nation states
  • DPA – Data Protection Act, the regulations that the GDPR replaces
  • Data Processor – Any person who processes data on behalf of the data controller
  • Data Protection Officer – Person responsible for the oversight of organisational data protection strategy and implementation to ensure compliance with the GDPR
  • Data subject – The person to whom a data set relates (you and I)
  • GDPR – General Data Protection Regulations. The name given to the new regulations relating to the way we collect, store, use and destroy data
  • ICO – Information Commissioner’s Office – body responsible for upholding GDPR
  • Personal Data – anything clearly seen as personal, including name, address, phone number but also including IP addresses, cookie identifiers and UDID (Unique device Identifiers). Expressions of opinion about an individual also count as personal data so you need to be careful what you say about colleagues or clients in emails
  • Right to be Forgotten – The right to request the complete deletion of all personal data.
  • Subject Access Request – A request that an individual can make to find out the data that an organisation has relating to them.

WannaCry, Ransomware and Bitcoin

The recent “WannaCry” Ransomware attack that hit the NHS (and more than 200,000 other victims across 150 countries) has focused attention on the CryptoCurrency called Bitcoin.

There have been numerous calls to outlaw Bitcoin and other CryptoCurrencies but there’s a lot of mis-understanding and a belief that they are only used to fund criminal activities.

In fact, over the last couple of years there have been numerous articles in the mainstream media about Bitcoin. Most have focused on their use by the criminal fraternity, whether for the payment of Ransomware ransoms to decrypt company data through to the purchasing of illegal weapons and drugs on the Dark Web, including The Silk Road, a dark web site where drugs, weapons and illegal services were traded online – before the site was taken down by the FBI in 2014.

However, Bitcoin, and other digital currencies, are now experiencing a significant uplift in their use for legitimate purposes and we thought that this is an ideal time to send out an explanatory email so that you can be better informed.

We’ll be looking at

    • What is a digital/virtual currency?
    • What is a Bitcoin?What is Distributed Ledger Technology / Blockchain?
    • How do I get digital money?
    • How can I spend digital money?
    • Where do I keep my Bitcoin?
    • How safe/secure is my digital money bank?

What is a digital/virtual currency?

A virtual currency is simply a digital form of money for online transactions. Virtual currencies only exist electronically, there’s no bank notes or coins and no bank deposits, hence their description as a Virtual Currency.

Virtual Currencies bring innovation and benefits to more traditional forms of banking and financial systems. Transactions are much cheaper and faster with international payments being much simplified due to freedom from exchange rate worries and bank transfer fees.

This means there are no currency exchange barriers, digital currencies are genuinely international, unaffected by national boundaries and traditional currency issues and associated exchange rate issues – until you want to exchange them for traditional cash.

The most well known Virtual Currency is Bitcoin although other examples include Dogecoin, Ether, Dash, Litecoin and Stellar.

In the early days, Virtual Currencies were seen as a way to pay for online transactions but these days you can use them as a form of payment in physical stores. There are even Bitcoin ATMs where you can buy and sell Bitcoins from your account – there are 20 in London alone and a total of 60 across the UK

What is a Bitcoin

All digital currencies only exist in the virtual form, being recorded in a public Distributed Ledger which is basically a secure database of digital currencies and which holds a record of every Bitcoin transaction

Bitcoins were one of the earliest forms of virtual currency, first introduced in 2008. In 2013 Bloomberg effectively endorsed the legitimacy of Bitcoin by testing Bitcoin on its trading terminals and later that year the US Federal Reserve gave their apparent blessing, stating that Bitcoin “may hold long-term promise, particularly if the innovations promote a faster, more secure and more efficient payment system” and is the most well known form of Digital Currency. In 2014 our own HMRC classifies Bitcoin as assets or private money which means that no VAT will be charged on the mining of, or exchange of Bitcoin. Later that year, Microsoft started accepting payment made by Bitcoin and a 2015 HMRC report on digital currencies further marked the acceptance of Virtual Currencies by mainstream financial services.

