Do you need a VPN? Do you know what a VPN is?

There’s increasing talk in the media, and in advertising, of VPNs as an apparent cure to all your security woes and as a potential money saver. But what is a VPN and do you actually need one?

What is a VPN and how does it Work?

The acronym VPN stands for Virtual Private Network. Virtual in that it’s not, in the strictest sense, real, your VPN only exists for the duration of your use, Private because your connection is encrypted which prevents bad actors form listening in and Network because your VPN builds a private network between your device and an endpoint. It’s often likened to building your own tunnel from you to the endpoint with the data being very secure as it travels through your own tunnel.

Do you remember in some old films when the detectives would say “we can’t track this person, they’ve bounced their call, internet connection etc, off at least 9 different servers across the world”? Well, they could have been using a VPN.

Back in the days when I was employed as a consultant, my employer used a VPN so that we could securely connect to the office network when working remotely. And that’s what a VPN does, it allows a more secure connection across the internet.

Your VPN provider has a number of endpoints that they provide, around the world and when you connect to one, your data is encrypted before it leaves your device and pops out on to the internet at one of these points-of-presence with everything in-between making it’s way through your own, encrypted, secure, tunnel.

Imagine you pop in to your local coffee shop and hop on their free wi-fi to check your emails, perhaps do a little shopping and check your bank account. All your data flows through your coffee shop’s wi-fi router (Local Network in the graphic above) and out on to the internet (Public Network). However, it’s very easy for someone with a malicious intent to set up their own connection to the cafe’s WiFi and pretend to be the free WiFi service. If you connect to this all your data goes through their system (and it could just be their laptop) which allows them to pick up your connection, analyse your traffic and steal your data. This is called a man-in-the-middle attack and is pretty common and very easy to pull off.

If you use a VPN it doesn’t matter about the man-in-the-middle because your data zips right past that, secure in it’s own encrypted, tunnel, on the way to the endpoint – which is where it gets decrypted and sent on it’s way to your chosen website.

Why Should I use a VPN?

There are a number of reasons why you might choose to use a VPN.

The first is SECURITY

As noted just now, it’s not overly difficult to intercept web traffic, some of which will contain personal data and security related info – user names, passwords, banking data etc and a VPN can overcome most of the risks associated with the interception of privacy related data, keeping you safe from identity fraud and theft.

The second is SAVING MONEY

Your VPN provider will have endpoints in a number of different countries and if you select one of those countries then the internet will think that’s where you are – because that’s where your internet connection and data look as though it’s originating.

This means that you might find subscriptions (Netflix, YouTube, Spotify etc) are less expensive in other countries, that flights and holidays may cost less if booked from somewhere other than the UK and so on.

For example,

It’ll take a little bit of research but here are a couple of examples.

  • Spotify Premium costs just $1.58/month in India (the cheapest) but $18.39/month in Denmark (the most expensive).
  • YouTube Premium is similarly priced, costing just $1.56/month in India but $15.95 in Switzerland.

Not all VPNs provide access to the least expensive countries but there are many good deals to be had, although you do need a VPN that is able to bypass Geo-Blocks, the technology that subscription providers use to catch VPN users and stop them getting the best deals.

The third is HIDING YOUR LOCATION

When conducting an SEO review I have to appear as a random, anonymous, user when researching client sites. Unfortunately, due to the way that Google works, if I just use my regular browser, Google knows it’s me – even if I choose “Incognito” mode. This means that Google presents search results based on known likes, browser and search history and a wide range of other metrics – which is pretty useless.

So, I use a Browser that rejects cookies, stores no history and has a built in VPN. This ensures that I see results that are unfiltered, for the most accurate results. The Browser that I use for this is the Epic Privacy Browser and it’s free to download and use

I also have international clients and conducting a web search in the UK will show me results biased towards the UK. Again, by setting my VPN endpoint in the country I want to research it looks as though I am connected to that country and so I get to see search results from that country.

Some UK services, BBC iPlayer for example, block you from accessing shows and films when you are outside of the UK because they don’t have the necessary Copyright licenses to broadcast shows to the rest of the world. When on holiday abroad this could limit your access to entertainment. Using a VPN will help bypass this restriction.

Privacy

Many service providers on the internet use details from your internet connection to tailor services to you and target ads at you. A VPN will prevent them from attributing your browsing history to your PC/Phone although if you are logged in to Google, Facebook etc this becomes null and void.

A good VPN will also scan files as you download them, provide Ad Free results and ensure that there’s no data tracking or storing when you are searching.

So which VPN should I choose

As with all things technology related, the real answer is “it depends”. If you just want to anonymise your web browsing then browsers such as Brave (no VPN but blocks trackers and a lot of Ads) or Epic (the one with the inbuilt VPN – although it only has EndPoints in 8 countries) will be sufficient for your needs.

Probably the most well known VPN is provided by Nord and they regularly run a range of special offers. Their normal price is £94.35PA for a 2 year contract although this does enable you to use their VPN on up to 6 different devices. However, at the time of writing this is reduced to £33.65PA or just £2.49/month and you get an additional 3 months free (prices are exc. VAT)

Another leading VPN is SurfShark. Their “Unlimited VPN” package is currently just £1.74/month for the first 26 months and can be used on an unlimited number of devices

TunnelBear logo

My current VPN of choice is TunnelBear but for no other reason than when I signed up I got a lot of bandwidth for very little money. It has some limitations but none that I have found impact on my use

Google 1 VPN Logo

If you have a 2TB plan (or greater) storage plan with Google then you can use their free “1” VPN on phones (Android and iOS). However, it does mean that you are trusting Google not to look at your data as it passes through their servers. You also can’t control your EndPoint so it’s no good if you want to browser from different countries

VPN Drawbacks

  • Beware of “Free” VPNs because nothing’s ever free. A free VPN may come with ads and it might also sell your data on to unidentified third parties.
  • Free VPNs also may limit the Bandwidth they provide which will limit the downloads and streaming you can do.
  • Free VPNs may also limit your Speed which also makes them useless for streaming and downloads will take quite a while longer than you are probably used to.

And finally, if you have any VPN related questions then I probably know enough to be able to answer your question or point you in the direction of someone who can.

If you need assistance with your SEO, Email Marketing, Social media or any other type of online marketing activities then I can definitely help you so you really should get in touch – even if it’s just for a free consult. You can call me on 01793 238020 or 07966 547146, email andy@enterprise-oms.co.uk or book a slot using my calendar and we’ll take it from there

Broadcasting from your cave

I recently participated in a virtual networking session. There were more than 40 people attending and we were broken out in to virtual rooms to give us an opportunity to meet as many different people as possible. After going around the room making our introductions a variety of interesting conversations took place before being called back in to the virtual lobby and being put in to a different room with different people

Over all, the experience was really great, fun too. I met some interesting people, learned quite a bit and found the 90 minutes to be a great investment.

However, I was surprised by the number of people who really sounded as though they were joining from a cave, even if their backdrops showed something different, offices, kitchens, lounges, home offices and blurred back-grounds.

The poor audio quality really distracted me from their introduction and contributions. This might just be me – I do have an interest in audio quality after all. From quality music playback (Hi Fi) to sound quality at gigs, both from the audience and as a band member.

And, after all, it does seem that audio is important, the BBC, ITN, Sky News et all seem to think so too – they know that poor quality audio distracts from the message.

So why do people settle for poor quality. I suspect there are a couple of main reasons, the main one being that they don’t know what they sound like. It could be that they are not concerned what they sound like or they simply don’t know how to over come it.

Most of the problems are with laptops and people using the built-in microphone. When we talk in to it, the microphone picks up the direct sound. But it also picks up all of the echoes (reverberation – aka reverb) from the hard surfaces in the room, walls, windows, doors and hard floors. These reverberations hit the microphone fractionally after the main sound and continue to hit the microphone as echoes from different hard surfaces that are farther away. They also hit the other hard surfaces and are reflected (again) back in to the mic. Which is why people sound like they are in a cave.

But why don’t they hear it themselves? Because our brains are really clever at filtering out this reverberation and only picking up on our own voice – which is why people don’t hear what their own room sounds like.

The expensive solution is to muffle all the hard surfaces with sound absorbent panels. If you are Zooming from your lounge, your kitchen or a spare bedroom you might not want to go for “Recording Studio” chic which makes the alternative far more practical can cost effective.

You need an higher quality external microphone that you can plug in to your laptop or desktop and place closer to your mouth, either on a boom stand or desk mount.

This is where it gets challenging because there are hundreds, thousands of microphones to choose from – so where should you start.

First off, if you only want it to improve the quality of your Zoom, Teams call etc then you can look at the lower end of microphones and go for a USB device that can plug straight in to your computer.

