Why marketing is like the space race

Posted on May 1, 2020 by Andy Poulton

It seems that every week I am asked whether “X” would be a good thing to do, or perhaps “Y”. “What do you think Andy?”, “which path would you take?”

The reality is that even after 20 years of experience, I don’t know with any great certainty. All I can do is reflect on past experiences and understand how a particular course of historical action could be overlaid on contemporary actions and offer some thoughts and guidance.

The key question, though, is this. When it comes to most forms of marketing, how do we know what works and what doesn’t?

The reality is that we don’t – until we give it a try.

But before you try any form of new marketing activity you need to really understand your expectations. What do you want it to do and what do you NEED it to do. You should approach it with a plan in mind, the 6 Ws.

The 6 Ws

Who, What, Why, When, Where and hoW. There are loads of variations on a theme but here’s a simple example as to how the six Ws can help with the initial planning of your new campaign. And to use a cliche – “fail to plan, plan to fail”.

Who are you looking to reach (personas can really help identity and visualise your target market
What are you looking to sell to them
Why would they choose you as their supplier rather than your competition
When will they be ready to buy
Where will the marketing be posted/published?
How will the sale take place & delivery occur. How will you measure the performance.

You should always have a goal because, as the cliche says, “without a goal, how will you know when you have arrived”

The 6Ps could also apply – Proper Preparation Prevents Pretty Poor Performance

OK, I’m done with cliches, for now, back on topic.

I have worked with many people who strive for perfection. There’s nothing wrong with that, but the focus on perfection has a time and place. From a marketing perspective they

– have an idea
– create an outline,
– add flesh to the outline
– review it
– ask others to review their plan
– make changes to reflect people’s comments
– and go around the circle again & again

A camel is a horse designed by committee

Seeking absolute perfection can be a trap, the danger being that you want a horse but end up with a camel.

This often means that the plan at the end looks nothing like the initial plan, that the initial goals have become forgotten and the time taken to refine and finesse the plan means that key opportunities are missed or have made it likely that the plan will never be executed.

My preferred approach is to come up with the campaign aims, agree them with my client and quickly work back from there to understand the target market, which platforms they are likely to use and to understand the best ways to put my client in front of them.

I sometimes get it wrong. I’ll have explained my plans to the client and explained the risk. If a plan is going to fail I like it to fail fast. I accept that it’s OK for a plan to fail, it really is. However, this approach will only work with goals that are understood and research to understand why the goals were not met.

From there, you can take the learning, update and improve the campaign and go again.

So, Why IS marketing like the Space Race

NASA would follow the route to perfection. Testing each individual component of the Apollo program (for example) then they’d put some components in to a module and test the module. Then they’d put some modules together in to an assembly and test the assembly.

Then they’d put some assemblies together in to a stage and test the stage. Then they’d test the stages, assemble them in to a 365 ft tall tower of power and launch the rocket.

And even after all this testing there were still problems – look at Apollo 13, and the two Space Shuttle disasters for evidence.

Elon Musk and Space X take a different approach. Elon came up with the idea of a reusable rocket. It was designed, a rocket was launched – it failed. The reasons for failure were designed out of the next iteration. There was a different failure. The reasons were investigated and designed out and now launching, AND landing, Space X Falcon 9 and Falcon Heavy rockets is as near normal as you will find and progress continues.

At the time of writing Space X are planning on returning US Astronauts to the International Space Station using an American rocket for the first time since the Space Shuttle was withdrawn from service.

If you want any help with your digital marketing please don’t hesitate to get in touch for an informal chat by email (andy@enterprise-oms.co.uk) by phone (01793 238020) or ask me on Social Media – Linkedin or Twitter and I’ll be only too happy to talk.Thanks for reading and I hope you stay well

A day in the life of a search engine optimiser

Posted on April 22, 2020 by Andy Poulton

In these corona virus times I thought I would share a typical day with you. Because of the nature of my work, I am able to continue providing search engine optimisation and other digital marketing services which means that I continue to support to my clients – those who are still trading anyway.