What is the Blockchain

The Blockchain is a database that records all Bitcoin transactions. It’s basically a distributed database, is totally separate from the banking industry and free from central interference.

Transactions are recorded in the form of payer x sends y bitcoins to payee z and payments are verified and validated and added to the Blockchain

How do I get digital money

Bitcoin Mining in IcelandBelieve it or not, it’s possible to make your own, legitimate, Bitcoin through a technique called “mining” which uses high performance computers to carry out sophisticated cryptological processing to effectively make new currency that’s then added to the Blockchain.

However, it’s not as easy at it sounds and most people simply buy their Bitcoins, and other virtual currencies, through more traditional routes – including the Bitcoin ATMs mentioned earlier in this article

How can I spend digital money

You can use Bitcoins to purchase traditional currencies, products and services and you can acquire Bitcoins in a similar manner.

Small amounts of Bitcoin can be traded. They are the millibitcoin (0.001 bitcoin), microbitcoin (0.0000001 bitcoin) and the satoshi which is the smallest amount and named after the inventor (0.00000001 bitcoin)

As noted earlier, transactions follow payer x sends y bitcoins to payee z format. Although transactions on the Blockchain are open to inspection, the reason why Bitcoin is so attractive to criminals is that transactions are pseudonymous. This means that “payer x” is only identified by his or her Bitcoin address.

In 2014, Bitcoin Payment Service Provider (A PayPal for Bitcoin) started accepting Bitcoin payments for tickets and concession sales at the St. Petersburg Bowl in the USA and in 2015 Barclays started to accept Bitcoin, the first UK high street bank to do so. Over 100,000 establishments were accepting payment by Bitcoin by the end of 2015.

You can buy technology from Aria and Dell, pre-owned technology, media and games from CeX around the UK, you can sign up for language courses, buy a beer and a meal in a pub, book theatre tickets, accommodation, home and garden furniture, new windows and much more – full list of UK companies accepting Bitcoin here.

In 2013 a Bitcoin was worth $13 and at the time of writing a Bitcoin would cost $1,033.43 ( £830.81) having peaked in 2017 at $1216.73.

The downside is the lack of protection because virtual currencies lien outside of the established banking regulations, Bitcoin users are not protected by refund rights or chargebacks and transactions are non-reversible.

Where do I keep my Bitcoin?

Your Digital Wallet stores all the information required to transact bitcoins. Although they’re frequently described as a place to hold, or store your Bitcoins, the reality is that Bitcoins ONLY exist in the Blockchain and your Digital Wallet simply stores your credentials to access your Bitcoin holdings. It’s similar to the way your debit card doesn’t store your money but allows you to access your account and arrange for the transfer for funds from your account to that of the seller.

How safe/secure is my digital money bank

Because your Virtual Currency is held centrally, there’s actually nothing to steal, in the conventional sense.

However, your Wallet needs to be secured. You need to use a strong password – and don’t forget it because there’s no password recovery routine. Lose your password and you lose your Bitcoin.You should keep your Wallet backed up, preferably in a number of locations, online, USB etc. Just as you would for your other computer data

So, is traditional money dead?

Far from it, and it’s probably a long way from dying simply because each country likes to have it’s own currency regulations in place and the fear associated with the disruption that Virtual Currencies will cause.

As a result, banks are making it easier for customers to spend their traditional money. We say the introduction of cheques – now on the decline. Credit and payment cards that facilitate the easy transfer of money. Internet banking, making it easier to manage our own funds. Contactless payments speeding up transactions, Apple and Android Pay., facilitating payment by simply tapping your phone on a payment terminal and the migration of these services to Smart Watches. Soon, you’ll have contactless payment capability added to pieces of jewellery (A payment wedding ring anyone?) followed by the embedding of a suitable chip under the skin of a fingertip.
However, as world governments become more centralised, the benefits of Virtual Currencies may begin to outweigh the pressures (and costs involved) to maintain more traditional Fiat based monetary systems and all we can suggest is that you watch this space.

OK Google, get ready for Voice Search

Amazon Echo with Alexa voice controlOK Google”, “Sir”, “Alexa”, “Cortana” and “Bixby” are all commands that wake your device up and prime them to expect a voice command.