If you are thinking about making some videos, or recording a podcast you’ll want something better. If you are still looking to only record one voice then a decent USB microphone will still suffice but if you want to record two or more people then you’ll want a microphone each – for the best quality. You can still use USB microphones but you will need a device to enable to connect both of them to your computer. Alternatively you can invest in a small, desktop, mixer – this is really territory for my forthcoming “How to Podcast” eBook but I touch on the subject below.

USB Microphone Option 1 -Tie Clip / Lavalier Microphones

This image has an empty alt attribute; its file name is Lavalier-Microphone.jpg
MOVO Lavalier Microphone is just £22.95 at the time of writing

As used by news broadcasters the world over. A lavalier microphone discretely clips to an item of clothing and can do a great job of improving sound quality

This Movo M1 is a great example, and it’s only £22.95 on Amazon at the time of writing. It’s genuinely “Plug and Play” so all you have to do is plug it in and select it as the microphone you want to use when making Zoom/Teams etc video calls.

With a 6m cable it doesn’t matter how far you are away from your computer, either

As well as the mic you get a clip to enable you to attach it to your tie (hence the name “tie clip microphone” but you can clip it to lapels, shirts and blouses too), and 2 foam windshields to help minimise wind (and breathing) noises.

Yes, you can buy cheaper but I wouldn’t recommend it.

USB Microphone Option 2 – Dynamic Microphone

A dynamic microphone is typically what you’ll see used on stage, by singers, at concerts. They are robust and offer great quality. A step up from an inexpensive Lavalier. There are hundreds to choose from, from well established brands – such as Shure, AKG and Audio Technica – which guarantee great quality – to a myriad of no-name Chinese brands which have no track record and which I wouldn’t trust.

This image has an empty alt attribute; its file name is Audio-Technica-ATR2100-USB-dynamic-microphone.jpg
Audio Technica ATR2100 – USB

This is why I am recommending this Audio Technica ATR2100 – USB which is £59.30 on Amazon, at the time of writing.

It’s actually a bit of a bargain because not only does it have a USB connection but it includes a socket for headphone monitoring, and a headphone volume control. If you make the next step and start having guests and you start using a mixer and multiple mics you can also plug this in to your mixing desk using the built in, professional standard, XLR connector.

Helpfully, for desktop recording it also comes with a desktop stand and three cables. USB C to USB C (so you might be able to use it on your Android phone), USB C to USB A to connect to your computer AND an XLR cable to connect to your mixing desk,

USB Microphone Option 3 – Condenser Microphone

This image has an empty alt attribute; its file name is Marantz-Pro-MPM-1000U-condenser-microphone.png
Marantz Pro MPM1000U

Condenser microphones (also called capacitor microphones) are the high quality microphones of the recording world. They can offer the best recording quality of all the microphone types so if you are really serious about recording quality then a condenser microphone is the one to go for, and yes, you can pay £thousands. But you don’t have too.

My current microphone that I have connected to my main PC, which I use for Zoom/Teams calls, and which I used for recording my first 150 or so podcasts is this Marantz Pro MPM1000U. Again, it’s a USB microphone, so it’s plug and play. At the time of writing, it’s £49.99 but I have seen it reduced to around £35.00 on many occasions. Sound quality is first rate and reliably has been superb.

This image has an empty alt attribute; its file name is Microphone-stand.png
Neewer Microphone Stand

It comes with the all essential USB cable but to keep the cost down, it doesn’t ship with a desktop stand so you should factor in £20 or so for one, this Neewer is £16.49 at the time of writing. And you do need a stand because if you try to hand-hold the mic every time you change the way you hold the microphone the sound will be carried across to your call.

Microphone Accessories you might find useful.

This image has an empty alt attribute; its file name is Boom-arm-microphone-stand.png
Neewer Boom Arm Microphone stand

In my little Podcast recording studio I have a small mixing desk, so I can use two or more microphones, boom arms for my mics – so they can be pushed up out of the way when not in use and pop filters.

Pop filters help reduce the plosive consonants, those that are made when words start with a P, B, T, D, K and G. They all produce a puff of air. You probably won’t notice them but your microphone will and they can totally overwhelm your recordings.

This image has an empty alt attribute; its file name is plosive-filter.png
Plosive, or Pop Filter

I use a small mixer too. It extends the range of microphones you can use (and the number too) and can also add tone controls, adding (or removing) bass, treble and sometimes middle frequencies add sound effects, such as reverb, echo etc.

Again, there’s a myriad of mixers to choose from. In fact it’s a potentially confusing and complicated market if you are new to it. I prefer well established European and US brands for their proven track records and ability to get repaired should they break down. My current mixer is a Studiomaster, but I’d be more than happy with the Behringer you can see on the right if I were starting out.

This image has an empty alt attribute; its file name is Behringer-ZENYX-Q802USB-Mixer.jpg
Behringer XENYX Q802USB Mixer

I use my mixer with a selection of microphones, a non-USB Marantz MPM1000 condenser, my new Shure dynamic microphone, my old (and trusty) Shure SM58 – as seen on stage used by the majority of artists – and a couple of other microphones, two boom arms and two pop filters.

And on the mixer front, you won’t find one that will take USB microphones and if you choose to make a different choice, remember to look for one with USB outputs to make it easier to connect to your computer.

If you need help with your audio recording, or Podcasting, you can always get in touch. Email andy@enterprise-oms.co.uk, phone me on 01793 238020, call (or SMS) 07966 547146 or hunt me down on my Socials, LinkedIn and Twitter, and I’ll be only too happy to help.

Help! I’ve got an invisible website, what should I do?

1/ Panic?

2/ Wait and Hope?

3/ Start Again?

4/ Call an expert?

You’ve had a website for years, you’ve just updated your website or you’ve just launched your website and are worried that your website is invisible and your customers won’t be able to find it. What can you do, what should you do and what must you do?

Don’t panic, this simple guide will take you through the steps you must take to ensure that Google can find your website in the online jungle, how to make your site visible in Google search and even point the way to creating a website that actually works, rather than just look good. And if all else fails, or you want to shortcut the process – just get in touch and I’ll step in and help out.

How does Google find your site?

A robot, but not a search engine robot
Not a Search Engine Robot

Let’s start with Google Search – used by over 90% of people who use a search engine, and that’s around 80% of web users so that’s a lot of people. Google uses software called Robots to scour websites. They send these Robots out on the World Wide Web to find as many websites as possible. They do this by following the links between websites, the Robots look at all of the pages they can find and take all of the information back to the massive Google database of websites, Google calls this database their “Index”.

If you don’t have any links (Backlinks) to your website there is a very real danger that Google will miss your site so you need to install the free Google Analytics website performance tool and sign up to the free Google Search Console. This brings your site to the attention of Google and guarantees a visit from the Robots. However, this does not guarantee that your site will feature in the search results – it needs quality, non-spammy content for that and even this does not guarantee a place ion the top pages. You need SEO for that

How does Google rate your site?

Google's logo. The target for SEO
The Google Logo

Google wants to understand the purpose of every singe page of your website. To do this, it needs to be able to visit every page. This requires good navigation links on your site AND, if you have a large site, the use of an XML Sitemap so that Google, and all the other search engines, can find all of your pages.

Then, once your pages are in the Index it’s ready to be found. When somebody searches for the services you provide or the products you sell, Google checks its Index for all the words that have been entered in the search box. It very quickly finds all of the pages in the Google Index and applies an algorithm to those results. The algorithm is a set of mathematical tools, instructions and filters that measures every page of each website by looking at more than 200 different signs and signals and the results that most closely match the search terms appear at the top of the Search Results Pages (Page 1) and the poorer the match, the farther down the results the sites appear. And remember only about 50% of search users EVER make it to Page 2 whilst just 10% make it to P3 and beyond. Making P3 a great place to bury bad news.

How do you make your website more visible

First off, make sure your website is fast (if it’s slow people won’t stay so it doesn’t matter how great, or naff, your site is you’ve already hampered your business). Then ensure that it’s full of great relevant content with positive calls to action. Your website MUST be for your site visitors and clients and “created to help users” – that’s directly from Google. This means that each page must be user centred and designed to –

  • share information about a topic
  • share personal or social information
  • share pictures, videos or other forms of media
  • express an opinion or point of view
  • entertain
  • sell products or services
  • allow users to post questions for other users to answer
  • allow users to share files or download software
  • provide something of similar quality
Google Analytics Logo, Analytics is essential for your website and SEO
Google Analytics Logo

Next up is to install the free Google Analytics tracking software that will help you understand how well your website is performing with your customers. Then authenticate with the Google Search Console, another free tool from Google that will give an insight into what Google thinks of your website.

By doing this, you bring your website to the attention of Google which means they know where to send their Robots to Spider your website and take everything back in to the Google Index.