My day typically starts at 8am which is when I get to my desk, boot the PC, switch on the radio (Nick Ferrari’s morning show on LBC) and go and make that essential first coffee of the day.

The first task of the day

The 1st task of the day is to open my dairy to see what appointments are upcoming, what preparations are required and how any meetings are taking place – a physical meeting, a phone catch-up, a video meeting etc.

Next, it’s a look at my To-Do list to see what’s on the agenda for the day.

The hunt for content

Then it’s time for a look at the news to see whether there are any IT/Marketing/SEO/IT Security stories worth sharing and then I start my proper hunt for content for Social Media.

Tools that I use include Drumup.io, Google Alerts, Search Engine Watch and Search Engine Land.

Drumup is like a search engine for articles. I save some keywords and it finds relevant news articles for me to share. I only use the free account
Google Alerts, another free tool, carries out the same process on Google. I save some keywords and Google emails me a list of new content that includes my saved terms.
Search Engine Watch is a website dedicated to search engines and search engine optimisation. It was where I learned a lot of my craft in the early days. It was started by Danny Sullivan who went on to found
Search Engine Land and now has a pretty high flying job with Google. With both sites, I look for interesting/helpful articles to share

I open each story or article from all sources in a new browser tab. I’ll simply hold the CTRL key down as I click – which forces my browser to open the clicked link in a fresh tab. Then I scan thorough each article to check quality and relevance before using another free tool, Buffer, to add the stories to my social media posting queue. This means that I can easily and quickly build a content list that will be shared by Buffer at a time of my setting.

I may also look at one of my pre-written “Top 10” hints and tips lists. Update the publishing dates, ensure the content is up to date and then upload the spreadsheet to Hootsuite where the platform will share the tips to the platforms of my choice at the times I have set.

Then I’ll repeat the exercise for those clients for whom I manage their Social Media activity.

Email Time

Now it’s Email time. I open Outlook and work through my emails. Spam gets deleted, urgent mail is responded to, acted on or added to my “To-Do” list – which is on paper. Even though I love my technology, and have tried numerous digital To-Do applications I still find that pen and paper works the best for me.

The To-Do list

Now it’s time for me to look at the top items on my To-Do list and start working through the day’s tasks.

Number one task every day is to log in to ManageWP where I have registered all the WordPress sites that I am responsible for. ManageWP has them all stored in a dashboard and reports which sites have plug-ins that need updating or whether any particular site needs attention.

Once any updates have been applied it’s now time for my second coffee and logging on to a site to start on the required search engine optimisation activity.

This could include a fresh scan of competitor websites to see whether there’s anything different that I should be targeting, another round of keyword research to make sure that I am targeting key words and phrases used by prospects and making sure that all the elements of the site are well optimised, particularly where the client has access to the site and may have added fresh content or swapped out images and a hunt for opportunities to build more backlinks

Second look at Emails

Before lunch I’ll take another look at my emails, delete all the junk, act on urgent ones and “To Do list” those that need action but which are less urgent.

It’s probably about 1pm by now and time for lunch. A poached egg on toast, a two egg omelette, a sandwich perhaps another coffee or glass of water, and a walk in the fields, weather permitting

After that I may turn to content creation, writing a blog post or an email or finding topics for my clients to write about that i can then provide an SEO “polish” to for optimum search engine responses.

I’ll look at the Google Ads, and other PPC accounts that I’m managing on behalf of clients. Making sure that the Ads are performing, that the key words are relevant and that the campaign is as well optimised as possible.

If I’ve written a marketing email I’ll get it approved by the client, upload it to MailChimp (my email platform of choice), make sure the address lists are up to date, create an email and send a draft to my client for approval.

Once signed off, I’ll schedule the sending, Early afternoon, middle of the week, for business clients and early evening, possible on a weekend, for retail clients. Timings determined by the optimum open rates.

The hunt for content continues

Time for an afternoon coffee and a swing back through various news sites, this time tech platforms such as

For tech related articles and Search Engine Watch and Search Engine Land again, just to see if anything new has been posted

Back to the Search Engine Optimisation

As we enter the middle part of the afternoon I’ll look another client website and look to repeat the SEO activities for them.