The reality is that your Android Phone, Google Home, Windows 10/X-Box, Apple iDevice, Samsung Galaxy and Amazon Echo are always listening, it”s just the command that alerts them that an instruction is incoming.

And because phone keyboards are harder to use than those of their desktop/laptop cousins more and more people turning to voice control and voice search purely for ease and convenience.

As a consequence, it”s vitally important that you understand what you need to do to make sure that your site is easy to find – even when the search is through voice recognition.

Voice Search and Artificial Intelligence

Google Home with "OK Google"Google, in particular, is using artificial intelligence to better understand our spoken instructions and to encourage more conversational searches, such as “Where can I get my Jeep serviced” rather than a more traditional desktop search “Jeep servicing Bristol”.

According to Google, 20% of searches on Android devices are now voice searches and the number of searches continues to increase as users realise that voice recognition accuracy is improving all the time. According to KPCB Internet trends 2016 Report, the accuracy of voice recognition now exceeds 92%

Searching for local businesses

A lot of people use voice to search for local businesses, “where’s the best Pizza restaurant in Bristol” for example so, if you sell pizza in Bristol you need to ensure that your pages are optimised for “Best pizza restaurant in Bristol” and written in “natural language” (written in a similar way to the way you’d speak) which really helps with voice search results.

Optimising for Voice Search

iPhone waiting for a "Siri" voice commandWith traditional SEO, you’d have researched the words that people were typing when looking for your products or services and built your site optimisation around those. Now you have to get your head around the types of question that they might ask, just as if they were asking their friends, family or colleagues, as demonstrated in the above example about Pizza restaurants.

One way to start addressing this issue is to consider a dedicated Q&A page where you can pose these questions and add your answers – remembering to keep them more conversational than you’d perhaps feature elsewhere.

The pages that you have optimised for voice in this way need to feature in your Site-Map so that Google and Bing can easily find, and index, them. You do have a sitemap (sitemap.xml) don’t you?

You should even look to include microdata, schema, rich snippets and so on because these little pieces of code give the search engines even more information about your business.

Hi, I'm Cortana, ask me a questionYou’ll also need to ensure that your listings on Google My Business and Bing Places for Business is up-to date and accurate because that’s where Google and Cortana will look for the location-specific search results. You should also check out the other business directories that have your business listed, Yell, Thomson, Yelp etc and make sure that your address details are correct. This simply ensures that there’s no ambiguity about the right address for your business.

Responsive Website Design

Don’t forget that because most voice searches are conducted on a mobile device, you MUST have a mobile-friendly site because if your site isn’t mobile-friendly (Responsive) then Google won’t direct people to you. You can use this free Google tool to check the mobile friendliness of your website and if you need further help with your site, SEO for voice search, making your site mobile friendly or anything else related to your website then you should give me a call on 01793 238020 or drop me an email – andy@enterprise-oms.co.uk

And Finally

A bit of fun. If you use Google voice search and make an animal related enquiry, try adding “fun facts” to the end of your search to learn something about the animal you have been searching on.

Bluetooth Beacons

Belisha BeaconThe most well known type of beacon is probably the Belisha, the orange ball, containing a flashing light mounted on a striped pole and drawing attention to a zebra crossing.

Well, there’s a new type of beacon in town – the Bluetooth Beacon and businesses can use them in interesting and exciting ways.

What is a Bluetooth Beacon?

Basically, a Bluetooth Beacon is a low energy device (using button batteries that last for up to a year), that can be fixed almost anywhere and which transmits data and/or information to nearby “portable electronic devices” within 40-100 mtrs. Mobile phones and tablets in other words.

Major retail stores are starting to use Beacons to track customers as they move through the store. The Beacon can “push” marketing messages as customers get within range of relevant displays. Your iPhone may use a beacon to determine what section of a grocery store you’re in, see if anything on your shopping list is in that area, so you don’t forget it, and even push a discount voucher to encourage you to buy a particular brand.