Now it’s time to build your Google My Business (GMB) profile to help Google understand your NAP, that’s your Name, Address & Phone Number. Once you’ve completed your GMB profile you should register with a number of key web based directory websites.

In the meantime you should be adding fresh, new, relevant and search engine optimised content. That’s because people love new stuff, and so does Google – it informs Google that your website is active and your business is still trading. It also demonstrates your EAT to Google, that’s your Expertise, Authoritativeness, and Trustworthiness. If you are in the financial sector you need to be concerned with Google’s YMYLYour Money or Your Life.

YMYL content is content that impacts on a reader’s happiness, health, safety or financial stability which, if presented incorrectly, might have a direct, negative, impact on people’s lives

Writing something new about once a month should do it – keep your eyes open for my forthcoming post that’ll be all about writing great, search optimised, content for your website and if you need any help with your content, your SEO or anything else to do with your digital marketing, you know to do.

A big Thumbs Up for Social Media
Social Likes

And not forgetting your Social Media. Every time you create new content don’t forget to share it on your Socials. That helps spread the word and the right posts, of the right content, will attract visits to your website. Google Analytics will show you which platforms are delivering the best traffic. As well as your Socials, don’t forget email and video marketing as well as podcasts.

And if you don’t have the time or need professional help, I am just a call or an email away.

Call me on 01793 238020 or 07966 547146, drop me a line, andy@enterprise-oms.co.uk or book a free 40 minute consultancy session for an informal, free chat about your issues and how I may be able to help.

Domain Name Nightmares

I was reading the news a couple of weeks ago and was delighted to learn of a mobile pizza maker. Based in South Wales, they have their van, a wood fired pizza oven and serving counters and were ready to go. Providing wonderful, freshly baked pizza at a wide variety of locations. Parties, gigs, weddings etc.

Tasty slice of pizza. Not from the Welsh Italian Pizza Company
Tasty slice of pizza

Who was it? The Welsh Italian Pizza Company, that’s who. So why were they in the news?

For a lack of thought. They simply decided to use the company name as their web domain without looking at it in print first. Say it – the Welsh Italian Pizza Company, sounds OK doesn’t it. Now look at it, as they registered it for their website – https://welshitalianpizza.co.uk

All of a sudden their pizzas look a lot less appetising.

They are not the first to have fallen in to this domain name nightmare. It’s so easy to choose a new domain name, register it, build a website and start the marketing. However, if you don’t look at your domain name in print AND talk about it first you could find your self with something as problematic as the Welsh Italian Pizza’s

Phones4U logo

Something that looks good, or cool, in print may not sound so smart and something that sounds clever may not look like a wise decision when written down. I think I first thought about it when Phones4U (remember them) started really pushing their mobile phone stores. It looked cool in print, tapping in to the shortening of words that the young had chanced on so that they could make the most of the limited characters allowed in SMS messages (maximum 140 back in the day). It tapped in to the zeitgeist of the time. But imagine trying to communicate the domain name in a phone call. “Yes, just visit our website at ‘phones’ – with a PH not an F – unlike that other giant, Vodafone. 4, that’s the number four, the digit, not the word and U, the letter U not the word, dot com”

All of a sudden, something simple has become quite a mouthful and quite challenging to communicate. Thankfully, Phones4U were able to throw a vast amount of money at advertising, which must have gone someway towards overcoming this challenge. However, it didn’t stop them from falling in to administration in 2014.

Then there’s award winning, London based video maker, producer and director. He called his business Speed of Art, so went for https://speedofart.com. Not quite so clever now, although I don’t think the owner really cares because, the last time I looked, he’d retired. Not only is there a problem with the domain name, but part of his target market was large organisations and many of them would use filters to prevent employees looking at unsuitable websites. The speedo bit would be OK but I don’t think the rest would get through the filter.

There’s a London based Cloud computing accountancy solutions provider caller XERO (pronounced Zero). Yep, looks good in print but in their radio adverts they have to say “visit us at Xero.com with an X”, and then sound out the spelling, “X.E.R.O. dot com”.

There are loads more. However probably the worst was for a Californian therapy/therapist directory because everybody in California needs a therapist, right? But how do you find one? Well, you go the therapist directory website https://therapistfinder.com don’t you? Thankfully, they spotted their error (although not until a couple of years had passed) and changed it to https://therapist-finder.com, although the site is now defunct.

Along the way there have been some excellent spoofs too. There was the Italian Electricity Generating company, PowergenItalia.com. This was claimed to be genuine for a number of years but was eventually shown up to be a spoof. And finally, for now, corporate pen company, Pen Island who sell through https://penisland.net

Pen Island Pens

Domain names like this not only distract from the marketing but also cause SEO confusion because the search engines have to guess the words from the alphabet-soup of letters and yet the solution is simple, use a hyphen or two, and the intention is immediately visible, speed-of-art.com and pen-island.net for example.

The moral of this post is simple, when thinking of a new domain name, make sure that it looks good in print and is easy to communicate verbally and if it’s not, then go back to the drawing board.

I might not be able to undo any domain names that you have registered but I can certainly help with the majority of internet marketing issues that you have, so why not give me a call on 01793 238020 or 07966 547146, drop me a line, andy@enterprise-oms.co.uk or book a free 40 minute consultancy session for an informal and free chat about your issues and how I may be able to help.

Make your business Cyber Secure

In my previous post I wrote about the key Cyber Security threats that individuals and businesses of all sizes face. If you’ve not read it you can catch up here.

This time around I am going to review some of the key protective measures that you can take. Measures that will make your business harder to defraud, harder to hack and less likely to fall victim to Cyber Crime.

Let’s start with your website. Hackers around the world are queuing up to take over your website or to simply to bring it too it’s knees to stop it working so they can demand money to restore it to good working order. This latter approach is a Distributed Denial of Service attack – aka DDoS. (My previous blog describes a DDoS so I won’t replicate the description here, for brevity).

How do you stop a DDoS attack from bringing your website down

DDoS attacks are happening all around the world, right now, as you can see from this Cyber Attack screenshot

Chart of global DDos Attacks
From https://www.digitalattackmap.com

There are two approaches. You can choose a web host that has the necessary provisions in place to ensure that they have the connectivity and technology to make sure that DDoS attacks can’t prevent their web servers from running. They will use a variety of technology, including sophisticated firewalls, traffic filtering and DDoS defence systems. Not all web hosts offer such a high security level so you’ll have to shop around.

A better option, in my opinion, is to use a Content Delivery Network (CDN). A CDN uses many servers located around the globe. This means that if a single server location is targeted regular visitors are simply directed to the next nearest server, totally mitigating the threat. Another big benefit of CDNs is that they also mean that if your website targets different countries then visitors from those countries will connect to your web server that is closest to them – which ensures that your website is always delivered at the fastest possible speed – which benefits both the visitor and your SEO because no-one, not least Google, likes a slow website. Top CDNS are Cloudflare, Amazon Cloudfront and Microsoft Azure

Passwords

I know, I know, I am always banging on about Passwords but passwords are gateways in to PCs, Phones, Networks, your web host and so much more.

So, your gateway passwords needs to be really secure if you want to keep the hackers out – and you really do want to keep them out. You might think that there’d be no interest in your website but hackers are targeting every single website they can find. The UK’s National Cyber Security Centre recommend using a password comprising of 3 random words and a unique password for every site you access. I recently made a short video about this very topic

Firewalls

File:Gateway firewall.svg - Wikimedia Commons

A Firewall provides an impenetrable, unhackable barrier (provided it’s properly configured) between the internet and your computer or computer network.

Yes, Windows has a Firewall and it’s certainly better than having no firewall at all but, in reality, it’s about as much use as a chocolate fireguard. It’s just too easy to misconfigure, especially if you have a small network and have fiddled with the settings as you try to share files and folders from one PC to another.It might deter the casual hacker but won’t stop a determined one.

There are software firewalls that are provided by the same companies that sell anti-virus software. These are better than the Windows firewall but similar issues remain. Each device on your network has to have one installed and kept up to date.

A far better solution is to use a firewall appliance. A little box that goes between you, your internet router and the internet.

And talking about your router, the device that was supplied to you by your broadband provider. The router does include a Firewall but it’s a tad rudimentary, at best, and if you have’t set a secure password it will still be using the password and user name that it shipped with. This could be as daft as having “admin” as both the user name and password which makes as easy to access from the internet as it does from inside your home/home office or office.

And all somebody has to do is Google the make of router that’s used by broadband company X and the default user names and passwords are readily available. Targeted at those who might have lost their user manual but available to all.

These types of firewall are about as much use as a wall made of paper if you are running a business. It’s much better to invest in a dedicated firewall appliance.

The most popular are provided by Watchguard, SonicWall, Cisco and these prevent computers and networks from a wide range of Cyber attacks.