If I’ve received any enquiries for quotations or new proposals I’ll look to pull my thoughts together and send my proposal for consideration.

As the working day draws to a close I’ll take a 3rd look at my emails and respond to anything that can’t wait until the following morning.

I might email clients with ideas to improve their websites, carry out some more SEO on a site, perhaps register a client website with some web based directories and see whether there’s anything I can do to my own website to improve performance

Finally, I’ll update my To-Do list in preparation for the coming day, shut down my PC and have a quick tidy-round.

Staying in touch with clients and teams – the digital transformation.

Posted on April 14, 2020 by Andy Poulton

For years, technologists have been promoting digital transformation but corona virus, lock-down and working from home has really pushed many businesses to take a fresh look.

Lock-Down means that a lot of us are having to work very differently, working from home, whether from a home office, the dining table, the kitchen table or a bedroom dressing table or a shed at the end of the garden it’s all quite new

There’s no doubt that as a result of this forced, rapid, transition, many of us will find that continuing to work from home is far better than commuting to an office, warehouse, workshop or other business location. And, in the long term, everybody wins. No commuting means time saved, no travelling to meetings means time and travel costs saved and no travelling is much much better for the environment too.

There are a number of platforms that will help you to do this. Simple platforms such as Skype and Messenger are familiar to a lot of people, Google Hangouts and Microsoft teams are also in pretty common use but they often lack some of the features that make video-conferencing much easier.

Video Conference Options

The key features that I look for include

Maximum permitted meeting length
Screen sharing – so that I can share presentations etc.
Recording, can the session be recorded so that I can share it with the delegates for them to refer back to?
What services do the free accounts NOT have?

As an example, Zoom, which has really increased in popularity over the last couple of months has a Free account that allows video conferences of any length with 2 people but this drops to just 40 minutes for 3 or more but does permit screen sharing. However, there are concerns over the security of Zoom.

To overcome this, the Zoom Pro account at £143.88 + VAT annually increases the meeting length to 24 hours and provides 1Gb of cloud storage,

Webex, a Cisco product, is more secure. The free account limits the number of people in your call to 100, places no limits on meeting length but does not offer any recording and does not offer screen sharing.

The Webex Small Teams account, £135.00 + VAT PA adds screen sharing and recording to the free account.

Other providers of similar services include

Living through Corona virus times

Posted on April 2, 2020 by Andy Poulton

Email marketing, SEO, Blog and Social Media images

Times are tough, I know but having worked with companies through 3 recessions I know that some will thrive, some survive and others go to the wall.

Some will fail no matter what they do but for a lot of companies there are alternatives.

You can accept the status quo and roll with the punches OR you can fight for your survival.

My experience is that those who fight for their survival will come through the current situation fighting fit and with a great chance to thrive because they will be better than they were and they’ll be ready to leap on opportunities that have been left begging by those who simply accepted the status quo.

So FIGHT for your business and if I can help – get in touch.

Book a free 40 Minute, remote, consultancy

I have demonstrable success in the fields of SEO, Social Media, Email Marketing and much more.

All you have to do is get in touch for a free chat by LinkedIn message, email (andy@enterprise-oms.co.uk) Zoom, Webex, Skype etc

Ring Me: 01793 238020 07966 547146
Email Me: andy@enterprise-oms.co.uk
Find Me: Linkedin Twitter
Visit Me: Bowman House, Whitehill Lane, Royal Wootton Bassett, Wilts, SN4 7DB

SEO is for life, not just for Christmas

Posted on March 28, 2020 by Andy Poulton

I am frequently asked “when should I stop doing my SEO?” I suspect that this is because people are looking to stop either working on their website or paying somebody else to do the SEO on their website

The answer, which might not be easy listening for some, is that you can only stop when either you have taken over all of your competition, when all of your competition cease to exist, or Google stops updating the way it ranks websites and your business website sites at the top of Page 1

I agree that it would be great if one could create a website, ensure that it is fully search optimised, click “publish” and watch the magic happen as people flock to the website and make purchases or submit enquiries.