Your Android phone could use a beacon to show on a map where you are and provide directions to where you want to go – in your language.

It’s not just for retail outlets though. If you are in business to business you could use a Beacon to push a message out to visitors offering a subscription to your newsletter or  encourage a visitor to install your App. Museums could use Beacons to trigger pictures, audio tracks or videos as you walk past particular displays and exhibits.

You can even use Beacons to provide keyless access, your phone could use a beacon in your car to know it’s your vehicle and send an unlock signal to it, for example.

How do you use a Bluetooth Beacon

The first thing you need to do is decide what you are looking to achieve. You could

  • Push deals and offers
  • Share news
  • Encourage Newsletter Subscriptions
  • Drive engagement at events and shows
  • Help blind people explore locations
  • Push visitor information
  • Unlock doors

Use is only limited by your imagination!

At a trade show, for example – simply place your Beacon on your stand and push your message to any attendee who comes within range of your Beacon.

What’s the likely cost

Avvel X BeaconBeacons can be pretty inexpensive – the Avvel X Beacon (left) for example –

  • runs off a CR2477 button cell which lasts for up to 30 months,
  • has a range up to 100m,
  • is waterproof,
  • is easily programmable
  • 42mm square and 13.4mm thick
  • From £20.00 + VAT


The Next Step

Well, I’ve just ordered one of the Avvel X Beacons to see how it works and what can be done and as soon as I’ve learned how to get the most from it, I’ll post an update here.

In the meantime, if you need any help – get in touch. Give me a call on 01793 238020 or drop me a line, andy@enterprise-oms.co.uk

And remember.

Beacons just send out information, they don’t know who you are, don’t connect to your device, can’t harvest mobile phone numbers and don’t steal any data

Why worry about Accreditations?

I do a lot of work for an IT support company in Bristol – Bristol IT Company – and at the bottom of their website is a list of badges, icons and logos, there’s a couple of ISO related ones and the rest come from well known (and less well known) brands in the IT sector but why are they there and why should you be concerned?

Bristol IT Company accreditationsWell, ISO’s easy, it’s a way of demonstrating a certain credibility by being assessed every year to ensure that we remain up to scratch. A lot of businesses have ISO9001 which is a quality management certification that demonstrates their commitment to consistently provide products and services that meet the needs of our clients. ISO27001 is an information security standard that demonstrates commitment to information security, both their own and that of clients.

The other accreditations come from manufacturers such as Cisco, Microsoft, Dell, Aruba, Cyberoam, VMWare and Veeam and demonstrate that the Bristol IT Company has the necessary skills to not only supply their equipment but to ensure that it is properly installed, configured and supported.

Why is this important
Let’s take a look at the security of your network – they have 2 vendors that are accredited with in this area, Cisco and Sophos. You can buy some Cisco & Sophos equipment on Amazon at competitive prices, have it delivered pretty much the next day and get it up and running very quickly. This might make you feel secure, after all Cisco are a market leader in networking and security – right?

Is this the right way to do things?
Probably not! Even assuming that you order the most appropriate device for your needs, installing equipment using the default settings could cause you a whole heap of pain.

Most hackers worth their salt know, and understand, these default settings making it really easy for them to penetrate your business’s network. It’s almost like advertising that you’ve installed the best locks in the world but have left a key under the doormat.

Not only that but the default settings are a one-size-fits-all option that are unlikely to be best suited to the way your business works and could actually slow your network, and internet connectivity, down if left untouched.

You could probably find hundreds of internet forums where people discuss the settings but which ones are the best for your particular needs? Which ones speed things up without compromising security and which ones increase security without compromising speed and which ones are actually posted by hackers looking to lure you into making your network even more insecure?

Accreditation
That’s where accreditation comes into play. By buying your equipment from an accredited supplier, Bristol IT Company will first of all advise you on the correct product that most closely matches your existing and future needs, possibly saving you money – certainly saving you pain.

They then ensure that your network is made as secure as possible by changing default settings to something much more secure and applying their training, experience and skill to ensure that your network is as secure as it can be by optimising the setup and performance of your kit.