My set up looks like this. My office provider uses a Watchguard firewall in their comms room. I have a D-Link firewall in my office AND use the Windows firewall on my computers

VPN

Anonymous Collective Secret - Free photo on Pixabay

Imagine the scenario. You are in your favourite coffee shop and need to jump on their free Wi-Fi. You spot the password on a tent card on your table and fire up your laptop/Chromebook/tablet/phone and search for the Wi-Fi. There it is, right at the top “FreeCoffeeShopWiFi”. You click, you enter the password and you’re away.

You log in to your office email account, then your private email. Then a quick check of your bank account confirms that you have enough to buy that latest thing you’ve been after.

Later that day you check your emails. There’s an unexpected one from your favourite shopping site confirming a change of password – not something you remember doing – so you check your bank account. It’s empty, drained of everything while you were finishing your coffee.

What’s happened? When you logged in to the coffee shop WIFI you weren’t logging in to the legitimate account. Somebody had set up a clone inside the coffee shop, which you found and logged in to. The person behind the clone was “sniffing” all of the traffic going through their portable WiFi hotspot that they’d set up and were merrily pulling off websites, user names and passwords and happily started to spend other people’s money, including yours. This is known as a man-in-the-middle attack.

Could you have prevented it? EASILY.

File:VPN overview-en.svg - Wikimedia Commons

Just get yourself a VPN, they’re inexpensive but provide a very secure way to access the internet. Simply put, a VPN creates a secure, encrypted, private tunnel between your device (phone/tablet/laptop etc) and the destination website, (bank, email account, online shopping site etc). It doesn’t matter whether you are on a genuine account or a cloned account, your tunnel can’t be broken in to, your data is secure.

Another use of VPNs is when you work remotely and needs to access office files, remotely. A VPN will secure the data that moves between your office and your device and keep everything safe.

You might also use your VPN at home, just in case your neighbour is on your WiFi and “sniffing” your data.

And, finally, if you want to appear to be in a different country – let’s say you are on holiday abroad and want to watch BBC iPlayer content that is only available in the UK – you can use a VPN to give you a “point of presence” in the UK. Your VPN makes it look as though you are in the UK when in reality, it’s just the end of your VPN connection.

If you subscribe to a Google business service then you have free access to a Google VPN on your phones and tablets. If you don’t want to use that then some of the best are provided by ExpressVPN, TunnelBear and StrongVPN.

I use TunnelBear but am not an affiliate so if you sign up, there’s no benefit to me just added security for you

Not clicking

Phishing, SMSmishing and SpearPhishing emails are mainly designed to make you click on a link to visit a genuine looking but fake website where your log-in information can be harvested.

I’m going to be blunt – DON’T CLICK. If you think the email may be genuine you can either contact the sender (by phone or with a fresh email – not a “reply”) and ask them for clarification. If it’s a link to a website then enter the domain name yourself in your web browser, don’t click on the link in your email, don’t “copy” the link but DO hover over the link in your email program (it will have been designed to look legitimate) but hovering your cursor over it will show you where the click will actually go. It might look similar to the pukka site but won’t be. If the proper URL is company.com the fake address could look like company.com.fakesite.eu or company123987.com, for example.

Even if you believe the link to be valid, don’t click on it but either enter a URL you KNOW in your browser or search for the company. 99% of the time you’ll see that that your email is a fake, an attempt to extort you.

Fake News and Fake Reviews

Although you can’t prevent third parties from posting Fake News and Fake Reviews about your company, you can be on the lookout for the posts so you can take remedial action. Use tools such as Google Alerts and Drumup.io which can conduct keyword searches for your brand and alert you by email when something turns up that uses your brand or company name. Then you can see where the article has been posted and review it. If it’s obviously fake news you should post a reply AND contact the host of the review platform and advise them of this

Hacking

What can you do to prevent your devices and networks from being hacked?

File:Wallpapersden.com anonymous-hacker-working 1280x720.jpg - Wikimedia  Commons

You can use a Firewall to provide a secure “wall” between your network and the outside world. You can make sure that you have changed the default user-name and password and use a hard to crack password – something like the three random words recommended by the National Cyber Security Agency.

You should use biometric access controls, fingerprint or facial recognition on your phones, tablets and computing devices. You should be wary of emails and their attachments.

Ensure that your anti-virus programs are up to date and that Windows is allowed to keep itself up to date too.

You should consider encrypting your data, so if it is stolen then it won’t be of any value, or use, to anyone and you also need to be regularly backing up your computers and servers. AND don’t forget to regularly check that you can restore your backed up data. There’s nothing like finding out that your backups are corrupt, or discovering that you’ve not been backing up what you thought was being backed up, when you lose data. It’s too late then.

And finally, train your staff and keep their training up to date so they know how to identify potential threats and to whom they should share their concerns with.

Insider Threats

Office staff having a meeting
Office staff having a meeting

Insider threats are the most insidious. By definition, it’s people who you trust. So what can you do?

You should control what they have access to. Nobody outside the Accounts department (with the exception of some board members) needs to have access to financial systems, and files. Nobody outside of Sales needs to have access to details of ALL clients at all stages of the sales process. Give a lot of thought to who can see, and access, what.

Work hard to know your staff. Talk to them. Understand what makes them tick, their personal situation, without being creepily intrusive. Join conversations “around the water cooler”. Have an “open door” policy so that your people know they can bring their concerns to you.

You should also have a very clear policy on BYOD (Bring Your Own Device) where people are permitted to use their personal phones, tablets and laptops and can connect them to the company networks and Wi-Fi. Yes, it’s a great way to save money by allowing people to use their own equipment but it opens up a whole host of risks.

  • What are they taking home with them to “work” on?
  • What websites do they visit during work time whilst connected to the company network?
  • What security protection are they using on their private devices?
  • What Social Media platforms are they on whilst in company time and on the company network
  • What policies are in place to manage their use of external memory devices (such as USB sticks and external hard drives)
  • What files and folders can they access

Ultimately, you might decide that the risk is not worth the saving and simply provide all the equipment and tools that your people need to be able to do their job.

USB Memory

USB Memory Stick

As discussed in my previous Post, “Top Cyber Security Threats to YOUR Business“, USB storage devices can be an absolute nightmare. You must have a policy in place that covers how they are used. How/whether your employees can use their own, what the policy is in relation to found devices. How you will manage lost devices that might have company information on them and an overall policy with regards to USB ports.

I know of many companies that have simply banned the use of unauthorised USB connections (remember, connecting a phone or tablet to charge it means that device can also be used as USB storage to remove data or introduce a virus).

I even know of one business owner who used superglue to ensure that absolutely nothing could be plugged in to the majority of computers and servers in his business. Even I agree that that was an extreme solution but I get his point.

Ransomware

Ransomware normally arrives either as an attachment on an email or via a link contained in an email so, good email security and data hygiene will minimise the risk from this threat

Viruses, Trojans and other Malware

A computer keyboard & virus targeting Cyber Security on your computer

Again, most viruses and trojans infiltrate a business via attachments on Emails and links in emails. The attachments might look like PDFs, Word or Excel documents or pictures but they won’t be. They will either have embedded macros (Word, Excel etc) or mask their true type. Something that looks like picture.jpg might actually be picture.jpg.exe – a file that will be run when clicked rather than a nice picture that will open when clicked.

And rogue USB devices remain an ever present threat.

Avoiding a lot of these threats comes down to good email security and data hygiene although this will be reliant on good training, regular updates and reminders.

You might have a decent anti-virus application running on all devices (including phones and tablets) but it’s a constant war. The cyber criminals are always on the lookout for ways to circumvent security software so you still need to be alert to the threats.

And Ditch Microsoft Windows

Yes, I know. It sounds almost like heresy, but Microsoft does have a bit of a reputation for insecurity. Yes, it’s better than it was but, as the most popular operating system, it’s also the most popular target for hackers. It even has it’s own day of the week – Patch Tuesday, when all manner of updates are released, including security fixes. Apple Macs are better. However, as sales increase so does the hackers interests and it’s not as secure as some would like you to think.

So is there a solution?

Linux - Wikipedia

Yes, it’s called Linux. It’s been around more than 30 years, is properly free and very secure.

But don’t you have to be a bit of a geek to install, and use a Linux machine?

Nope, not these days. For most, it’s as easy as installing Windows AND it even looks, and works, a lot like Windows because that’s what we’re all used to. I run a Linux machine in the office and it’s uses Linux Mint – which is probably one of the easiest to come to terms with. And you can learn more about Mint, download it and learn how to install it here. Another popular Linux distribution is from Ubuntu and you can run Ubuntu from a USB stick if you want to give it a try without installing – oh and you can also create dual-boot scenarios where you can keep Windows, install Linux and simply choose which one you want to run when you boot your PC.