And a lot of businesses still think that this is the way that things should be done. Great thought, and money, is invested in the design, the content, the logo, the colurs etc but SEO tends to be at the bottom of the list.

I have lost count of the times that I have been asked to optimise a new website and spent time with the owner discussing the changes that are required to ensure that the site can be efectivly optimised, rather than just paying lip-service to the requirements.

Sometimes a root and branch rebuild is the only way forwards.

The reality is that SEO should be as an important part of the website planning, development and build as the thought put in to the logo, the colours used, the pages required etc. It should be there, from the beginning – not considered an afterthought.

And once optimised, many website owners think “that’s it, site optimised, job done”.

The problem is that it can take several months for the SEO to have an impact (see “how long does SEO take” for more info). And you will probably find that your site ins’t in the hallowed top spot on Page 1. Your site might not even be on Page 1 so more work will be required.

And while you are doing this, so will your competitors – they’ll be trying to beat your website and working on their sites so you will have to keep working on yours.

And then there’s all the changes and updates that Google makes to the way that it measures and ranks websites – you need to be on top of those in case any changes made by Google have a negative impact on your website. And Google makes, on average, 9-10 changes PER DAY, every day

You should ONLY stop your SEO when one of 3 states is reached

You take over ALL of your competition and prevent new startups from competing with you
Your business is so good that all of your competitors fail
You have reached the top of Page 1 and Google stops changing things

Daily changes to Google Search

In 2018 Google ran over 654,000 experiments. These will have been carried out by Google’s AI engines, trained external Search Raters and live tests. The outcome being 3,234 improvements to search, or 9 a day

We’ll never get to know, and understand, the majority of these improvements because most of them will be tweaks to the system. However, significant changes are often announced by Google or can be tracked by businesses interested in Google’s updates and quite a few people have published lists of known algorithm updates such as here, here and here.

The Competition

Carry out any search on Google and you’ll be presented with millions of results. Even a search for “jumpers for rats” returns over 6m results.

And we know, or should know, that a Page 1 result is all that really matters.

Why do Page 1 search results matter so much

That’s really simple to answer. Research shows that just 50% of Google users ever make it from Page 1 on to Page 2 of the search results and just 10% make it on to Page 3

Chart showing how many visitors to page 1 of Google and beyond. — *Image credit Backlinko*

Maintain, Maintain, Maintain. Keeping your site up to date

Once launched, your website is never “finished”. You need to be constantly checking to make sure that it’s performing as required, and investigating where it is performing poorly and put solutions in place.

You need to be frequently adding fresh content (a blog/news page for example), an “un-maintained site is a doomed site” as they say – and Google emphasise this on its Search Quality Evaluator Guidelines:

Some websites are not maintained or cared for at all by their webmaster. These “abandoned” websites will fail to achieve their purpose over time, as content becomes stale or website functionality ceases to work on new browser versions. Unmaintained websites should be rated Lowest if they fail to achieve their purpose due to the lack of maintenance.

In 20 years of SEO I have only had to re-skill myself about 20 times to stay current and up to date. The ONLY thing that hasn’t changed is that SEO is always changing. If your website fails to stay current then your website will wither on the Google vine.

The good sites will prosper, the poor sites – owned by lazy businesses – will be left behind. SEO is not just for Christmas

Find me: https://seo.enterprise-oms.uk/ | andy@enterprise-oms.co.uk
Follow me: Twitter ¦ Linkedin
Phone me: 01793 238020 ¦ 07966 547146

Corona Virus & Marketing

Posted on March 23, 2020 by Andy Poulton

SEO, Email, Blog, Social Media page header

Don’t make knee jerk decisions with your marketing budget.

Remember, In the middle of the storm it can be difficult to see anything but chaos but the storm will pass. Your best defence is to do everything that you can to still be standing when the storm passes.

The purpose of this post is to give you some marketing things that you can be thinking about during these troubled times and to make an offer that will save you £50.00 on one of my services so that your website can come fighting fit on the other side of the Corona Virus pandemic.

When I was working as a business consultant during the 2008 recession I heard of many businesses who chopped their marketing budgets as a reaction to the turn-down. They then wondered why they weren’t attracting any new business and as their competitors recovered they were left behind.