Still think accreditation’s just an icon on a website? Well, give them a call on 01173 700 777 or email andy.poulton@bristolitcompany.com to find out that there’s much more to it than a pretty picture

Microsoft and Linkedin, a purchase made in heaven – or the Cloud at least

Linkedin Logo Microsoft LogoI’ve been a LinkedIn member since August 2005, apparently was one of the first million subscribers and have found it an invaluable tool for network building, staying up to date with, and in contact with, my Connections and even generating enquiries.

LinkedIn History
LinkedIn was started in 2002 by Reid Hoffman with money his stake in PayPal when it was sold to eBay. From that small beginning LinkedIn has become the No.1 business networking site, a Facebook for business if you like and now has more than 440m subscribers.

In 2011, LinkedIn went public (IPO) at $45 per share, raising $350m and valuing the company at $9bn, making it one of the most successful public offerings since Google in 2004.

Linkedin’s share price very quickly doubled and continued to rise, peaking at $269 in early 2015. After that it’s been a bit up and down and fears of a downturn earlier this year saw share prices falling to $101 in February after which there was a recovery to $135 in May

Then, to everyone’s surprise, in June 2016 LinkedIn was bought by Microsoft for $26.2 billion (a significant $61 premium on the share price), in an all cash deal, making it Microsoft’s largest acquisition by a long way

Why did Microsoft buy LinkedIn, where did it see the value and what will it do with this highly respected business networking site?

Although Microsoft and LinkedIn don’t, at first glance, appear natural partners, they are closer than you might think. Under Satya Nadella, Microsoft’s CEO, there has been a strong move away from consumer software and operating systems (Windows) to business and cloud subscription services such as Office 365, enterprise solutions like Microsoft Dynamics and cloud storage – Onedrive and it’s possible that this, allied to the fact that LinkedIn has over 440m active users, helped in the decision making process, that’s just over $59.54 per user.

The addition of Skype (Microsoft owned) to LinkedIn could make the platform even more attractive, allowing voice and video conversations to take place within LinkedIn (possibly limited to LinkedIn subscribers).

Potential Benefits
LinkedIn already has some really basic Customer Relationship Management tools built in to “My Network” which enables you to add Tags to your Connections so that you can search by your own custom categories as well as directly Message groups of contacts.

Now, imagine how much more powerful this would be if there were full CRM functionality.

  • Send emails to your Connections with a click with the contents held in the Client account
  • Have incoming emails automatically added to client records rather than a simple folder in Outlook.
  • Grouping sent and received emails together, in your Contact records
  • Click to call via Skype
  • Click to Video call via Skype
  • Click to open pre-templated documents through Office 365 and have them stored in Contact records

The reality is that the world is their oyster – with a little thought, good programming and over 430m pre-existing accounts there’s a great deal for Microsoft to leverage..

Lynda.com an Outstanding Resource for Learning
It’s also easy to forget that LinkedIn owns lynda.com. An online education provider with more than 3,000 online learning video courses, created by industry experts and covering topics across business and leadership, creative and technology.

A service that was described as “an outstanding resource for video based learning” by PCmag

What happens Now
Although the deal has been approved by both boards and is expected to be finalised by the end of this year it still needs approval from a number of regulatory bodies

Microsoft have said that “LinkedIn” will retain its distinct brand, culture and independence which is good news for fans and users, although analysts at Credit Suisse have said “We recognise that Microsoft will be able to realise several strategic synergies”

A side effect of the sale has pushed Twitter shares 5.5% higher on speculation that it will be next to go, perhaps to Google – which has expressed interest on several occasions in the previous 4 years.

What actually happens is still to be decided but I’ll keep you up to date as, and when more news becomes available.

In the meantime, if you need help with LinkedIn and want to learn how it can really help you grow your business just get in touch for a free chat, give me a call on 01793 238020 or drop me an email at andy@enterprise-oms.co.uk

More changes on the way from Google

On 24th May 2016 Google held one of their annual seminars, the Google Performance Summit and announced a number of changes to Google Ads, many of which have been driven by the streamlining of the way that Google Ads are displayed on Search Results Pages (SERPs)

1/ Longer Text AdsOld Google Ad
Previously, Google Ads comprised of a headline of 25 characters, 2 descriptive liners of 35 characters and a web address together with a “hidden” link that takes people to the most relevant page for their search.