I am not a cyber security expert although I’ve done my fair bit, especially when working in IT support, and I do my best to stay up to date so feel free to send any questions you might have to andy@enterprise-oms.co.uk or give me a call on 01793 238020 or 07966 547146, Tweet me @AndyPoulton or contact me on LinkedIn and if I can’t help, I know some real cyber security experts that I can put you in touch with.

Thanks for reading and if you need help with your #SEO or any other element of of your digital marketing, please don’t hesitate to get in touch.

Andy Poulton
Chief SEO Officer
Enterprise Online Marketing Solutions

Top Cyber Security Threats to You & Your Business.

We are living through troubled times. Covid seemed to be under control, we were learning to live with it and we were starting to look forward to a quieter 2022.

And then Putin invaded Ukraine!

Computer log-in screen. Reduce the Cyber Security risk with strong passwords.

As a result of sanctions imposed on Russia by the West I have no doubt that the professional Russian Cyber Criminals have ramped up their activities. Not only to attack Ukraine but to attack western institutions for having the temerity to support Ukraine and actively punish Russia via sanctions.

I thought that my next two posts should focus on possible cyber security threats that this will pose. Why two posts? Simple – length and volume of information make it easier to take in of it’s split in two.

The first post, this one, will look at the threats we face as individuals and businesses when we use our computers and the internet. The second will took at ways that we can protect ourselves, and our businesses.

Although 100% security may be prohibitively expensive for SMEs most of us can do more to secure our data and reduce the risk from infiltration, theft, misuse and other malfeasances.

So, without further ado, let’s take a look at the top Cyber Threats that can be used against us, right now.

Distributed Denial of Service – DDoS

A DDoS attack is designed to bring a website, or internet connected system, to a standstill. Simply put, the Cyber Criminals will have gained access to a Botnet ( a network of internet connected devices that they have control over without the computer owners knowledge). They then issue commands to the Botnet to visit a given web address. When thousands of computers try to access a website the website grinds to a halt.

It’s analogous to closing a busy motorway and diverting all of the traffic on to a single lane, country, road. Very soon the road will be so full of traffic that everything grinds to a halt.

When the target website, or service, comes to a stop the hackers approach the website owners and demand a ransom payment, threatening to continue making the website unreachable until the ransom is paid. The busier the site the more it costs for it to be unavailable and the faster the owners are likely to pay.

As an example of this, in the last couple of years a major, online, bookies website was targeted. It was brought to a grinding halt for about 10 minutes. The criminals then contacted the company and identified themselves as the cause of the website failure. They demanded a ransom and threatened to bring the website to a halt over a significant betting weekend (Cheltenham Gold Cup weekend to be precise). For obvious reasons, it’s unknown whether the betting website paid up, or not.

Fake News

Fake news is insidious. Whenever something controversial happens there will always be people posting fake news, and reporting fake news, with the aim of either reducing the apparent severity of reported activity or distracting the news consumer, encouraging them to take their eye off the real story and try to get them to look elsewhere.

Fake news is difficult to ignore, by intentional design, and creeps in to every area of the media.

At a business level, it could be a competitor who posts positive fake news about themselves, to make them appear better than they are, or someone posting negative stories about your business hoping that they can reap the rewards.

Fake Reviews

Like Fake News, Fake reviews go two ways. Competitors, or people with a grudge, publish negative reviews on places like TrustPilot and Google reviews. Not only does this impact the public’s perception of your business but it can have a negative effect on your SEO, especially when it comes to Google Local, where part of Google’s decision making process is the quality of your reviews in comparison to your competitors.

The other way is for your competition to post fake, high quality reviews of their business to boost their business at the detriment of yours.

Hacking

Hacker Inside, like the "Intel Inside" logo - for Cyber Security

Frequently imagined to be conducted by aggrieved teenagers hacking/cracking websites from the depths of their bedrooms, hacking has evolved in to a massive industry. It’s escalated in to an activity that’s carried out at all levels, all the way up to state sponsored hacking where individuals & organisations are paid by, sponsored by, or simply work for, a county or an organisation.

At the state level they look to attack the infrastructure of a foreign country using the internet as their weapon. The goal being to take services off line, for example. Imagine an attack on a country’s power supply network that could just switching the electricity off.

At the business level, hackers look to break into individual computers, servers or networks. This would provide access to confidential information and intellectual property.

Imagine that you invented something that stood to give you an incredible competitive advantage and make your company a lot of money. Hackers could break in, steal the data and sell it on. It’s believed, for example, that the Chinese government had access to the secrets of US military giants for years. This enabled them to modernise the Chinese military far faster than if they had to do all their own research and development.

Hacking could also be used to plant false information on servers. Imagine a knock on your door, by the police, with a warrant for pirated material (or worse). They take control of your network – banning your people from it and bringing work to a halt – whilst they conduct their examinations to find said material. Whether they find anything, or not, you’ll be prevented from working for days, weeks, months, possibly years while they conduct their examinations. And if there’s whisper of wrongdoing to the media, whether ultimately proven or not, justified or not, your reputation could take a massive hit, from which it might prove impossible to recover from.

Insider threats

Insider threats are probably the most insidious because they are carried out by people you trust, your employees or partners. As well as stealing from you, someone inside your organisation could also conduct a cybercrime against you. It might be as simple as deliberately installing a virus from a USB stick (for accidental virus installation see “USB Sticks and other forms of removable/portable storage“) or opening up your firewall to external intrusion (see Hacking).

Without proper tools and tracking in place you’ll probably never find out where the problem came from, which could lead to repetition once you fix the problem for the first time

Malware

Malware is a generic “cover all” term for malicious software. It has been reported that Malware affects 32% of global computer systems. The goal of malware is to infect your computer system with malicious software with the aim of slowing down, or stopping, your computers and network.

As with a lot of other attacks, businesses that are affected by malware are likely to be approached by the perpetrators who will demand payment to stop the attack.

Phishing

Phishing is an attempt by an unknown third party to persuade to you voluntarily hand over essential log-in credentials for critical web sites (think of your banking info as a single example).

It starts, typically, with a genuine looking email that lands in your inbox, purporting to come from a trusted source. The email will contain a scary message encouraging you to log into your bank account, for example, because failure to do so would see you being “locked out of your account due to a security risk”.

To make it easier, the email also includes a “Click here” link. You click, you arrive at a page that looks like your bank, enter your user ID and password but you can’t log in.

And you can’t log in because it’s not your bank. If smart, the Phishing site (because that’s where you are) will automatically forward you to your actual bank page where you’ll try to log-in again, convinced you made a typo first time around, and this time, you get in to your account.

In the meantime you will have confirmed to the Phishers that you have an account with the bank they targeted AND gifted them your user ID and password. Even though most banks now require an additional form of authentication, getting the first two parts of the authentication chain is a great place to start.

Ransomware

Ransomware is the generic term that covers a wide range of attacks on computer systems with the aim of preventing their effective and proper use. The expected resolution is the payment of a ransom to make the attack stop. The only problem with this is that the criminals are passing on the details of companies (and individuals) who paid up on the premise that they paid once, so will probably pay again.

SMishing (SMS Phishing)

A SMish attack is an attack that starts on a mobile phone. The Cyber Criminals send you an SMS message that will encourage you to click on a link in the message. The link will take you to a website that has been set up to collect critical ID information. This might be bank account details in “payment” to “release” a parcel that’s been held up at the couriers, for example.

Spear Phishing

A Spear Phishing attack is like a Phishing attack but more focused. The criminals won’t be targeting random individuals but will have done their research and will target named individuals within an organisation.

The targeted person (let’s say they are a manager in accounts) will be sent an email, purporting to come from an internal department, asking for an expedited payment to XYZ company for ABD services/supplies/components etc. The payment is made – only it’s not for services etc it simply goes straight in to a bank account operated by criminals.

Trojans

A Trojan attack, named after the Trojan Horse of Greek mythology is where a criminal distributes a piece of software that looks legitimate but harbours a nasty surprise. You’ll typically find Trojan Horse software on the internet, hiding behind hacked websites. You might search for something specific, picture editing software, for example, and come across a website giving away something that seems to do everything you need – for nothing.

Keyboard with "Help" instead of an Enter key for Cyber Security

You click, after all it doesn’t cost anything so where’s the danger. These’s no demand for bank or credit-card details and it doesn’t cost anything so you click to download. After all, where’s the risk?

You download the software, navigate to your downloads folder and click to install. You screen might go blank for a very short time but soon comes back. There’s no evidence of anything being installed, or anything else happening, so you assume the download is broken. Do you download it again or try something else? Most people will look for something else but the damage has already been done.

In the background, unbeknownst to you, the malicious software has installed itself, and hidden itself so there’s no record of it’s installation. If clever, it might even have disabled your antivirus protection too.