Businesses that I was working with at the time recognised that there was an opportunity to step in to the gap left by companies which appeared to have disappeared. They took more considered action, reduced their marketing budget and put plans in place to ramp marketing back up once it was clear that the recession was coming to an end.

This put these clients in a prime position and they went on to prosper.

In these troubled times this is the action that you should consider. I know that times are dark, and likely to get darker, but if we don’t think positively and plan to still be here when the Covid-19 pandemic recedes then I know that some of us won’t be in business when that time comes around.

The role technology plays in business continuation

Working from home, and in self-isolation, will be new to many people. Technology will have provided you with an opportunity to work from wherever you, and your staff, are with the only requirements being a device (desktop/laptop, phone or tablet) and an internet connection.

Cloud based audio and video conference solutions help maintain teams and enable client communications. Skype, Microsoft Teams, Zoom, Webex, Slack, WhatsApp and more prove both free and subscription options to communicate, train, make presentations and simply remain in touch.

As more of us work form home it’s likely that online search behaviour will change as more people mix business searches with personal during their working day.

How will your business cope?

As with any crisis, how your company responds is key, are you calm and taking action or are you panicking?

Either way, here are a number of things that you can be working on when faced with the current situation

Stay ahead of your competition

If you pause your marketing activities and your competitors don’t who do you think will be in a prime position when things begin to improve? Stay in touch with your clients using eMail, Video and Social Media, Keep an eye on search trends, are there any opportunities that you can make use of.

Remember that SEO is a long term strategy

I know that SEO is one of the services that I provide but it is worth remembering that it IS a long term strategy, taking weeks or months to have a proper impact so give your Search Engine Optimisation due consideration when reviewing your marketing budget. Google’s servers and algorithms won’t be taking a break.

Don’t buy cheap SEO

I know that it might be tempting to take up one of those “all you can eat” SEO offers at £75.00 per month but the risk to your business could be a lot greater than the small amount of money that you’d save. As the marketplace improves you could find yourself left with no rankings, no traffic to your website and possibly penalties from Google from trying to game the system.

Move offline marketing spend online

If people aren’t going out and about they are not going to be looking at advertising hoardings and billboards. They’re not going to be seeing “in-store” marketing either so think about whether you could shift some of your offline budget online to make up for this.

Understand search trends

By understanding trends in search you’ll be in an ideal position to leap on any opportunities and’or changes in direction. By keeping an eye on how people are searching you’ll be able to create content that meets the needs of those searchers. Google Trends is a really great way to stay on top of this

Produce more digital content

Consider using this as an opportunity to create those webinars you’ve been thinking of. By 2025 research is estimating that online learning will be worth about $158 Bn. Lessons learned now will be incredibly valuable going forward. Think about adding video conferencing and video calling to your communication options to reduce face-to-face meeting but stay in touch with key contacts, potential clients and your market.

Free 40 minute Website and SEO Consultancy

I’m still offering my Free Consultancy sessions and am more than happy to conduct them over the phone or by video link

Detailed Website and SEO Review – Special Offer

Save £50.00 on an in-depth website and SEO review

And if you want something to listen too, have a listen to some of my Podcasts, you can find them on Spotify, Apple Podcasts and my website.

Find me: https://seo.enterprise-oms.uk/ | andy@enterprise-oms.co.uk
Follow me: Twitter ¦ Linkedin
Phone me: 01793 238020 ¦ 07966 547146

Have you heard of The SMOG* Test?

Posted on March 15, 2020 by Andy Poulton

It’s nothing to do with clean air but IS all about the readability of your website.

Did you know that the average reading age in the UK is 12-13 years and that a significant number of visitors to your website may have English as their second language?

If you haven’t given this any thought then you are probably losing visitors and business because your words could act as an impenetrable barrier and you could be losing custom.

Not only that but Google take more than a passing interest in readability.

There is a simple tool that you can use to calculate the reading age of your site and you really should apply this RIGHT NOW.