Later this year, Google will roll out a new format, to enable Ads to make better use of the space they now have at the top and bottom of Google Search Results,

  • 2 Headlines, each of 30 charactersNew Google Ad
  • Single description line of 80 character
  • Auto Selection of most appropriate landing page (with a manual over-ride)

2/ Better Device Targeting
At the moment, you can target your Google Ads at Desktops (desktop and laptop computers) and Mobile devices (phones and tablets) by setting a bid value multiplier, so you could bit for a desktop keyword at £1.00 per click (for example) and use the multiplier to set a different bid value for mobile devices so, an Ad targeted at Mobile devices could have an 80% multiplier meaning that you’d be bidding £0.80 per click.

Later this year, you’ll be able to target each device uniquely by setting unique multipliers for phones and tablets

3/ Promoted Pins on Google MapsGoogle Ads Promoted Pins
With 1/3rd of all mobile searches being people looking for something in their area Google will be launching the ability to promote your business in Google Maps so that uses will see Promoted Pins along their route – or nearby.

4/ New Look Local Pages
Along with the ability to promote your business through Google Maps, Google are also overhauling their Local Pages so that you’ll be able to include more information, including product inventories, discounts and promotions to encourage visits

5/ New Google Ads Management ConsoleNew Google Ads interface
The current Google Ads management console is now more than 15 years old, New features have been bolted on and, as time has passed, the interface has become less intuitive and harder to understand and use. As a consequence, the Console is getting a complete overhaul and it’s likely that there will be a greater focus on Ads targeting Mobile devices.

As mentioned at the start, these changes are being rolled out this year although the changes to the Management Console are being rolled out more slowly and most of us probably won’t see the new interface before 2017.

If you are having trouble with your Google Ads, or just want it to work better for you, then please get in touch andy@enterprise-oms.co.uk or give me a call on 01793 238020

Beyond the Bounce

Google Analytics graph hit by a Google Penalty

Google Analytics is a fantastic tool for those looking to understand how their website is performing (or not). There’s so much valuable information and quite a lot of info that’s less than useful, screen resolution, operating systems, Flash version etc.

However, one metric seems to cause more confusion and fear than all the others combined, it’s called the Bounce Rate (BR).

It’s displayed front and centre when you access Analytics, shouting a percentage at you but what’s good, what’s bad and what does it all mean?

First off, the Bounce itself – it’s simply a record of visitors to your site who left from the page they landed on, without doing anything else. If your BR is below 20% then your website is performing exceptionally well and if it’s around 50% or more then it needs investigating because your website could be leaking a lot of potential customers.

Bounces occur for a variety of reasons;

Site Speed

Research demonstrates that you have about 3 seconds to get your web pages open in front of your visitors. Any slower and they’ll head back to their search engine. Google Analytics provides a lot of information and help if your site is slow.

Setting Expectations

If someone visits your website after seeing or hearing something, and they have an expectation, then if your website fails to meet that expectation, then they’ll leave – hearing about a special offer that’s not plainly displayed on the home page, for example, will increase your BR.

Arriving from an international location and finding the site isn’t in the visitors language increases your BR as does coming from a mobile phone to a non-responsive site, for example.

What to do if you have a high Bounce Rate

If you have a high BR you need to understand why, you should look at the following areas:

  • Analytics Site Speed Checker to help you to understand how quickly your site opens and give hints and tips to ways to improve performance.
  • Audience to help you to see whether visits come from countries you trade in
  • Mobile to see whether mobile users are having a good experience
  • Acquisition to show you how your visitors found you

Sometimes there’s nothing you can do, getting a lot of visitors from countries that you don’t trade with, for example. You can’t stop them visiting your site although it might be worth exploring whether this could be a business opportunity.