Your computer might now be added to a Botnet to be used in DDoS attacks or might be capturing every keystroke you make – including credit card and banking details, and surreptitiously send them back to the criminal who distributed the software,

USB Memory Sticks and other forms of removable/portable storage

Occasionally, when out and about, perhaps enjoying a coffee in your favourite coffee shop, you might come across a USB memory stick or memory card that someone has “forgotten”. You might ask at the counter whether they know who left it behind but they probably won’t have a clue so you take it back to the office, or your home.

Laptop surrounded by a wall for Cyber Security

Gleefully, you insert this new trophy into your computer, perhaps to see how large it is, perhaps to see whether you can determine the identity of the owner in the hope that you can return it to them. Or you might simply want to be nosey and see what’s on there.

Whatever your reason, it’s too late. The software that was set to autorun when inserted in to a computer has installed itself on your PC and is now running maliciously, in the background. Either letting an unknown third party take control of your computers and network or sending all your keystrokes back to some criminal.

Virus

Computer viruses are the most common form of cyber security threats out there. They land on your computer as an email attachment that you have been encouraged to click on (perhaps an innocent looking document for example) or pushed down on to your computer when you visit an infected website. As with other threats, you won’t necessarily know you have been infected until they do their dastardly deed. The smarter viruses can circumvent some of the best anti-virus systems and can remain hidden whilst they conduct their criminal actions. Stealing data, monitoring keystrokes and feeding them back to a cyber criminal, for example.

What should you do

Part two of this email will go in to preventative and detective measures in more detail. However, for now, the guidance is simple. Trust no one. Any email that arrives that has a hyperlink or an attachment, no matter who it comers from, should be considered suspect. Don’t click the link or the attachment unless you trust the source, were expecting it or have validated it in a different way.

Don’t plug-in “found” USB drives and memory cards, don’t visit websites on a whim and make sure you keep your anti-virus software up to date, allow Windows (if you are a Windows user) to install Windows updates and please , please, please make sure your firewall is up and running.

And finally, the pitch.

If you need help with your Cyber Security I can help and can even point you in the direction of a really excellent Cyber Security company if you need more in-depth help and support.

Get in touch – even if it’s just for a free consult. You can call me on 01793 238020 or 07966 547146, email andy@enterprise-oms.co.uk or book a slot using my calendar and we’ll take it from there

Why SEO is important for almost every business

Search Engine Optimisation, aka SEO, the process of editing your website to ensure that it meets the requirements of the search engines AND delivers on your customers’ needs and expectations.

SEO should be a key part of your marketing strategy.

What is SEO?

Search Engine Optimisation is the the process that is undertaken in order to make your website search engine friendly. This makes it easy for all search engines to fully understand your business, your services and/or your products so that your website can feature in the search results when somebody is searching for the things you do, the services you provide or the goods you sell.

But it’s not quite as simple as simply being listed. I work at Search Engine Optimisation and if you do a search for that, Google comes back with nearly 23 million results. And with no more than 10 free results on a page that’s a potential of 2.3 million pages of results.

Obviously, nobody is going to go through 2.3 million pages – there’s a limit to how far people will go. In fact only about 1 in 2 (50%) of us will ever make it from Page 1 to Page 2 and only around 10% (1 in 10) will go to Page 3 and beyond

Graph showing Search Engine Optimisation success

And that’s why, when people talk about SEO they talk about trying to get your business on to the first page of the results, because that’s where all the eyes are.

But it’s not quite that simple, either. Although a Page 1 result is great, the higher UP the results you are the better it gets. In fact, over 50% of the clicks on Page happen take place on the TOP 2 results and over 75% take place across the TOP 3 results with just 3% of clicks happening for the result at the bottom of the page

Graph showing SEO results, clicks Vs position on page

And this is why, when people try to pitch SEO to you, they focus on getting your site on the First Page, and as high up the First Page as possible.

But there are NO GUARANTEES. The position you reach (which will change over time simply down to the way the search engines work) is both a function of your Search Engine Optimisers knowledge, diligence and ability AND how well your competitor’s sites have been optimised. You are not in a battle for perfect optimisation (hint, it probably doesn’t exist) but simply to be better than your competitors.

Even more importantly, you should NEVER lose sight of the simple fact that the search engines are simply a means to an end. They are one of the key ways that customers (both potential and existing) find your business business website BUT it’s what the visitors do whilst they are on your site that is the most important thing. If everybody that arrived from the search engines simply leaves straightaway then you have gained nothing, no matter how good your Search Engine Optimisation is.

Which is why your focus really should be on producing a website that meets the needs of your visitors.

  • Is it fast to load (under 3 seconds)
    • Test your website here
  • Does it work on a small screen
  • Is it easy to navigate
  • Is it easy to read
  • Does it talk about benefits rather than features
  • Does it feature clear Calls To Action
    • Does it tell the visitors what YOU want them to do?
      • Buy Now
      • Subscribe
      • Contact Us
      • Book Now
      • etc.

Hit those buttons and you are well on your way to having a website that visitors will like and will actually do what you want them to do. And, finally, if you are converting more than about 1-2% (1 or 2 in every 100) visitors then your website is doing really well.

And that’s why you need Analytics – if you don’t know how well your website is performing then you haven’t even crossed the start line. But that’s a conversation for another day.

And finally, the pitch.

If you need help with your SEO, Email Marketing, Social media or any other type of online marketing activities then I can definitely help you so you really should get in touch – even if it’s just for a free consult. You can call me on 01793 238020 or 07966 547146, email andy@enterprise-oms.co.uk or book a slot using my calendar and we’ll take it from there

14 SEO Myths

I started providing SEO services in 2001 and things were a lot simpler than they are now. Back then it was all about keywords. Keywords in the Keyword Meta Tag, keywords in the Meta Title and Meta Description and Keywords liberally scattered throughout the content.

Then people came up with ways to “game” the system, to effectively cheat the search engines into giving them a better result than they were probably due. If you’d like to learn about one of these Black Hat techniques you should read my post on Keyword Stuffing.

Since those early cowboy days of SEO, many things have changed. The profession has cleaned up its game (although Black Hat SEO still exists if you want to cheat the system and eventually get kicked out of the Search Engine Results Pages – SERPs) and the search engines regularly update their algorithms – the software that decided where a website deserves to sit in the Results pages.

As things have changed, the number of SEO myths has grown and these are the ones that I most frequently encounter

SEO Myth 1 – It’s no longer about keywords

This has been around for a while now. Not only does Google examine more than 200 “signals” when ranking websites it frequently tweaks theses “signals” to ensure that you and I get the most relevant results for our searches. Every time something changes, a crowd of people claim that “Keywords are dead” or “SEO is dead”. Well, I’m here to tell you keywords are NOT dead and neither is SEO.

In fact, keywords are the fundamental rock on which all SEO is based. There’s no magic or mystery about them, they are simply the words you and I enter into our web browser when searching for something and so it’s critical that these words and phrases are embedded in your website, in the places the search engines look. This enables Google, Bing, Yahoo, Duck Duck Go, etc to match searches to relevant websites

SEO Myth 2 – it’s ALL about keyword density

If you carry out a web search for “Keyword Density” you’ll find a number of sites telling you that the ideal keyword density is between 4 and 5%. This means that for every 100 words on your web pages, 4-5 of them should be keywords.

Please don’t pay ANY attention to this. If you do, you’ll fall foul of one of the cardinal rules of web development, that your website is for the visitors to your site and search engines are simply a tool to deliver those clients and prospects to your site.

If you focus on keyword density, and other SEO focused metrics, you’ll have switched content focus from creating great content for site visitors to creating content for the search engines and your content will suffer. I have worked with many sites that have fallen down this particular rabbit hole. Their site has ranked really well in the search results, the search results have delivered many visits but those visitors have left the site very quickly (Bounced in Google Analytics terms) because the content wasn’t focused on their needs.

Back-links, hyperlinks published on third party websites that bring people to your website are the foundations on which Google was built. Originally called “Back Rub”, Google originally ONLY ranked sites based on the volume of backlinks. The thinking was pretty simple. If I link from my site to yours then I must believe that something on your site will be of interest/value to visitors to my site and, like any good democracy, the more votes (backlinks) your website has, the more popular and better it must be.

When Google was launched, backlinks remained a fundamental way that it ranked websites (and it remains so today). As a consequence, a whole industry built up around providing backlinks, including “Link Farms”. Web pages that just looked like phone directories, with each page simply featuring hundreds of links to websites. In the early days, this was quite successful and you could buy thousands of links for a few hundred dollars.

That was until Google realised that quality was far more important than quantity and started analysing where the backlinks originated. From then on, purchased backlinks became a major no-no. Backlinks MUST be relevant, so a link from your local butchers to a website providing marketing services is not relevant, for example.