All you have to do is go to www.read-able.com, copy some text from your website that you want to test and paste it in to the “TEST BY DIRECT INPUT”

Your pages will be parsed through 6 different tests [including the SMOG* test] and the individual results will be displayed together with an average.

Take a look at the Readability Test results

As you can see, the test results for the text that I pasted show that the reading age is 15-16 years and so a little owrk is required.

The results are provided in both age and US Grade Levels and you can find a simple Grade to Age comparison here.

Alternatively you could also try the “Drayton Bird test” by reading your content out loud. If it sounds like one side of a conversation the you are probably on the right track, if it sounds stilted and disjointed you need to go back to the drawing board!

How to make your text easier to read

If you need help with making your text easier to read you could turn to the free Hemmingway App for help.

In the screenshot, above, you can see that the App has highlighted areas for improvement, and as you make edits you’ll see the reading age on the right-hand side of the page reduce, and the highlighted text will start to disapear.

After a “first pass” you can see that the reading age has already come down. And if I paste this text in to Read-Able you can see that the reading age has fallen to 12-13, much closer to the target, and achieved without any Dumbing Down

And if you need any help with your website, search engine optimisation, social media, email marketing or any other form of online activity then all you have to do is #AskAndyP

Ring Me:   01793 238020 07966 547146
Email Me:   andy@enterprise-oms.co.uk
Find Me:   Linkedin Twitter
Visit Me:   Bowman House, Whitehill Lane, Royal Wootton Bassett, Wilts, SN4 7DB

*SMOG – Simple Measure of Gobbledygook

Safer Internet Day 2020

Posted on February 11, 2020 by Andy Poulton

1,2,3,4 is the start of The Beatles “I saw her standing there”, it’s the way you “declare a thumb war” and it’s also the first 4 characters of the worst password of 2019 – which is 123456.

11th February 2020 is the 17th “Safer Internet Day” and I’d like to make it a day where people change their simple passwords for something much more secure.

Why is it important?
Every day millions of websites come under attack, ranging from simple personal sites to complex e-commerce sites and online email service providers.

Just think about your information that’s out there, and what could happen if your business or personal security was breached.

What’s in your Gmail, Hotmail, Outlook.com mailbox, how valuable would that be to a cyber-criminal? What if they hacked your email account and sent emails to your contacts and connections, as you, then tried to use your email address for more nefarious purposes?

How about if, after hacking your email account, they used your credentials to try to

break into your bank account
hack in to your building society account
access your credit card account
use the info to set up fake accounts that they can then use to steal your identity, borrow money in your name and have it sent to their bank accounts,
buy products online that are delivered to them and billed to your address – the list goes on and becomes even worse if it’s business data that has been stolen.

Business bank accounts typically have more money in them with longer lines of credit, your servers may contain enough information for the cyber criminals to target your customers, there may even be ideas, designs and other pieces of Intellectual Property that could be sold or misused in a variety of other ways, all to your disadvantage.

You know it makes sense to have stronger passwords but a lot of people, as evidenced by this list, obviously can’t be bothered – maybe they deserve what comes their way?

Well I don’t think they do, which is why I’ve published this blog post as part of “Safer Internet Day” and I’d ask you to review your password policy, both internally and personally and follow these simple tips and guidelines to minimise your risk.

What should you do?

Don’t use the same password on every site you log in to, ideally, each site that you have an account with should have its own, unique, password. I know that sounds hard but it’s remarkably easy if you use one of the many, secure, password creation and storage sites. There are loads to choose from, some hare subscription based whist others are free. You can read a review of the top ones here.

Personally, I use LastPass, I started using it a number of years ago and find it invaluable in matters of internet security. Your password manager will automatically create strong and unique passwords and save them in your databank and automatically fill in the boxes whenever you are on one of your sites that require secure access.

Many also come as Apps for installation on your phones and tablets so that you can always access the sites you need to, whenever and wherever you are.

They run in your browser so that you can access your passwords and other log-in data from any internet connected computer, at home or abroad, on holiday or business trip – just make sure you remember to logout if you’re using a public computer.