Then there’s Referrer Spam which can also be called “reverse marketing”. Companies actually target Google Analytics in the hope that they’ll appear high up in your Acquisition/All Traffic stats, pique your interest and encourage you to visit their website in the hope of enticing you into parting with money to buy their services. Treat these with extreme caution as most of the services on offer are poor and may even result in the fraudulent use of credit/debit card data.

You might see names such as “Semalt”, “Buttons-for-websites”, “rankings-analytics” appearing in quite high numbers and they’ll all have 100% bounce rates and 1 Page per Session.

The solution is to set a filter so that Analytics stops counting them and you can do this in the Admin section, under “Filters”. You’ll probably need to set new filters on a monthly basis, so fast do these companies adapt, and a filter only works from the day you implemented it which means that it won’t act on historical data, but at least the data more accurately reflects reality going forwards.

If you are not using Analytics, you should be and if you don’t understand Analytics, you should and if you need any help installing Analytics or want to understand more then get in touch, andy@enterprise-oms.co.uk or give me a call on 01793 238020

What has Google done now?

On Monday 22nd February Google made a sweeping change to the way that its search results pages looked.

Google removed Google Ads from the RH side of their results, when searching from a desktop or laptop PC.

This is the first major change since 2010, when Google moved from showing a maximum of 10 Ads on a page to 13.

Google added up to 3 Ads at the top of the free results as well as up to 10 Ads on the right hand side.

This latest change has wiped out the Ads on the RH side whilst increasing he number of Ads at the top of the page to a maximum of 4 and has seen Google add 3 Ads to the bottom of the search results.

Now a Search Results Page, which used to have up to 13 Ads, will now have a maximum of 7

Why has Google done this?

Google’s logic is that it wants to bring desktop search in-line with Mobile search, making things simpler and saving money.

I know that most people just ignore the Ads on the right. Even Google reckons that only around 30% of Google users actually look and click.

Although this percentage of users clicking is quite low, the revenue generated for Google is huge.

About 70% of revenue comes from clicks and, with Google the largest company on the planet, this represents a significant income.

However, it’s never enough. The hope is that by just having Ads at the top (and bottom) of the page – more people will click on them.

As well as attracting more clicks, Google will be hoping that businesses will pay more to ensure that their Ads are at the top of the page.

What Impact will this have on businesses

For businesses not paying for Ads, the top free results now appear further down the Search Results Pages. This may mean more people choose to click on an Ad rather than your website.

If your site is not in the top 3 or 4 of the free results, you may find that searchers now have to scroll – and they may choose not to.

This could mean more investment in Search Engine Optimisation to move your site higher on the first page.

The other danger is that Google increases the number of Ads at the top of the page. Google could choose to fill the first page with Ads which would mean that the free results would not appear until Page 2 [speculation]

If you are an Advertiser it could lead to increased costs as more businesses compete for fewer opportunities. However, if you sell products and use Product Listing Ads (PLA) these will continue to feature on the right hand side.

What should you do next?

You need to understand the impact that these changes will have on your website and so I’ve put a special offer together to help.

In-depth SEO review of your website – Special Offer – Save £100.00

Let me take the strain and carry out your audit for you, taking a deep look at your search engine optimisation, providing recommendations to improve and even looking at the way your website is working.

Normal Price Special Offer
1-10 Pages £250.00 £150.00
11-30 Pages £300.00 £200.00
31 – 50 Pages £350.00 £250.00
51 – 100 Pages £400.00 £300.00
Over 100 Pages POA PA

To take advantage of this offer all you have to do is give me a call on 01793 238020 or email  andy@enterprise-oms.co.uk and if you need help with any other aspect of your online marketing, Social Media, Email Marketing etc. don’t hesitate to use those contact details to get in touch..

Are we already at war?

Are we already at war?
This is the first (of two) articles taking a look at the hacking and cybercrime that’s taken place in 2015. Part 2, to be published soon, looks at the simple steps we can take to enhance our security and minimise the threats from cybercrime.