For the butcher’s example above, it’s not likely to attract a direct penalty but will probably just be ignored by Google so the effort expended on acquiring that link will have been wasted.

If you take it to the next level and start purchasing links, Google WILL find out and your website will be penalised by being pushed DOWN in the results pages. This could be critical, with only 50% of search engine users ever going beyond the first page of results and just 10% making it to page 3 and beyond, a demotion to page 5 is almost as bad as being deleted.

Myth 4 – posting the same content on many different sites will boost your ranking

“Back in the day” it was common for a blog article to be posted on a number of websites that claimed to be regularly visited by journalists, and so promised a lot of “eyes on” fresh articles. The publisher’s dream was that they’d be contacted by journalists for more information. The goal being to be mentioned in an article that gets published by the national, mainstream, media amplifying the visibility of the business. The reality was than no journalists visited these sites and the actual goal was to simply build backlinks.

As Google improved its technology it recognised these for what they were, backlink building opportunities, and woe betide your website if you had had the temerity to pay to have your post published.

From here, another myth developed, that multiple placements of identical content will be penalised. Myth 14 explains this one in more details

SEO Myth 5 – You have to write at least 1,200 words on every page for optimum SEO

If you read enough posts about SEO you will ultimately come across one that talks about the number of words contained on pages that come up in Position 1 on Page 1 of Google’s search results pages. (The holy grail of SEO if you like).

Typically they’ll tell you that top pages contain 1,200, 1,600, or even 2,000 words. That’s a LOT of writing, but don’t despair. You don’t have to write so many, or you can write many more. The reality is that there is no magic “ideal” word count that will get you on the first page of the search results. It’s much more about relevance and quality.

Look at it this way. If I tell you, or you read, that your page has to contain 1,200 words, you’re going to write 1,200 words no matter what. And if you only need 600 then your page is going to be so full of padding and filler that even were your page to feature highly in the search results and attract loads of visits, no one is going to read it.

And at the other end of the scale, if you actually need 3,000 words to get your message across and you’ve heard that the ideal page is 1,200 you’re going to edit the heck out of your content and you’ll probably remove most of the value. So, again, even if your page features highly in the results and you get loads of visits, most won’t stay because the content doesn’t make a great read.

What’s the solution?
The simple solution is to write as many (or as few) words as you need to communicate your message and sell your idea. My only caveat, if you have to write a lot of words you either need to be a very good and persuasive writer OR hire a copywriter to do the work for you.

SEO Myth 6 – SEO is dead

At least once a year someone pontificates that “SEO is dead” and I worry about my future. Then I relax and realise that SEO has quite a few years to go yet. it’s a long way from being an Ex-SEO, left this mortal coil, kicking up the daisies and every other quote from Monty Python’s “Dead Parrot” sketch.

Work is required, and will always be required, to ensure that your website is as #SEOFriendly as possible so that it appears as high in the search listings as possible and drives sufficient traffic to your website

Headstone with the words "RIP SEO"

SEO Myth 7 – It’s all about Social Media these days

It’s really easy to believe, that with over 2.3Bn active users, Facebook has removed the need for a website and so SEO is no longer required.

If you follow this path, you’ll be missing out. In the UK about 32m people use Facebook. With about 90% of the UK population using the internet, ( that’s about 58.5m people) you’ll be missing 26.5m people.

And that’s just the people who don’t use Facebook Lots of Facebook users (about 70%) still turn to search engines when looking for the things they want or need. So, it’s not all about Social Media, if you just do Social, then you are missing a huge audience.

SEO Myth 8 – Pictures don’t do anything to help your SEO

Although the search engines are slowly rolling out Artificial Intelligence to help then understand the content of a picture, your images contribute greatly to the optimisation of a web page.

However, you need to optimise your pictures properly. The file size has to be small enough so as not to slow your pages down, need to have SEO optimised image names, AND have optimised Alt Tags. Sign up for my newsletter and you’ll receive my free e-Guide to image optimisation.

#UseMorePictures

SEO Myth 9 – SEO is a secret magic masked by smoke and mirrors

When SEO was growing in awareness, a lot of people delivering the service hid their actions behind smoke and mirrors, making it appear as if it was something mystical, something that could only be implemented by members of some deeply secret inner circle.

I think the main reason for this was to mask their techniques (some of which may have been gaming the system for quick results but which would lead to penalties being applied) AND so that these cowboys could charge more for their services.

The reality is that EVERYTHING you need to know is “out there” on the internet if you know where to look and who to trust. But do you want to spend time learning about SEO, sorting the wheat from the chaff and then learning how to implement it on your website AND keep it up to date or would you rather bring in someone who knows what they are doing, leaving you to do what you’re good at? Running your business, converting leads into sales, and making a profit?

SEO Myth 10 – It’s not a problem if your website is slow to load

Website Speed Test Results

It’s a HUGE problem if your website is slow to load. 3 seconds is the goal – why?

The internet has robbed people of their attention span. Most people simply won’t wait any more than 3 seconds for a web page to open. If it’s slow, they’ll simply go elsewhere.

And it’s worse than that. You have about 2/10s of a second for people to “Get” what your site offers and if they don’t “get” it almost straight away, they will head off elsewhere.

Because of this, Google will push slow sites down the results pages. After all, thee’s no point sending people to a website if all they are going to do is come back to their search results to go somewhere else.

A slow website is one of the reasons behind a high Bounce Rate in Google Analytics

SEO Myth 11 – You Must have perfect SEO to rank on Page 1

With Google examining more than 200 “signals” to determine where your site comes up in the search results pages, and the majority of those being known ONLY by Google thee is no way that your SEO can ever be perfect.

And you don’t have to be perfect, you just have to be better than your competitors. That’s why I’ll look at your competitors if I am working on your SEO to see what can be done to beat them.

And if you strive for perfection, you might never get anything completed. remember, perfection is the enemy of good.

SEO Myth 12 – Running a Google Ads campaign will boost your SEO

Google Ads and Google Search are two totally separate parts of Google and there is NO interlinking at all so running a large (or small) Google Ads campaign is NOT going to improve your SEO.

It will, however, give you a quick opportunity to get your business to the top if the first page of search results (In the Ads section) if you need quick traffic to your website

SEO Myth 13 – SEO is a one-time thing

No, no, and thrice no. SEO is constantly changing and you (or your search optimiser) should constantly be looking for ways to improve your SEO. After all, if you started out and were better than your competitors (See Myth 11) and they improve their SEO, they will outrank you so you need to stay on top of things.

SEO Myth 14 – Google will penalise your site for duplicate content

Myth 4 looked at the posting of content on a variety of websites with the aim of building backlinks to your website.

From this came conversations that if Google caught you doing this then they would penalise your website. This simply isn’t true. However, a very real danger of having multiple copies of the same thing is that it will dilute your search results because Google won’t know which is the most important page.

So, examine your content, and if you have more than one copy of the same thing then you need to let Google know which is the most important and the Canonical tag is the way to do this.

A canonical tag (aka “rel canonical”) is a way of telling search engines that a specific URL represents the master copy of a page. Using the canonical tag prevents problems caused by identical or “duplicate” content appearing on multiple URLs

Thanks for reading and remember, if you have any problems with your SEO please don’t hesitate to get in touch. I’ll be only too happy to answer any questions that you might have

Find me:         https://www.seo.enterprise-oms.uk/  |  andy@enterprise-oms.co.uk
Follow me:     Twitter ¦ Linkedin
Phone me:      01793 238020 ¦ 07966 547146

Top SEO Tips for 2022

As I write this Christmas is just around the corner. That means that it time for some top tips for your SEO for 2022. Now is an ideal time to take a step back from your website and look at all the things that are to do working ON your business rather than the day to day effort of working IN your business.

Your website should be top of the list, giving it an SEO makeover, an SEO refresh or just an SEO tweak could pay dividends by making your site easier to find. After all, if it’s easier to find, then more people will come to visit, take a look around and get in touch or buy something (if you are running an ecommerce site.

Here are the top things that YOU can do to improve the Search Engine Optimisation of YOUR website.

Google Analytics Graph

1/ Monitor and Measure Performance

Following the trusted mantra of “If you don’t know where you are going, how do you know when you’ve got there” you MUST be monitoring the performance of your website. If you aren’t, then how DO you know whether the investment of time (and possibly money) is actually paying off.

You could be doing something that’s working but what’s worse is you might be doing something that is harming your website. Google Analytics is free to use and easy to get going.

Set it up on your website, understand what the data is telling you and check in regularly to monitor performance.

I know that Analytics isn’t the only performance monitoring tool out there, and if you are using something else – well done. At least you are using something.