If you don’t want to use an App then make sure your passwords are at least 8 characters long and are comprised of a mix of UppEr cAse and loweR case, 1nclud3 a numb3r or 2 and m@ke use of spec!al character$ wherever possible. You can check the strength of your password at HowSecureIsMyPassword

If you are concerned about any of the security aspects for your business, then send me an email, andy@enterprise-oms.co.uk or give me a call on 01793 238020 for a hack free, zero obligation chat and I’ll be delighted to see whether I can help secure your business from cyber criminals and make sure that you don’t become a victim, like Capital One did in 2019 where a hacker stole 100 million records that included names, addresses, post codes, email addresses, phone numbers, dates of birth, bank details and social security numbers.

Why would anyone want to hack my website?

Posted on January 30, 2020 by Andy Poulton

With the news that 30m credit and debit card details from US customers and over 1m sets of card details belonging to visitors to the US, have been put up for sale on the Dark Web following a malware attack against US convenience retailer Wawa I thought I’d take time out to explain why small businesses are just as at-risk from hacking as large organisations.

But first, let’s take a look of some of the major security breaches that occurred last year. According to Risk Based Security’s Data Breach Report there were 5,183 breaches by the end of September 2019 alone. These exposed more than 7.9 billion records. This was a 33.3% increase on the same period in 2018.

Here are some of the worst breaches.

Orvibo Smart home products – 2 billion records discovered on an unprotected database. These comprised of private individuals, hotels and businesses who were using Orvibo’s smart home devices. The data included email addresses, passwords, user names, family names and addresses.
Dream Market Breach – 617m online account details stolen from 16 hacked websites, including MyFitnessPal (151m). Data stolen included user names, passwords and email addresses.
Canva – 139m records stolen, names, user names, passwords, email addresses and location.
Capital One – 106m records hacked with names, addresses, credit scores, email addresses, dates of birth and more stolen.
Words with Friends – 218m records stolen, including names, email addresses, passwords, phone numbers and, where linked, Facebook ID info

However, these are just some of the ones that hit the headlines. Thousands don’t, particularly attacks on smaller businesses. Research indicates that nearly 70% of SME’s experience cyber attacks (Ponemon State of SMB Cyber Security 2018) but why SMEs?

I talk to many people who believe their businesses are too small to have anything of value to the hackers. However, the truth is that they are too small to have a dedicated cyber security officer/specialist and so are easy targets.

Let’s take websites – most businesses use WordPress – over 1/3rd of websites use it. There’s nothing wrong with WordPress but, as the world’s most popular web development tool, it is also the hackers main target. (A bit like the way Windows is targeted compared to Apple’s operating system – its all in the number of targets)

WordPress is pretty secure and there are Plugins to make it more so BUT you have to keep everything up to date. Keep WordPress up to date, keep your plugins updated too because if you don’t you might be leaving holes in your security for the bad guys to exploit.

But why would they?

Small companies are frequently connected to larger organisations and they might be a way in
Hacked systems can store illegal material
Hacked systems can be used in attacks on other websites (DDoS)
Hacked systems can host Malware
Hacked systems could provide access to valuable Intellectual Property
Hacked systems could provide easy access to other valuable data

Malware

Imagine you have a reasonably popular website. Hackers will look to gain access to your site and plant malware on it that will automatically download (and install) itself on the computers of everyone who visits your website. The malware could allow the hackers to record the keystrokes of infected machines, could enable the hackers to take remote control of infected machines or turn them in to storage depots for illegal material.

Imagine how your reputation will suffer when this comes to light.

Keystroke recorders
A keystroke recorder does what it says on the tin, it records every single keystroke made on a keyboard and secretly transmits it to a malicious 3rd party. This could be bank/card details, online shopping details, log-in user names and passwords, and much more
Remote Control – DDoS (Distributed Denial of Service Attack)
With the ability to remotely control your PC, and hundreds or thousands of others, malicious 3rd parties can “take down” target websites simply by overwhelming them with more web traffic than the website can cope with. Remember what happens to the Glastonbury website when the tickets are released – although not malicious the number of people desperate to get their tickets tend to bring the website to its knees as soon as tickets are made available