2015
Cost of Cyber Crime in 2014Although we’ve yet to reach the end of 2015, there’s already been an unprecedented number of data breaches and hacks compared to previous years, measured by both the number of breaches and the amount of data exposed.

The graphic on the right shows the estimated cost of cybercrime for 2014. In 2015 the cost has increased by 14% according to the “Cost of Cyber Crime Study: UK“, conducted by the Ponemon Institute and sponsored by HP.

The institute conducted 326 interviews with personnel from 39 UK companies to assess the incidence and cost of cybercrime for businesses. and the latest news is that the very recent TalkTalk hack has cost the company £35m so far

Major data breaches in 2015

FebruaryBillion dollar cyberheist
Up to 100 banks were penetrated and more than $1bn stolen
US health insurer Anthem
80 million patient and employee records including date of birth, social security
numbers, home and email addresses, employee information and more
May 2015 – BlueCross, US Health Insurance provider
11.2 million names, birth dates, email addresses stolen
US office of Personnel Management
21.5m US Federal employees confidential data was accessed and presumed
stolen
June 2015Kasperski Labs (yes, the security vendor) was hacked
Technical information was stolen, thought to be industrial espionage by a
sovereign Nation State
July 2015 – Harvard University
One of 8 universities hacked in 2015 but it’s not known what information was
accessed (and stolen)
Hacking Team
Hacking Team develop spy tools for government agencies and the breach
exposed 1 million emails including those of a sensitive nature from a number
of security agencies around the world
US Army National Guard
850,000 social security numbers, home addresses, names and other
personal information stolen
August – Ashley Madison
32m member’s data stolen and posted on the dark web for sale. The
ramifications are ongoing
September – John Brennan
CIA Director had his personal AOL email account hacked
October – TalkTalk
Major hack of the TalkTalk website and a lot of user data was stolen

In the US it is a legal requirement that all hacked companies make a report to the appropriate government department, however similar legislation has yet to be enacted in Europe so the reported incidents may just be the tip of the iceberg – and that’s assuming that hacked companies know that they’ve been hacked.

So who was behind these hacks and what was their goal?
hacker at laptop?At the time of writing, 4 people had been arrested, and bailed, for the The TalkTalk hack – 3 teenagers and a young adult although no charges have been brought.

Some hacks might be carried out by the stereotypical spotty teenager in a bedroom just doing it for fun, however the majority are likely to be carried out by more worrying groups, ranging from organised crime to extort money to government organisations.

The Ashley Madison hack looks to have been for the purpose of extortion, of both Ashley Madison themselves and their members (pay us £xx or we’ll let your friends and family know where you spend your time etc).

Others will be industrial espionage, companies looking to gain a competitive advantage whilst the remainder might have been carried by departments acting for state security and it’s believed, although almost impossible to prove, that the Kasperski, US National Guard, US Office of Personnel Management & Hacking Team hacks were conducted by sovereign Nation States, believed to be North Korea and/or China.

These attacks by non-friendly sovereign nation states on infrastructure may even be attacks seen as acts of war.

Safer Internet DayWhy do hacks occur?
For some, it’s simply for fun, the challenge and the bragging rights.

However, there’s a lot of money to be made from the theft of intellectual property and business sensitive materials, and nations stand to learn a great deal about their friends and enemies. It’s widely believed, for example, that China has been inside US military design systems for many years which could explain why their military have made extremely rapid advances with the design and manufacture of new military equipment, including stealth planes, missile defence systems and drones in recent years.

Towards the end of 2015 we’re seeing that China is negotiating two way, anti-hacking, arrangements with a number of major economic partners, including the UK, USA and Germany, theoretically enshrining in law that the countries won’t attempt to hack China and China won’t try to hack them. However, even if the above is true they don’t need to hack any further if they already have access to core systems.

A cynic might also say that history indicates that China may not stick to it’s side of the deal, and even if they do – they can always ask their friends to do it for them.

Protecting your business and yourself.
Although I’ve mentioned high-profile attacks, SMEs are also at great risk and so in Part Two I’ll be looking at some simple steps that you can take to maximise your security and minimise the risk that you are exposed to.