2/ Performance Monitoring Pt 2

Once you have Analytic up and running, head over to the Google Search Console. This is another free tool provided by Google. Analytics looks at how visitors found your website and tells you what they did whilst on their visit and the Search Console tells you about HOW they found your site in Google Search (the actual words and phrases typed in to Google Search) and provides recommendations to improve your website.

Again, sign up, visit and learn about the data provided. Turn it in to useful information that you can feedback in to your website design and SEO.

3/ Website Structure

Get the structure of your website in to tip top shape – even if it means a bit of work.

Make sure your website is easy to navigate. Are you using language that’s easy to understand? Does each product or service that you provide have its own, unique, page and are similar products/services grouped together in their respective “families”.

All of this makes your site easier to use AND helps Google understand what it is that you provide.

4/ Keyword Research

Do your keyword research. Understand the words and phrases that your customers are using when they are looking for your website. The Google Search Console is a treasure trove of information but tools such as UberSuggest will also help.

Each page on your website MUST be uniquely optimised for the product/service that’s featured on the page and you should filter out the 3-4 top keywords for each page. Allocate no more than 3-4 key words per page. These are the words/phrases that you will be optimising the pages for.

5/ Where do the Keywords Go

Now that you know which key words/phrases are going on each page (you might find a Spreadsheet is a great way to mage the lists) then you need to ensure that these keywords are “woven” in to the page in the places the search engines check out. If the terminology confuses you, then check out my SEO Glossary of Terms

~ Meta Title & Meta Description tags
~Header Tags (H1, H2 etc)
~ Web Page URLS https://mywebsite.co.uk/service-type
~ Image and File Names
~ Alternative Attributes
~ File Download Names
~ Main page content, ideally in the first 50 – 100 words
~ Selected text in bold

Use the Google Search Console to identify third-party websites which Link to yours (backlinks). Conduct a backlink audit by checking every single one and make sure that you are happy with the quality of the originating site AND the relevance.

If you are a decorator, then a link from the local butchers has no relevance and it may be worth breaking the link. Check for unsavoury content and poor quality sites too – sites where there’s more adverts than proper content for example. Google will penalise you for this.

One of the key ways that Google judges the value of your website (and the higher the value the higher in the results your site will appear) is by the number of links that point towards your website from third party websites so you need to build links to your website. Not just any old link though. They MUST come from trusted, high quality sites that are relevant to your business.

So, no links from click baity sites, no links from pages that are 70% Ads and 30% content, no links from sites with poor quality (or scraped/copied) content and no links from sites that have absolutely no relevance to your business.

It’s NOT easy but hard work will pay off.

8/ Fresh Content.

Ensure that you regularly add NEW content to your website. It’s not a case of subtly rewriting content but it has to be fresh and new.

Why? There are loads of reasons.

a/ It keeps Google happy.
b/ It gives a reason for people to come back to your website.
c/ It gives people a reason to LINK to your site
d/ It provides you with content that you can use elsewhere – such as email newsletters, Social Media, podcasts, videos etc.

Imagine that you didn’t add anything new to your site – how would Google know you are still in business and why, therefore, should Google give you a good ranking on the Search Results Pages (SERPs)?

Your blog/news page is a great way to do this. You can even write specific content with SEO in mind but don’t over optimise. if you do you’ll be creating content that people won’t read – defeating the purpose of your website.

9/ Speed Speed Speed

Google site speed test showing 100%

Website speed, so important I mentioned it three times.

Your website MUST be fast. If pages take more than 3 seconds to open your visitors will leach away. We have NO patience when it comes to the internet, pages must open fast, both on desktop/laptops AND on phones. And if people don’t like slow pages, and leave almost straight away why should Google promote sites that it knows people leave almost straight away? And Google doesn’t.

Slow sites make their down the search results pages, exactly the opposite of what you need.

10/ Monitor Results

Monitor your results. Use Google Analytics, the Google Search Console AND carry out manual searches to see where your site come up. Keep a record (a spreadsheet’s one good way to do this) and keep working on your SEO.

11/ Have patience

SEO doesn’t have an impact straight away. It can takes weeks, frequently months to have an impact so don’t panic. SEO is a Marathon not a Sprint. And, if you’ve not seen a change in a couple of weeks DON’T assume that your SEO hasn’t worked. Keep at it.

Keep measuring, look at visitor sources in Google Analytics to see whether the visitors come from. Is the percentage of traffic from Google and the other search engines on the increase?

And remember, SEO is NEVER finished. You can always tweak, review and continue to make improvements.

12/ Mobile Phones

Most websites have been getting more than 50% of their traffic from mobile phones and tablets for years now. I would hope that your website is Mobile Friendly – and if it’s not, then it needs to be.

Google looks at the mobile version of your site FIRST.

Don’t take it on on trust that your site is mobile friendly, make sure that it is fast to load and easy to read.

Go to it on your phone, how does it look? Is it easy to read? Does it convey the right messages and is it easy to navigate? Can you even find the navigation?

And finally

If you need help with your SEO then all you have to do is get in touch. I’ve been working on SEO since 2001, so that’s more than 20 years, and have a good feel for what needs to be done. Not only that, but I talk in English and don’t use jargon. This means that I’ll be easy to understand when we have conversations and I won’t baffle you with bullshit. I’ll tell it as it is and if I don’t think I can help, I’ll tell you why.

It’s easy to get in touch. Google me, your Chief SEO Officer, reach me on Twitter and LinkedIn. You can call me on 01793 238020 or 07966 5471456 or email andy@enterprise-oms.co.uk. Alternatively, if you fancy a FREE, no obligation consultation then book a slot with me here.

You cannot be serious….

Green computer code on a black screen

…yes you can and you must be. But serious about what? About your passwords, that’s what. Like many others, I’ve been banging on about passwords for years and years and years. From a company that would put a new laptop on a desk for the user with the password on a post-it note attached to the lid to companies that shared passwords by email to people using easily guessable passwords the whole issue of password security is not going away.

And it’s causing major problems and financial loss.

In 2019, 80% of all data breaches which resulted in financial loss, were the result of compromised passwords whilst IBM have stated that the average cost of a data breach to businesses in 2020 was $3.86m so you can see stealing passwords (and other information) is big business.

But this post is not about the physical stupidities like leaving passwords lying around it’s about the passwords you and I use that are part and parcel of our day-to-day web access.

Every year a company called NordPass* evaluates the latest password data across 50 countries. They get this by examining a database of 4TB of data, all of these passwords have been nicked, stolen, and hacked. These security breaches are the result of hacking, phishing and other “nocturnal” cyber activities.

Passwords, credit card numbers, bank account details, usernames, dates of birth and other details are made available for sale on the Dark Web and this is where NordPass gets their seed data.

The Most Common Passwords 2021

And it seems that in 2021 little has changed. The most common passwords they found were

  1. 123456 (used a staggering 103 million times)
  2. 123456789 (46m uses)
  3. 12345 (33m uses)
  4. qwerty (22m uses)
  5. password (21m)
  6. 12345678 (15m)
  7. 111111 (13m)
  8. 123123 (10m)
  9. 1234567890 (10m)
  10. 1234567 (9m)

All of the above would be cracked in under one second. That’s how secure these passwords are

Apparently a “stunning” number like to use their own name – “Charlie” being the 9th most popular password in the UK whilst popular music acts and sports also have their own claim to fame. “Onedirection” being popular, along with “Liverpool” whilst in Canada “hockey” was the top sports related password and “dolphin” was number one amongst animal related passwords.

Hacker Inside

NordPass have mapped the data too and, according to their data 187,219,153 passwords have “leaked” from the UK, that’s an average of 2.785 passwords per capita.

How should you formulate your passwords?

Passwords should be 16 characters or more – a M1xture! of UPPER case, lower case, numbers and characters and should NOT be used for more than one account. They should not use ANY personal information, no address details, no phone numbers, no pets names in fact nothing that can be gleaned from social media and day to day interactions

Challenge to remember? You bet. Difficult to crack? Most certainly. According to How Secure is my Password 45Erp!VBN?1869y& will take 41 trillion years to crack.

I have over 250 passwords that I use so I have to use a Password Manager to store them. I use LastPass but many others are available, including NordPass’ own, and some are free. I suggest, though , that you use one that can synchronise across all of your devices, PCs, Macs, tablets, phones etc so that you always have your passwords with. A good Password Manager will not only store your passwords very securely but should also create secure passwords for you.

Go ahead and test your passwords using their secure tool.

I might not be a cyber security expert – but I know quite a bit and know some very good ones so if you need some help with your cyber security, your SEO or any other element of your online marketing activities then why not kick things off with a free consultancy session, drop me an email or just give me a call on 01793 238020 or 07966 547146.

In the meantime, be safe out here. The World Wide Web can be a dangerous place

*NordPass have a vested interest in password security – they sell a Password Manager