Imagine a bookmakers website going off line a week before a major betting event. They’d be contacted by the Cyber Criminals who will admit responsibility. The bookmakers will then be told to “pay up” or their website will be blocked again, much closer to “big day” and prevent bets being placed.
Illegal data storage
Imagine the scene. There you are working in your office and there’s a battering ram through the door followed by police storming in with a warrant to take ALL of your computing devices. Your business will grind to a halt but why have you been targeted? Simples, as the meerkats say – the police have identified one or more of your computers/servers as the source of illegal material. This could be pirated software, music, films or worse. In the worst case scenario this information hits the local (and possibly national media) and your reputation is trashed. And you may not even have been at fault!
GDPR
Under all of the above scenarios you’ll probably have to report the matter to the Office of the Information Commissioner (ICO) under GDPR. After investigation, If your security and procedures are found wanting then you might be liable for a fine. GDPR states that fines can be up to 4% of your turnover, and that’s no laughing matter

How do I prevent this happening to me

No security system is 100% watertight, there are just too many variables and access points. The closer you get to 100% the more expensive it becomes to close those last few security percentage points. However, like home security, your job is to make sure that your security is as good as it can be so that the bad guys choose an easier target.

Get in touch with a good IT company or Cyber Security company or you could #AskAndy. Drop me an email – andy@enterprise-oms.co.uk or give me a call on 01793 238020 and we can start the ball rolling. I know that I’m not a security consultant but I know quite a bit and can always point you in the direction of a trusted third party if you need more help.

New Year – New Security Resolution

Posted on January 1, 2020 by Andy Poulton

In December last year Tamara Ecclestone’s London home was burgled and jewellery worth £50m was stolen.

Leaving aside the fact that this is a phenomenal sum of money to have invested in jewellery only to leave it “lying around” there are many rumours as to the particular timing of the heist.

Just a few hours before the robbery took place, Tamara and her husband shared a picture on Instagram of them boarding a private jet.

As a billionairess it’s no doubt that people of a dubious background will have been watching her social media updates hoping for just such an opportunity. They will have lists of targets, important addresses and social media accounts and probably even have plans in place, ready for execution as soon as an opportunity presents itself.

So, think about the pictures you post to Social Media. What do they give away? All those photos of you sunning yourself on a beach somewhere warm and exotic tells near do wells that you are not at home. Photos of road trips tell people that you are not at home, or in your business.

You even need to make sure that there’s nothing in the background of the picture that can be zoomed in to that might give away something you’d rather kept private. An innocent looking photo taken outside of your house could, if zoomed in, give away your house number whilst previous, or subsequent pictures could give away your street name – for example.

If you are going away, and you are an important cog in your business, it could encourage scammers to target employees with fake emails requesting money transfers, payment of fake bills and invoices etc.

So why not make 2020 the year you strengthen your security fortifications. Make a start with passwords and email.

Conduct a password audit of everything AND everybody involved in your business.
Enforce the use of strong passwords and encourage the use of password managers
Make sure that you have a strong email policy in place.
Educate yourself and your employees on the tricks used by scammers-
- how to check whether a link in an email takes the clicker to a safe site or not
  Hint – hover your cursor over the link to see the full web address
- Ensure that the email comes from a trusted address. Is it from mycompany.co.uk or mycompany.co or myc0mpany.co.uk for example?
  hint – hover your cursor over the address or just hit “reply”
- Are there any obvious spelling or grammatical errors?
- Would you be expecting an email from this particular source?
- Does the email express an urgent response?

Don’t forget that people new to your organisation should also receive the same level of training. Always remember that “if it feels to good to be true” then it probably is

And if you are still unsure, look up the phone number for the company that you think the email is from and give them a call – don’t rely on the phone number that’s displayed within the potential scam email.

Watch out for more emails looking at security issues and if you have any concerns, please don’t hesitate to get in touch for an informal chat by email (andy@enterprise-oms.co.uk) by phone (01793 238020) or ask me on Social Media – Linkedin or Twitter and I’ll be only too happy to talk.

Thanks for reading and I hope you have a great, and secure 2020.